Blame - docs/dyn/dlp_v2.projects.deidentifyTemplates.html - platform/external/python/google-api-python-client

2020-10-06 16:46:05 -0700

[diff] [blame]

78

<code><a href="#close">close()</a></code></p>

79

<p class="firstline">Close httplib2 connections.</p>

80

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

81

<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

82

<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

83

84

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

85

<p class="firstline">Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

86

87

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

88

<p class="firstline">Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

89

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

90

<code><a href="#list">list(parent, locationId=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

91

<p class="firstline">Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

92

93

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

94

<p class="firstline">Retrieves the next page of results.</p>

95

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

96

<code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

97

<p class="firstline">Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

98

<h3>Method Details</h3>

99

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

100

<code class="details" id="close">close()</code>

101

<pre>Close httplib2 connections.</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

105

<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

106

<pre>Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

107

108

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

109

parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

110

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

111

The object takes the form of:

112

113

{ # Request message for CreateDeidentifyTemplate.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

114

"deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # Required. The DeidentifyTemplate to create.

115

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

116

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

117

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

118

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

119

{ # A transformation to apply to text that is identified as a specific info_type.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

120

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

121

{ # Type of information detected by the API.

122

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

123

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

124

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

125

],

126

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

127

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

128

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

129

{ # Bucket is represented as a range, along with replacement values.

130

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

131

"booleanValue": True or False, # boolean

132

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

133

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

134

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

135

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

136

},

137

"dayOfWeekValue": "A String", # day of week

138

"floatValue": 3.14, # float

139

"integerValue": "A String", # integer

140

"stringValue": "A String", # string

141

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

142

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

143

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

144

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

145

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

146

},

147

"timestampValue": "A String", # timestamp

148

},

149

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

150

"booleanValue": True or False, # boolean

151

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

152

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

153

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

154

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

155

},

156

"dayOfWeekValue": "A String", # day of week

157

"floatValue": 3.14, # float

158

"integerValue": "A String", # integer

159

"stringValue": "A String", # string

160

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

161

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

162

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

163

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

164

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

165

},

166

"timestampValue": "A String", # timestamp

167

},

168

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

169

"booleanValue": True or False, # boolean

170

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

171

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

172

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

173

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

174

},

175

"dayOfWeekValue": "A String", # day of week

176

"floatValue": 3.14, # float

177

"integerValue": "A String", # integer

178

"stringValue": "A String", # string

179

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

180

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

181

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

182

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

183

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

184

},

185

"timestampValue": "A String", # timestamp

186

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

187

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

188

],

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

189

},

190

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

191

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

192

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

193

"charactersToSkip": "A String", # Characters to not transform when masking.

194

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

195

},

196

],

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

197

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

198

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

199

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

200

},

201

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

202

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

203

"name": "A String", # Name describing the field.

204

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

205

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

206

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

207

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

208

"wrappedKey": "A String", # Required. The wrapped data crypto key.

209

},

210

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

211

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

212

},

213

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

214

"key": "A String", # Required. A 128/192/256 bit key.

215

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

216

},

217

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

218

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

219

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

220

},

221

},

222

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

223

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

224

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

225

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

226

"wrappedKey": "A String", # Required. The wrapped data crypto key.

227

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

228

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

229

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

230

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

231

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

232

"key": "A String", # Required. A 128/192/256 bit key.

233

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

234

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

235

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

236

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

237

"commonAlphabet": "A String", # Common alphabets.

238

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

239

"name": "A String", # Name describing the field.

240

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

241

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

242

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

243

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

244

"wrappedKey": "A String", # Required. The wrapped data crypto key.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

245

},

246

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

247

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

248

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

249

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

250

"key": "A String", # Required. A 128/192/256 bit key.

251

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

252

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

253

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

254

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

255

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

256

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

257

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

258

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

259

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

260

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

261

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

262

"name": "A String", # Name describing the field.

263

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

264

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

265

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

266

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

267

"wrappedKey": "A String", # Required. The wrapped data crypto key.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

268

},

269

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

270

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

271

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

272

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

273

"key": "A String", # Required. A 128/192/256 bit key.

274

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

275

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

276

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

277

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

278

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

279

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

280

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

281

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

282

"booleanValue": True or False, # boolean

283

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

284

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

285

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

286

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

287

},

288

"dayOfWeekValue": "A String", # day of week

289

"floatValue": 3.14, # float

290

"integerValue": "A String", # integer

291

"stringValue": "A String", # string

292

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

293

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

294

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

295

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

296

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

297

},

298

"timestampValue": "A String", # timestamp

299

},

300

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

301

"booleanValue": True or False, # boolean

302

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

303

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

304

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

305

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

306

},

307

"dayOfWeekValue": "A String", # day of week

308

"floatValue": 3.14, # float

309

"integerValue": "A String", # integer

310

"stringValue": "A String", # string

311

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

312

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

313

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

314

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

315

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

316

},

317

"timestampValue": "A String", # timestamp

318

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

319

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

320

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

321

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

322

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

323

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

324

"booleanValue": True or False, # boolean

325

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

326

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

327

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

328

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

329

},

330

"dayOfWeekValue": "A String", # day of week

331

"floatValue": 3.14, # float

332

"integerValue": "A String", # integer

333

"stringValue": "A String", # string

334

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

335

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

336

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

337

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

338

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

339

},

340

"timestampValue": "A String", # timestamp

341

},

342

},

343

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

344

},

345

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

346

"partToExtract": "A String", # The part of the time to keep.

347

},

348

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

349

},

350

],

351

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

352

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

353

"fieldTransformations": [ # Transform the record by applying various field transformations.

354

{ # The transformation to apply to the field.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

355

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

356

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

357

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

358

"conditions": [ # A collection of conditions.

359

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

360

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

361

"name": "A String", # Name describing the field.

362

},

363

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

364

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

365

"booleanValue": True or False, # boolean

366

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

367

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

368

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

369

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

370

},

371

"dayOfWeekValue": "A String", # day of week

372

"floatValue": 3.14, # float

373

"integerValue": "A String", # integer

374

"stringValue": "A String", # string

375

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

376

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

377

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

378

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

379

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

380

},

381

"timestampValue": "A String", # timestamp

382

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

387

},

388

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

389

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

390

{ # General identifier of a data field in a storage service.

391

"name": "A String", # Name describing the field.

392

},

393

],

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

394

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

395

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

396

{ # A transformation to apply to text that is identified as a specific info_type.

397

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

398

{ # Type of information detected by the API.

399

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

400

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

401

},

402

],

403

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

404

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

405

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

406

{ # Bucket is represented as a range, along with replacement values.

407

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

408

"booleanValue": True or False, # boolean

409

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

410

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

411

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

412

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

413

},

414

"dayOfWeekValue": "A String", # day of week

415

"floatValue": 3.14, # float

416

"integerValue": "A String", # integer

417

"stringValue": "A String", # string

418

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

419

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

420

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

421

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

422

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

423

},

424

"timestampValue": "A String", # timestamp

425

},

426

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

427

"booleanValue": True or False, # boolean

428

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

429

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

430

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

431

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

432

},

433

"dayOfWeekValue": "A String", # day of week

434

"floatValue": 3.14, # float

435

"integerValue": "A String", # integer

436

"stringValue": "A String", # string

437

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

438

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

439

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

440

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

441

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

442

},

443

"timestampValue": "A String", # timestamp

444

},

445

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

446

"booleanValue": True or False, # boolean

447

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

448

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

449

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

450

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

451

},

452

"dayOfWeekValue": "A String", # day of week

453

"floatValue": 3.14, # float

454

"integerValue": "A String", # integer

455

"stringValue": "A String", # string

456

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

457

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

458

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

459

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

460

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

461

},

462

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

468

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

469

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

470

"charactersToSkip": "A String", # Characters to not transform when masking.

471

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

472

},

473

],

474

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

475

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

476

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

477

},

478

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

479

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

480

"name": "A String", # Name describing the field.

481

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

482

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

483

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

484

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

485

"wrappedKey": "A String", # Required. The wrapped data crypto key.

486

},

487

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

488

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

489

},

490

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

491

"key": "A String", # Required. A 128/192/256 bit key.

492

},

493

},

494

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

495

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

496

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

497

},

498

},

499

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

500

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

501

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

502

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

503

"wrappedKey": "A String", # Required. The wrapped data crypto key.

504

},

505

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

506

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

507

},

508

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

509

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

514

"commonAlphabet": "A String", # Common alphabets.

515

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

516

"name": "A String", # Name describing the field.

517

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

518

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

519

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

520

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

521

"wrappedKey": "A String", # Required. The wrapped data crypto key.

522

},

523

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

524

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

525

},

526

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

527

"key": "A String", # Required. A 128/192/256 bit key.

528

},

529

},

530

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

531

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

532

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

533

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

534

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

535

},

536

},

537

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

538

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

539

"name": "A String", # Name describing the field.

540

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

541

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

542

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

543

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

544

"wrappedKey": "A String", # Required. The wrapped data crypto key.

545

},

546

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

547

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

548

},

549

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

550

"key": "A String", # Required. A 128/192/256 bit key.

551

},

552

},

553

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

554

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

555

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

556

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

557

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

558

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

559

"booleanValue": True or False, # boolean

560

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

561

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

562

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

563

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

564

},

565

"dayOfWeekValue": "A String", # day of week

566

"floatValue": 3.14, # float

567

"integerValue": "A String", # integer

568

"stringValue": "A String", # string

569

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

570

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

571

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

572

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

573

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

574

},

575

"timestampValue": "A String", # timestamp

576

},

577

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

578

"booleanValue": True or False, # boolean

579

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

580

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

581

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

582

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

583

},

584

"dayOfWeekValue": "A String", # day of week

585

"floatValue": 3.14, # float

586

"integerValue": "A String", # integer

587

"stringValue": "A String", # string

588

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

589

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

590

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

591

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

592

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

593

},

594

"timestampValue": "A String", # timestamp

595

},

596

},

597

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

598

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

599

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

600

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

601

"booleanValue": True or False, # boolean

602

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

603

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

604

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

605

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

606

},

607

"dayOfWeekValue": "A String", # day of week

608

"floatValue": 3.14, # float

609

"integerValue": "A String", # integer

610

"stringValue": "A String", # string

611

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

612

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

613

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

614

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

615

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

616

},

617

"timestampValue": "A String", # timestamp

618

},

619

},

620

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

621

},

622

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

623

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

630

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

631

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

632

{ # Bucket is represented as a range, along with replacement values.

633

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

634

"booleanValue": True or False, # boolean

635

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

636

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

637

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

638

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

639

},

640

"dayOfWeekValue": "A String", # day of week

641

"floatValue": 3.14, # float

642

"integerValue": "A String", # integer

643

"stringValue": "A String", # string

644

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

645

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

646

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

647

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

648

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

649

},

650

"timestampValue": "A String", # timestamp

651

},

652

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

653

"booleanValue": True or False, # boolean

654

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

655

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

656

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

657

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

658

},

659

"dayOfWeekValue": "A String", # day of week

660

"floatValue": 3.14, # float

661

"integerValue": "A String", # integer

662

"stringValue": "A String", # string

663

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

664

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

665

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

666

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

667

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

668

},

669

"timestampValue": "A String", # timestamp

670

},

671

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

672

"booleanValue": True or False, # boolean

673

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

674

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

675

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

676

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

677

},

678

"dayOfWeekValue": "A String", # day of week

679

"floatValue": 3.14, # float

680

"integerValue": "A String", # integer

681

"stringValue": "A String", # string

682

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

683

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

684

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

685

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

686

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

687

},

688

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

694

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

695

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

696

"charactersToSkip": "A String", # Characters to not transform when masking.

697

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

698

},

699

],

700

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

701

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

702

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

703

},

704

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

705

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

706

"name": "A String", # Name describing the field.

707

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

708

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

709

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

710

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

711

"wrappedKey": "A String", # Required. The wrapped data crypto key.

712

},

713

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

714

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

715

},

716

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

717

"key": "A String", # Required. A 128/192/256 bit key.

718

},

719

},

720

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

721

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

722

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

723

},

724

},

725

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

726

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

727

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

728

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

729

"wrappedKey": "A String", # Required. The wrapped data crypto key.

730

},

731

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

732

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

733

},

734

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

735

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

740

"commonAlphabet": "A String", # Common alphabets.

741

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

742

"name": "A String", # Name describing the field.

743

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

744

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

745

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

746

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

747

"wrappedKey": "A String", # Required. The wrapped data crypto key.

748

},

749

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

750

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

751

},

752

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

753

"key": "A String", # Required. A 128/192/256 bit key.

754

},

755

},

756

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

757

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

758

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

759

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

760

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

761

},

762

},

763

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

764

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

765

"name": "A String", # Name describing the field.

766

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

767

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

768

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

769

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

770

"wrappedKey": "A String", # Required. The wrapped data crypto key.

771

},

772

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

773

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

774

},

775

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

776

"key": "A String", # Required. A 128/192/256 bit key.

777

},

778

},

779

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

780

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

781

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

782

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

783

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

784

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

785

"booleanValue": True or False, # boolean

786

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

787

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

788

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

789

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

790

},

791

"dayOfWeekValue": "A String", # day of week

792

"floatValue": 3.14, # float

793

"integerValue": "A String", # integer

794

"stringValue": "A String", # string

795

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

796

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

797

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

798

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

799

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

800

},

801

"timestampValue": "A String", # timestamp

802

},

803

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

804

"booleanValue": True or False, # boolean

805

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

806

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

807

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

808

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

809

},

810

"dayOfWeekValue": "A String", # day of week

811

"floatValue": 3.14, # float

812

"integerValue": "A String", # integer

813

"stringValue": "A String", # string

814

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

815

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

816

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

817

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

818

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

819

},

820

"timestampValue": "A String", # timestamp

821

},

822

},

823

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

824

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

825

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

826

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

827

"booleanValue": True or False, # boolean

828

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

829

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

830

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

831

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

832

},

833

"dayOfWeekValue": "A String", # day of week

834

"floatValue": 3.14, # float

835

"integerValue": "A String", # integer

836

"stringValue": "A String", # string

837

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

838

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

839

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

840

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

841

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

842

},

843

"timestampValue": "A String", # timestamp

844

},

845

},

846

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

847

},

848

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

849

"partToExtract": "A String", # The part of the time to keep.

850

},

851

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

852

},

853

],

854

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

855

{ # Configuration to suppress records whose suppression conditions evaluate to true.

856

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

857

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

858

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

859

"conditions": [ # A collection of conditions.

860

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

861

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

862

"name": "A String", # Name describing the field.

863

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

864

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

865

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

866

"booleanValue": True or False, # boolean

867

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

868

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

869

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

870

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

871

},

872

"dayOfWeekValue": "A String", # day of week

873

"floatValue": 3.14, # float

874

"integerValue": "A String", # integer

875

"stringValue": "A String", # string

876

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

877

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

878

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

879

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

880

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

881

},

882

"timestampValue": "A String", # timestamp

883

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

884

},

885

],

886

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

887

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

},

],

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

893

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

894

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

895

},

896

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

897

},

898

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

899

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

900

"description": "A String", # Short description (max 256 chars).

901

"displayName": "A String", # Display name (max 256 chars).

902

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

903

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

904

},

905

"locationId": "A String", # Deprecated. This field has no effect.

906

"templateId": "A String", # The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.

907

}

908

909

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

916

917

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

918

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

919

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

920

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

921

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

922

{ # A transformation to apply to text that is identified as a specific info_type.

923

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

924

{ # Type of information detected by the API.

925

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

926

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

927

},

928

],

929

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

930

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

931

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

932

{ # Bucket is represented as a range, along with replacement values.

933

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

934

"booleanValue": True or False, # boolean

935

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

936

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

937

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

938

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

939

},

940

"dayOfWeekValue": "A String", # day of week

941

"floatValue": 3.14, # float

942

"integerValue": "A String", # integer

943

"stringValue": "A String", # string

944

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

945

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

946

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

947

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

948

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

949

},

950

"timestampValue": "A String", # timestamp

951

},

952

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

953

"booleanValue": True or False, # boolean

954

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

955

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

956

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

957

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

958

},

959

"dayOfWeekValue": "A String", # day of week

960

"floatValue": 3.14, # float

961

"integerValue": "A String", # integer

962

"stringValue": "A String", # string

963

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

964

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

965

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

966

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

967

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

968

},

969

"timestampValue": "A String", # timestamp

970

},

971

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

972

"booleanValue": True or False, # boolean

973

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

974

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

975

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

976

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

977

},

978

"dayOfWeekValue": "A String", # day of week

979

"floatValue": 3.14, # float

980

"integerValue": "A String", # integer

981

"stringValue": "A String", # string

982

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

983

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

984

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

985

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

986

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

987

},

988

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

994

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

995

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

996

"charactersToSkip": "A String", # Characters to not transform when masking.

997

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

998

},

999

],

1000

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

1001

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1002

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

1003

},

1004

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

1005

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1006

"name": "A String", # Name describing the field.

1007

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1008

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

1009

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1010

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1011

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1012

},

1013

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1014

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1015

},

1016

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1017

"key": "A String", # Required. A 128/192/256 bit key.

1018

},

1019

},

1020

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1021

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1022

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1023

},

1024

},

1025

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1026

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

1027

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1028

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1029

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1030

},

1031

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1032

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1033

},

1034

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1035

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1040

"commonAlphabet": "A String", # Common alphabets.

1041

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1042

"name": "A String", # Name describing the field.

1043

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1044

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

1045

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1046

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1047

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1048

},

1049

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1050

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1051

},

1052

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1053

"key": "A String", # Required. A 128/192/256 bit key.

1054

},

1055

},

1056

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1057

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1058

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1059

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1060

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1061

},

1062

},

1063

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

1064

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1065

"name": "A String", # Name describing the field.

1066

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1067

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

1068

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1069

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1070

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1071

},

1072

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1073

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1074

},

1075

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1076

"key": "A String", # Required. A 128/192/256 bit key.

1077

},

1078

},

1079

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

1080

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

1081

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

1082

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1083

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1084

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1085

"booleanValue": True or False, # boolean

1086

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1087

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1088

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1089

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1090

},

1091

"dayOfWeekValue": "A String", # day of week

1092

"floatValue": 3.14, # float

1093

"integerValue": "A String", # integer

1094

"stringValue": "A String", # string

1095

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1096

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1097

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1098

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1099

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1100

},

1101

"timestampValue": "A String", # timestamp

1102

},

1103

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1104

"booleanValue": True or False, # boolean

1105

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1106

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1107

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1108

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1109

},

1110

"dayOfWeekValue": "A String", # day of week

1111

"floatValue": 3.14, # float

1112

"integerValue": "A String", # integer

1113

"stringValue": "A String", # string

1114

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1115

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1116

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1117

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1118

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1119

},

1120

"timestampValue": "A String", # timestamp

1121

},

1122

},

1123

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

1124

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

1125

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1126

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1127

"booleanValue": True or False, # boolean

1128

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1129

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1130

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1131

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1132

},

1133

"dayOfWeekValue": "A String", # day of week

1134

"floatValue": 3.14, # float

1135

"integerValue": "A String", # integer

1136

"stringValue": "A String", # string

1137

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1138

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1139

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1140

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1141

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1142

},

1143

"timestampValue": "A String", # timestamp

1144

},

1145

},

1146

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

1147

},

1148

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1149

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

1156

"fieldTransformations": [ # Transform the record by applying various field transformations.

1157

{ # The transformation to apply to the field.

1158

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

1159

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

1160

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

1161

"conditions": [ # A collection of conditions.

1162

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

1163

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

1164

"name": "A String", # Name describing the field.

1165

},

1166

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

1167

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

1168

"booleanValue": True or False, # boolean

1169

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1170

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1171

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1172

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1173

},

1174

"dayOfWeekValue": "A String", # day of week

1175

"floatValue": 3.14, # float

1176

"integerValue": "A String", # integer

1177

"stringValue": "A String", # string

1178

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1179

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1180

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1181

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1182

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1183

},

1184

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

1190

},

1191

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

1192

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1193

{ # General identifier of a data field in a storage service.

1194

"name": "A String", # Name describing the field.

1195

},

1196

],

1197

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

1198

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

1199

{ # A transformation to apply to text that is identified as a specific info_type.

1200

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

1201

{ # Type of information detected by the API.

1202

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1203

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1204

},

1205

],

1206

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

1207

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1208

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1209

{ # Bucket is represented as a range, along with replacement values.

1210

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

1211

"booleanValue": True or False, # boolean

1212

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1213

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1214

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1215

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1216

},

1217

"dayOfWeekValue": "A String", # day of week

1218

"floatValue": 3.14, # float

1219

"integerValue": "A String", # integer

1220

"stringValue": "A String", # string

1221

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1222

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1223

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1224

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1225

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1226

},

1227

"timestampValue": "A String", # timestamp

1228

},

1229

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

1230

"booleanValue": True or False, # boolean

1231

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1232

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1233

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1234

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1235

},

1236

"dayOfWeekValue": "A String", # day of week

1237

"floatValue": 3.14, # float

1238

"integerValue": "A String", # integer

1239

"stringValue": "A String", # string

1240

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1241

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1242

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1243

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1244

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1245

},

1246

"timestampValue": "A String", # timestamp

1247

},

1248

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

1249

"booleanValue": True or False, # boolean

1250

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1251

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1252

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1253

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1254

},

1255

"dayOfWeekValue": "A String", # day of week

1256

"floatValue": 3.14, # float

1257

"integerValue": "A String", # integer

1258

"stringValue": "A String", # string

1259

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1260

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1261

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1262

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1263

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1264

},

1265

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

1271

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1272

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1273

"charactersToSkip": "A String", # Characters to not transform when masking.

1274

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1275

},

1276

],

1277

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

1278

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1279

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

1280

},

1281

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

1282

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1283

"name": "A String", # Name describing the field.

1284

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1285

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

1286

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1287

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1288

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1289

},

1290

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1291

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1292

},

1293

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1294

"key": "A String", # Required. A 128/192/256 bit key.

1295

},

1296

},

1297

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1298

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1299

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1300

},

1301

},

1302

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1303

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

1304

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1305

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1306

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1307

},

1308

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1309

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1310

},

1311

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1312

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1317

"commonAlphabet": "A String", # Common alphabets.

1318

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1319

"name": "A String", # Name describing the field.

1320

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1321

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

1322

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1323

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1324

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1325

},

1326

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1327

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1328

},

1329

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1330

"key": "A String", # Required. A 128/192/256 bit key.

1331

},

1332

},

1333

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1334

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1335

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1336

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1337

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1338

},

1339

},

1340

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

1341

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1342

"name": "A String", # Name describing the field.

1343

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1344

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

1345

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1346

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1347

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1348

},

1349

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1350

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1351

},

1352

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1353

"key": "A String", # Required. A 128/192/256 bit key.

1354

},

1355

},

1356

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

1357

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

1358

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

1359

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1360

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1361

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1362

"booleanValue": True or False, # boolean

1363

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1364

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1365

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1366

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1367

},

1368

"dayOfWeekValue": "A String", # day of week

1369

"floatValue": 3.14, # float

1370

"integerValue": "A String", # integer

1371

"stringValue": "A String", # string

1372

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1373

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1374

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1375

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1376

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1377

},

1378

"timestampValue": "A String", # timestamp

1379

},

1380

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1381

"booleanValue": True or False, # boolean

1382

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1383

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1384

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1385

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1386

},

1387

"dayOfWeekValue": "A String", # day of week

1388

"floatValue": 3.14, # float

1389

"integerValue": "A String", # integer

1390

"stringValue": "A String", # string

1391

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1392

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1393

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1394

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1395

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1396

},

1397

"timestampValue": "A String", # timestamp

1398

},

1399

},

1400

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

1401

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

1402

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1403

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1404

"booleanValue": True or False, # boolean

1405

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1406

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1407

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1408

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1409

},

1410

"dayOfWeekValue": "A String", # day of week

1411

"floatValue": 3.14, # float

1412

"integerValue": "A String", # integer

1413

"stringValue": "A String", # string

1414

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1415

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1416

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1417

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1418

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1419

},

1420

"timestampValue": "A String", # timestamp

1421

},

1422

},

1423

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

1424

},

1425

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1426

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

1433

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1434

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1435

{ # Bucket is represented as a range, along with replacement values.

1436

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

1437

"booleanValue": True or False, # boolean

1438

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1439

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1440

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1441

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1442

},

1443

"dayOfWeekValue": "A String", # day of week

1444

"floatValue": 3.14, # float

1445

"integerValue": "A String", # integer

1446

"stringValue": "A String", # string

1447

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1448

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1449

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1450

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1451

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1452

},

1453

"timestampValue": "A String", # timestamp

1454

},

1455

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

1456

"booleanValue": True or False, # boolean

1457

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1458

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1459

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1460

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1461

},

1462

"dayOfWeekValue": "A String", # day of week

1463

"floatValue": 3.14, # float

1464

"integerValue": "A String", # integer

1465

"stringValue": "A String", # string

1466

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1467

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1468

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1469

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1470

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1471

},

1472

"timestampValue": "A String", # timestamp

1473

},

1474

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

1475

"booleanValue": True or False, # boolean

1476

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1477

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1478

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1479

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1480

},

1481

"dayOfWeekValue": "A String", # day of week

1482

"floatValue": 3.14, # float

1483

"integerValue": "A String", # integer

1484

"stringValue": "A String", # string

1485

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1486

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1487

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1488

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1489

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1490

},

1491

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

1497

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1498

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1499

"charactersToSkip": "A String", # Characters to not transform when masking.

1500

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1501

},

1502

],

1503

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

1504

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1505

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

1506

},

1507

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

1508

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1509

"name": "A String", # Name describing the field.

1510

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1511

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

1512

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1513

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1514

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1515

},

1516

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1517

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1518

},

1519

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1520

"key": "A String", # Required. A 128/192/256 bit key.

1521

},

1522

},

1523

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1524

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1525

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1526

},

1527

},

1528

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1529

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

1530

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1531

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1532

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1533

},

1534

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1535

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1536

},

1537

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1538

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1543

"commonAlphabet": "A String", # Common alphabets.

1544

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1545

"name": "A String", # Name describing the field.

1546

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1547

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

1548

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1549

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1550

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1551

},

1552

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1553

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1554

},

1555

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1556

"key": "A String", # Required. A 128/192/256 bit key.

1557

},

1558

},

1559

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1560

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1561

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1562

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1563

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1564

},

1565

},

1566

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

1567

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1568

"name": "A String", # Name describing the field.

1569

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1570

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

1571

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1572

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1573

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1574

},

1575

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1576

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1577

},

1578

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1579

"key": "A String", # Required. A 128/192/256 bit key.

1580

},

1581

},

1582

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

1583

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

1584

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

1585

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1586

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1587

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1588

"booleanValue": True or False, # boolean

1589

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1590

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1591

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1592

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1593

},

1594

"dayOfWeekValue": "A String", # day of week

1595

"floatValue": 3.14, # float

1596

"integerValue": "A String", # integer

1597

"stringValue": "A String", # string

1598

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1599

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1600

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1601

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1602

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1603

},

1604

"timestampValue": "A String", # timestamp

1605

},

1606

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1607

"booleanValue": True or False, # boolean

1608

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1609

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1610

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1611

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1612

},

1613

"dayOfWeekValue": "A String", # day of week

1614

"floatValue": 3.14, # float

1615

"integerValue": "A String", # integer

1616

"stringValue": "A String", # string

1617

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1618

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1619

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1620

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1621

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1622

},

1623

"timestampValue": "A String", # timestamp

1624

},

1625

},

1626

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

1627

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

1628

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1629

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1630

"booleanValue": True or False, # boolean

1631

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1632

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1633

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1634

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1635

},

1636

"dayOfWeekValue": "A String", # day of week

1637

"floatValue": 3.14, # float

1638

"integerValue": "A String", # integer

1639

"stringValue": "A String", # string

1640

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1641

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1642

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1643

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1644

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1645

},

1646

"timestampValue": "A String", # timestamp

1647

},

1648

},

1649

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

1650

},

1651

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1652

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

1658

{ # Configuration to suppress records whose suppression conditions evaluate to true.

1659

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

1660

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

1661

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

1662

"conditions": [ # A collection of conditions.

1663

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

1664

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

1665

"name": "A String", # Name describing the field.

1666

},

1667

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

1668

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

1669

"booleanValue": True or False, # boolean

1670

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1671

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1672

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1673

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1674

},

1675

"dayOfWeekValue": "A String", # day of week

1676

"floatValue": 3.14, # float

1677

"integerValue": "A String", # integer

1678

"stringValue": "A String", # string

1679

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1680

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1681

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1682

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1683

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1684

},

1685

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

1697

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

1698

},

1699

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

},

},

},

"description": "A String", # Short description (max 256 chars).

1704

"displayName": "A String", # Display name (max 256 chars).

1705

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

1706

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

1707

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1712

<pre>Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1713

1714

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1715

name: string, Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1716

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1723

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1724

{ # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1725

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1730

<pre>Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1731

1732

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1733

name: string, Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1734

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1741

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1742

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1743

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

1744

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1745

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

1746

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

1747

{ # A transformation to apply to text that is identified as a specific info_type.

1748

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

1749

{ # Type of information detected by the API.

1750

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1751

"version": "A String", # Optional version name for this InfoType.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1752

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1753

],

1754

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

1755

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1756

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1757

{ # Bucket is represented as a range, along with replacement values.

1758

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

1759

"booleanValue": True or False, # boolean

1760

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1761

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1762

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1763

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

1764

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1765

"dayOfWeekValue": "A String", # day of week

1766

"floatValue": 3.14, # float

1767

"integerValue": "A String", # integer

1768

"stringValue": "A String", # string

1769

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1770

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1771

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1772

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1773

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1774

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1775

"timestampValue": "A String", # timestamp

1776

},

1777

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

1778

"booleanValue": True or False, # boolean

1779

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1780

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1781

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1782

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1783

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1784

"dayOfWeekValue": "A String", # day of week

1785

"floatValue": 3.14, # float

1786

"integerValue": "A String", # integer

1787

"stringValue": "A String", # string

1788

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1789

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1790

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1791

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1792

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1793

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1794

"timestampValue": "A String", # timestamp

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1795

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1796

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

1797

"booleanValue": True or False, # boolean

1798

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1799

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1800

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1801

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1802

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1803

"dayOfWeekValue": "A String", # day of week

1804

"floatValue": 3.14, # float

1805

"integerValue": "A String", # integer

1806

"stringValue": "A String", # string

1807

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1808

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1809

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1810

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1811

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1812

},

1813

"timestampValue": "A String", # timestamp

1814

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1815

},

1816

],

1817

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1818

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

1819

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1820

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1821

"charactersToSkip": "A String", # Characters to not transform when masking.

1822

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1823

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1824

],

1825

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

1826

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1827

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

1828

},

1829

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

1830

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1831

"name": "A String", # Name describing the field.

1832

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1833

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

1834

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1835

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1836

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1837

},

1838

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1839

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1840

},

1841

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1842

"key": "A String", # Required. A 128/192/256 bit key.

1843

},

1844

},

1845

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1846

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1847

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1848

},

1849

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1850

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1851

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

1852

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1853

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1854

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1855

},

1856

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1857

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1858

},

1859

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1860

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1865

"commonAlphabet": "A String", # Common alphabets.

1866

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

1867

"name": "A String", # Name describing the field.

1868

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1869

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

1870

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1871

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1872

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1873

},

1874

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1875

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1876

},

1877

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1878

"key": "A String", # Required. A 128/192/256 bit key.

1879

},

1880

},

1881

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1882

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1883

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1884

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

1885

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1886

},

1887

},

1888

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

1889

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1890

"name": "A String", # Name describing the field.

1891

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

1892

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

1893

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1894

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1895

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1896

},

1897

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1898

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1899

},

1900

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1901

"key": "A String", # Required. A 128/192/256 bit key.

1902

},

1903

},

1904

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

1905

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

1906

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

1907

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1908

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1909

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1910

"booleanValue": True or False, # boolean

1911

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1912

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1913

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1914

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1915

},

1916

"dayOfWeekValue": "A String", # day of week

1917

"floatValue": 3.14, # float

1918

"integerValue": "A String", # integer

1919

"stringValue": "A String", # string

1920

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1921

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1922

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1923

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1924

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1925

},

1926

"timestampValue": "A String", # timestamp

1927

},

1928

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1929

"booleanValue": True or False, # boolean

1930

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1931

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1932

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1933

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1934

},

1935

"dayOfWeekValue": "A String", # day of week

1936

"floatValue": 3.14, # float

1937

"integerValue": "A String", # integer

1938

"stringValue": "A String", # string

1939

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1940

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1941

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1942

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1943

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1944

},

1945

"timestampValue": "A String", # timestamp

1946

},

1947

},

1948

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

1949

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

1950

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

1951

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1952

"booleanValue": True or False, # boolean

1953

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1954

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1955

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1956

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1957

},

1958

"dayOfWeekValue": "A String", # day of week

1959

"floatValue": 3.14, # float

1960

"integerValue": "A String", # integer

1961

"stringValue": "A String", # string

1962

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1963

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1964

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1965

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1966

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1967

},

1968

"timestampValue": "A String", # timestamp

1969

},

1970

},

1971

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

1972

},

1973

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1974

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

1981

"fieldTransformations": [ # Transform the record by applying various field transformations.

1982

{ # The transformation to apply to the field.

1983

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

1984

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

1985

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

1986

"conditions": [ # A collection of conditions.

1987

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

1988

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

1989

"name": "A String", # Name describing the field.

1990

},

1991

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

1992

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

1993

"booleanValue": True or False, # boolean

1994

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1995

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1996

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1997

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1998

},

1999

"dayOfWeekValue": "A String", # day of week

2000

"floatValue": 3.14, # float

2001

"integerValue": "A String", # integer

2002

"stringValue": "A String", # string

2003

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2004

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2005

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2006

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2007

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2008

},

2009

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

2015

},

2016

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

2017

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2018

{ # General identifier of a data field in a storage service.

2019

"name": "A String", # Name describing the field.

2020

},

2021

],

2022

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

2023

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

2024

{ # A transformation to apply to text that is identified as a specific info_type.

2025

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2026

{ # Type of information detected by the API.

2027

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2028

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2029

},

2030

],

2031

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

2032

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2033

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2034

{ # Bucket is represented as a range, along with replacement values.

2035

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

2036

"booleanValue": True or False, # boolean

2037

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2038

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2039

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2040

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2041

},

2042

"dayOfWeekValue": "A String", # day of week

2043

"floatValue": 3.14, # float

2044

"integerValue": "A String", # integer

2045

"stringValue": "A String", # string

2046

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2047

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2048

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2049

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2050

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2051

},

2052

"timestampValue": "A String", # timestamp

2053

},

2054

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

2055

"booleanValue": True or False, # boolean

2056

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2057

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2058

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2059

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2060

},

2061

"dayOfWeekValue": "A String", # day of week

2062

"floatValue": 3.14, # float

2063

"integerValue": "A String", # integer

2064

"stringValue": "A String", # string

2065

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2066

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2067

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2068

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2069

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2070

},

2071

"timestampValue": "A String", # timestamp

2072

},

2073

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

2074

"booleanValue": True or False, # boolean

2075

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2076

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2077

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2078

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2079

},

2080

"dayOfWeekValue": "A String", # day of week

2081

"floatValue": 3.14, # float

2082

"integerValue": "A String", # integer

2083

"stringValue": "A String", # string

2084

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2085

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2086

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2087

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2088

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2089

},

2090

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

2096

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2097

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2098

"charactersToSkip": "A String", # Characters to not transform when masking.

2099

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2100

},

2101

],

2102

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

2103

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2104

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

2105

},

2106

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

2107

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2108

"name": "A String", # Name describing the field.

2109

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2110

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

2111

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2112

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2113

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2114

},

2115

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2116

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2117

},

2118

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2119

"key": "A String", # Required. A 128/192/256 bit key.

2120

},

2121

},

2122

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2123

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2124

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2125

},

2126

},

2127

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2128

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

2129

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2130

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2131

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2132

},

2133

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2134

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2135

},

2136

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2137

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2142

"commonAlphabet": "A String", # Common alphabets.

2143

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2144

"name": "A String", # Name describing the field.

2145

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2146

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

2147

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2148

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2149

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2150

},

2151

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2152

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2153

},

2154

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2155

"key": "A String", # Required. A 128/192/256 bit key.

2156

},

2157

},

2158

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2159

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2160

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2161

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2162

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2163

},

2164

},

2165

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

2166

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2167

"name": "A String", # Name describing the field.

2168

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2169

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

2170

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2171

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2172

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2173

},

2174

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2175

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2176

},

2177

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2178

"key": "A String", # Required. A 128/192/256 bit key.

2179

},

2180

},

2181

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

2182

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

2183

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

2184

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2185

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2186

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2187

"booleanValue": True or False, # boolean

2188

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2189

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2190

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2191

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2192

},

2193

"dayOfWeekValue": "A String", # day of week

2194

"floatValue": 3.14, # float

2195

"integerValue": "A String", # integer

2196

"stringValue": "A String", # string

2197

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2198

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2199

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2200

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2201

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2202

},

2203

"timestampValue": "A String", # timestamp

2204

},

2205

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2206

"booleanValue": True or False, # boolean

2207

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2208

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2209

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2210

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2211

},

2212

"dayOfWeekValue": "A String", # day of week

2213

"floatValue": 3.14, # float

2214

"integerValue": "A String", # integer

2215

"stringValue": "A String", # string

2216

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2217

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2218

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2219

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2220

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2221

},

2222

"timestampValue": "A String", # timestamp

2223

},

2224

},

2225

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

2226

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

2227

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2228

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2229

"booleanValue": True or False, # boolean

2230

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2231

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2232

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2233

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2234

},

2235

"dayOfWeekValue": "A String", # day of week

2236

"floatValue": 3.14, # float

2237

"integerValue": "A String", # integer

2238

"stringValue": "A String", # string

2239

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2240

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2241

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2242

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2243

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2244

},

2245

"timestampValue": "A String", # timestamp

2246

},

2247

},

2248

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

2249

},

2250

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2251

"partToExtract": "A String", # The part of the time to keep.

2252

},

2253

},

2254

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2255

],

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2256

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2257

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

2258

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2259

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2260

{ # Bucket is represented as a range, along with replacement values.

2261

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

2262

"booleanValue": True or False, # boolean

2263

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2264

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2265

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2266

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2267

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2268

"dayOfWeekValue": "A String", # day of week

2269

"floatValue": 3.14, # float

2270

"integerValue": "A String", # integer

2271

"stringValue": "A String", # string

2272

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2273

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2274

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2275

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2276

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2277

},

2278

"timestampValue": "A String", # timestamp

2279

},

2280

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

2281

"booleanValue": True or False, # boolean

2282

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2283

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2284

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2285

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2286

},

2287

"dayOfWeekValue": "A String", # day of week

2288

"floatValue": 3.14, # float

2289

"integerValue": "A String", # integer

2290

"stringValue": "A String", # string

2291

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2292

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2293

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2294

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2295

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2296

},

2297

"timestampValue": "A String", # timestamp

2298

},

2299

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

2300

"booleanValue": True or False, # boolean

2301

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2302

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2303

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2304

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2305

},

2306

"dayOfWeekValue": "A String", # day of week

2307

"floatValue": 3.14, # float

2308

"integerValue": "A String", # integer

2309

"stringValue": "A String", # string

2310

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2311

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2312

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2313

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2314

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2315

},

2316

"timestampValue": "A String", # timestamp

2317

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2318

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2319

],

2320

},

2321

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

2322

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2323

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2324

"charactersToSkip": "A String", # Characters to not transform when masking.

2325

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2326

},

2327

],

2328

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

2329

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2330

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

2331

},

2332

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

2333

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2334

"name": "A String", # Name describing the field.

2335

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2336

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

2337

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2338

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2339

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2340

},

2341

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2342

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2343

},

2344

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2345

"key": "A String", # Required. A 128/192/256 bit key.

2346

},

2347

},

2348

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2349

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2350

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2351

},

2352

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2353

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2354

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

2355

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2356

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2357

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2358

},

2359

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2360

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2361

},

2362

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2363

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2368

"commonAlphabet": "A String", # Common alphabets.

2369

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2370

"name": "A String", # Name describing the field.

2371

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2372

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

2373

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2374

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2375

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2376

},

2377

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2378

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2379

},

2380

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2381

"key": "A String", # Required. A 128/192/256 bit key.

2382

},

2383

},

2384

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2385

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2386

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2387

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2388

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2389

},

2390

},

2391

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

2392

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2393

"name": "A String", # Name describing the field.

2394

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2395

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

2396

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2397

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2398

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2399

},

2400

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2401

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2402

},

2403

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2404

"key": "A String", # Required. A 128/192/256 bit key.

2405

},

2406

},

2407

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

2408

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

2409

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

2410

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2411

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2412

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2413

"booleanValue": True or False, # boolean

2414

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2415

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2416

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2417

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2418

},

2419

"dayOfWeekValue": "A String", # day of week

2420

"floatValue": 3.14, # float

2421

"integerValue": "A String", # integer

2422

"stringValue": "A String", # string

2423

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2424

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2425

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2426

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2427

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2428

},

2429

"timestampValue": "A String", # timestamp

2430

},

2431

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2432

"booleanValue": True or False, # boolean

2433

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2434

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2435

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2436

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2437

},

2438

"dayOfWeekValue": "A String", # day of week

2439

"floatValue": 3.14, # float

2440

"integerValue": "A String", # integer

2441

"stringValue": "A String", # string

2442

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2443

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2444

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2445

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2446

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2447

},

2448

"timestampValue": "A String", # timestamp

2449

},

2450

},

2451

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

2452

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

2453

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2454

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2455

"booleanValue": True or False, # boolean

2456

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2457

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2458

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2459

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2460

},

2461

"dayOfWeekValue": "A String", # day of week

2462

"floatValue": 3.14, # float

2463

"integerValue": "A String", # integer

2464

"stringValue": "A String", # string

2465

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2466

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2467

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2468

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2469

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2470

},

2471

"timestampValue": "A String", # timestamp

2472

},

2473

},

2474

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

2475

},

2476

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2477

"partToExtract": "A String", # The part of the time to keep.

2478

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2479

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2480

},

2481

],

2482

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

2483

{ # Configuration to suppress records whose suppression conditions evaluate to true.

2484

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

2485

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

2486

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

2487

"conditions": [ # A collection of conditions.

2488

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

2489

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

2490

"name": "A String", # Name describing the field.

2491

},

2492

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

2493

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

2494

"booleanValue": True or False, # boolean

2495

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2496

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2497

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2498

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2499

},

2500

"dayOfWeekValue": "A String", # day of week

2501

"floatValue": 3.14, # float

2502

"integerValue": "A String", # integer

2503

"stringValue": "A String", # string

2504

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2505

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2506

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2507

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2508

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2509

},

2510

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

2522

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

2523

},

2524

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2525

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2526

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2527

},

2528

"description": "A String", # Short description (max 256 chars).

2529

"displayName": "A String", # Display name (max 256 chars).

2530

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

2531

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

2532

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2536

<code class="details" id="list">list(parent, locationId=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2537

<pre>Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2538

2539

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2540

parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2541

locationId: string, Deprecated. This field has no effect.

2542

orderBy: string, Comma separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to time the template was created. - `update_time`: corresponds to time the template was last updated. - `name`: corresponds to template's name. - `display_name`: corresponds to template's display name.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2543

pageSize: integer, Size of the page, can be limited by server. If zero server returns a page of max size 100.

2544

pageToken: string, Page token to continue retrieval. Comes from previous call to `ListDeidentifyTemplates`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2545

x__xgafv: string, V1 error format.

2546

Allowed values

2547

1 - v1 error format

2548

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2549

2550

Returns:

2551

An object of the form:

2552

2553

{ # Response message for ListDeidentifyTemplates.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2554

"deidentifyTemplates": [ # List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.

2555

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

2556

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

2557

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2558

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

2559

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

2560

{ # A transformation to apply to text that is identified as a specific info_type.

2561

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2562

{ # Type of information detected by the API.

2563

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2564

"version": "A String", # Optional version name for this InfoType.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

2565

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2566

],

2567

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

2568

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2569

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2570

{ # Bucket is represented as a range, along with replacement values.

2571

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

2572

"booleanValue": True or False, # boolean

2573

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2574

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2575

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2576

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

2577

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2578

"dayOfWeekValue": "A String", # day of week

2579

"floatValue": 3.14, # float

2580

"integerValue": "A String", # integer

2581

"stringValue": "A String", # string

2582

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2583

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2584

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2585

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2586

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2587

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2588

"timestampValue": "A String", # timestamp

2589

},

2590

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

2591

"booleanValue": True or False, # boolean

2592

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2593

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2594

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2595

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2596

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2597

"dayOfWeekValue": "A String", # day of week

2598

"floatValue": 3.14, # float

2599

"integerValue": "A String", # integer

2600

"stringValue": "A String", # string

2601

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2602

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2603

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2604

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2605

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2606

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2607

"timestampValue": "A String", # timestamp

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2608

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2609

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

2610

"booleanValue": True or False, # boolean

2611

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2612

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2613

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2614

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2615

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2616

"dayOfWeekValue": "A String", # day of week

2617

"floatValue": 3.14, # float

2618

"integerValue": "A String", # integer

2619

"stringValue": "A String", # string

2620

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2621

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2622

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2623

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2624

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2625

},

2626

"timestampValue": "A String", # timestamp

2627

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2628

},

2629

],

2630

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2631

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

2632

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2633

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2634

"charactersToSkip": "A String", # Characters to not transform when masking.

2635

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2636

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2637

],

2638

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

2639

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2640

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

2641

},

2642

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

2643

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2644

"name": "A String", # Name describing the field.

2645

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2646

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

2647

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2648

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2649

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2650

},

2651

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2652

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2653

},

2654

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2655

"key": "A String", # Required. A 128/192/256 bit key.

2656

},

2657

},

2658

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2659

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2660

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2661

},

2662

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2663

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2664

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

2665

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2666

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2667

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2668

},

2669

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2670

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2671

},

2672

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2673

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2678

"commonAlphabet": "A String", # Common alphabets.

2679

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

2680

"name": "A String", # Name describing the field.

2681

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2682

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

2683

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2684

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2685

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2686

},

2687

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2688

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2689

},

2690

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2691

"key": "A String", # Required. A 128/192/256 bit key.

2692

},

2693

},

2694

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2695

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2696

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2697

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2698

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2699

},

2700

},

2701

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

2702

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2703

"name": "A String", # Name describing the field.

2704

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2705

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

2706

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2707

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2708

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2709

},

2710

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2711

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2712

},

2713

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2714

"key": "A String", # Required. A 128/192/256 bit key.

2715

},

2716

},

2717

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

2718

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

2719

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

2720

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2721

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2722

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2723

"booleanValue": True or False, # boolean

2724

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2725

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2726

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2727

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2728

},

2729

"dayOfWeekValue": "A String", # day of week

2730

"floatValue": 3.14, # float

2731

"integerValue": "A String", # integer

2732

"stringValue": "A String", # string

2733

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2734

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2735

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2736

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2737

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2738

},

2739

"timestampValue": "A String", # timestamp

2740

},

2741

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2742

"booleanValue": True or False, # boolean

2743

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2744

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2745

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2746

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2747

},

2748

"dayOfWeekValue": "A String", # day of week

2749

"floatValue": 3.14, # float

2750

"integerValue": "A String", # integer

2751

"stringValue": "A String", # string

2752

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2753

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2754

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2755

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2756

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2757

},

2758

"timestampValue": "A String", # timestamp

2759

},

2760

},

2761

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

2762

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

2763

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2764

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2765

"booleanValue": True or False, # boolean

2766

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2767

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2768

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2769

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2770

},

2771

"dayOfWeekValue": "A String", # day of week

2772

"floatValue": 3.14, # float

2773

"integerValue": "A String", # integer

2774

"stringValue": "A String", # string

2775

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2776

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2777

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2778

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2779

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2780

},

2781

"timestampValue": "A String", # timestamp

2782

},

2783

},

2784

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

2785

},

2786

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2787

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

2794

"fieldTransformations": [ # Transform the record by applying various field transformations.

2795

{ # The transformation to apply to the field.

2796

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

2797

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

2798

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

2799

"conditions": [ # A collection of conditions.

2800

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

2801

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

2802

"name": "A String", # Name describing the field.

2803

},

2804

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

2805

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

2806

"booleanValue": True or False, # boolean

2807

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2808

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2809

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2810

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2811

},

2812

"dayOfWeekValue": "A String", # day of week

2813

"floatValue": 3.14, # float

2814

"integerValue": "A String", # integer

2815

"stringValue": "A String", # string

2816

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2817

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2818

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2819

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2820

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2821

},

2822

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

2828

},

2829

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

2830

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2831

{ # General identifier of a data field in a storage service.

2832

"name": "A String", # Name describing the field.

2833

},

2834

],

2835

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

2836

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

2837

{ # A transformation to apply to text that is identified as a specific info_type.

2838

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2839

{ # Type of information detected by the API.

2840

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2841

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2842

},

2843

],

2844

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

2845

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2846

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2847

{ # Bucket is represented as a range, along with replacement values.

2848

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

2849

"booleanValue": True or False, # boolean

2850

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2851

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2852

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2853

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2854

},

2855

"dayOfWeekValue": "A String", # day of week

2856

"floatValue": 3.14, # float

2857

"integerValue": "A String", # integer

2858

"stringValue": "A String", # string

2859

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2860

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2861

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2862

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2863

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2864

},

2865

"timestampValue": "A String", # timestamp

2866

},

2867

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

2868

"booleanValue": True or False, # boolean

2869

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2870

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2871

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2872

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2873

},

2874

"dayOfWeekValue": "A String", # day of week

2875

"floatValue": 3.14, # float

2876

"integerValue": "A String", # integer

2877

"stringValue": "A String", # string

2878

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2879

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2880

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2881

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2882

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2883

},

2884

"timestampValue": "A String", # timestamp

2885

},

2886

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

2887

"booleanValue": True or False, # boolean

2888

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2889

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2890

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2891

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2892

},

2893

"dayOfWeekValue": "A String", # day of week

2894

"floatValue": 3.14, # float

2895

"integerValue": "A String", # integer

2896

"stringValue": "A String", # string

2897

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2898

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2899

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2900

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2901

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2902

},

2903

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

2909

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2910

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2911

"charactersToSkip": "A String", # Characters to not transform when masking.

2912

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2913

},

2914

],

2915

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

2916

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2917

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

2918

},

2919

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

2920

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2921

"name": "A String", # Name describing the field.

2922

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2923

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

2924

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2925

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2926

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2927

},

2928

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2929

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2930

},

2931

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2932

"key": "A String", # Required. A 128/192/256 bit key.

2933

},

2934

},

2935

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2936

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2937

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2938

},

2939

},

2940

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2941

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

2942

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2943

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2944

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2945

},

2946

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2947

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2948

},

2949

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2950

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2955

"commonAlphabet": "A String", # Common alphabets.

2956

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2957

"name": "A String", # Name describing the field.

2958

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2959

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

2960

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2961

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2962

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2963

},

2964

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2965

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2966

},

2967

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2968

"key": "A String", # Required. A 128/192/256 bit key.

2969

},

2970

},

2971

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2972

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2973

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2974

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

2975

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2976

},

2977

},

2978

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

2979

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2980

"name": "A String", # Name describing the field.

2981

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

2982

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

2983

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2984

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2985

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2986

},

2987

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2988

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2989

},

2990

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2991

"key": "A String", # Required. A 128/192/256 bit key.

2992

},

2993

},

2994

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

2995

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

2996

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

2997

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

2998

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2999

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3000

"booleanValue": True or False, # boolean

3001

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3002

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3003

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3004

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3005

},

3006

"dayOfWeekValue": "A String", # day of week

3007

"floatValue": 3.14, # float

3008

"integerValue": "A String", # integer

3009

"stringValue": "A String", # string

3010

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3011

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3012

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3013

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3014

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3015

},

3016

"timestampValue": "A String", # timestamp

3017

},

3018

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3019

"booleanValue": True or False, # boolean

3020

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3021

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3022

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3023

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3024

},

3025

"dayOfWeekValue": "A String", # day of week

3026

"floatValue": 3.14, # float

3027

"integerValue": "A String", # integer

3028

"stringValue": "A String", # string

3029

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3030

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3031

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3032

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3033

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3034

},

3035

"timestampValue": "A String", # timestamp

3036

},

3037

},

3038

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

3039

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

3040

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3041

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3042

"booleanValue": True or False, # boolean

3043

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3044

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3045

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3046

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3047

},

3048

"dayOfWeekValue": "A String", # day of week

3049

"floatValue": 3.14, # float

3050

"integerValue": "A String", # integer

3051

"stringValue": "A String", # string

3052

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3053

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3054

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3055

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3056

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3057

},

3058

"timestampValue": "A String", # timestamp

3059

},

3060

},

3061

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

3062

},

3063

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3064

"partToExtract": "A String", # The part of the time to keep.

3065

},

3066

},

3067

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3068

],

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3069

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3070

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

3071

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3072

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3073

{ # Bucket is represented as a range, along with replacement values.

3074

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

3075

"booleanValue": True or False, # boolean

3076

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3077

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3078

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3079

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3080

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3081

"dayOfWeekValue": "A String", # day of week

3082

"floatValue": 3.14, # float

3083

"integerValue": "A String", # integer

3084

"stringValue": "A String", # string

3085

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3086

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3087

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3088

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3089

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3090

},

3091

"timestampValue": "A String", # timestamp

3092

},

3093

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

3094

"booleanValue": True or False, # boolean

3095

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3096

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3097

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3098

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3099

},

3100

"dayOfWeekValue": "A String", # day of week

3101

"floatValue": 3.14, # float

3102

"integerValue": "A String", # integer

3103

"stringValue": "A String", # string

3104

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3105

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3106

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3107

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3108

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3109

},

3110

"timestampValue": "A String", # timestamp

3111

},

3112

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

3113

"booleanValue": True or False, # boolean

3114

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3115

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3116

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3117

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3118

},

3119

"dayOfWeekValue": "A String", # day of week

3120

"floatValue": 3.14, # float

3121

"integerValue": "A String", # integer

3122

"stringValue": "A String", # string

3123

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3124

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3125

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3126

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3127

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3128

},

3129

"timestampValue": "A String", # timestamp

3130

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3131

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3132

],

3133

},

3134

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

3135

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3136

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3137

"charactersToSkip": "A String", # Characters to not transform when masking.

3138

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3139

},

3140

],

3141

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

3142

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3143

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

3144

},

3145

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

3146

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3147

"name": "A String", # Name describing the field.

3148

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3149

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

3150

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3151

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3152

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3153

},

3154

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3155

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3156

},

3157

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3158

"key": "A String", # Required. A 128/192/256 bit key.

3159

},

3160

},

3161

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3162

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3163

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3164

},

3165

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3166

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3167

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

3168

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3169

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3170

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3171

},

3172

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3173

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3174

},

3175

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3176

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

3181

"commonAlphabet": "A String", # Common alphabets.

3182

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3183

"name": "A String", # Name describing the field.

3184

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3185

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

3186

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3187

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3188

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3189

},

3190

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3191

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3192

},

3193

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3194

"key": "A String", # Required. A 128/192/256 bit key.

3195

},

3196

},

3197

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3198

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

3199

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3200

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3201

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3202

},

3203

},

3204

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

3205

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3206

"name": "A String", # Name describing the field.

3207

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3208

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

3209

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3210

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3211

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3212

},

3213

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3214

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3215

},

3216

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3217

"key": "A String", # Required. A 128/192/256 bit key.

3218

},

3219

},

3220

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

3221

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

3222

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

3223

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3224

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3225

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3226

"booleanValue": True or False, # boolean

3227

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3228

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3229

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3230

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3231

},

3232

"dayOfWeekValue": "A String", # day of week

3233

"floatValue": 3.14, # float

3234

"integerValue": "A String", # integer

3235

"stringValue": "A String", # string

3236

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3237

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3238

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3239

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3240

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3241

},

3242

"timestampValue": "A String", # timestamp

3243

},

3244

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3245

"booleanValue": True or False, # boolean

3246

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3247

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3248

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3249

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3250

},

3251

"dayOfWeekValue": "A String", # day of week

3252

"floatValue": 3.14, # float

3253

"integerValue": "A String", # integer

3254

"stringValue": "A String", # string

3255

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3256

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3257

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3258

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3259

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3260

},

3261

"timestampValue": "A String", # timestamp

3262

},

3263

},

3264

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

3265

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

3266

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3267

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3268

"booleanValue": True or False, # boolean

3269

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3270

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3271

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3272

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3273

},

3274

"dayOfWeekValue": "A String", # day of week

3275

"floatValue": 3.14, # float

3276

"integerValue": "A String", # integer

3277

"stringValue": "A String", # string

3278

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3279

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3280

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3281

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3282

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3283

},

3284

"timestampValue": "A String", # timestamp

3285

},

3286

},

3287

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

3288

},

3289

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3290

"partToExtract": "A String", # The part of the time to keep.

3291

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3292

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3293

},

3294

],

3295

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

3296

{ # Configuration to suppress records whose suppression conditions evaluate to true.

3297

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

3298

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

3299

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

3300

"conditions": [ # A collection of conditions.

3301

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

3302

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3303

"name": "A String", # Name describing the field.

3304

},

3305

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

3306

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3307

"booleanValue": True or False, # boolean

3308

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3309

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3310

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3311

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3312

},

3313

"dayOfWeekValue": "A String", # day of week

3314

"floatValue": 3.14, # float

3315

"integerValue": "A String", # integer

3316

"stringValue": "A String", # string

3317

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3318

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3319

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3320

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3321

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3322

},

3323

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

3335

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

3336

},

3337

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3338

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3339

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3340

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3341

"description": "A String", # Short description (max 256 chars).

3342

"displayName": "A String", # Display name (max 256 chars).

3343

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

3344

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

3345

},

3346

],

3347

"nextPageToken": "A String", # If the next page is available then the next page token to be used in following ListDeidentifyTemplates request.

3348

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

3353

<pre>Retrieves the next page of results.

3354

3355

Args:

3356

previous_request: The request for the previous page. (required)

3357

previous_response: The response from the request for the previous page. (required)

3358

3359

Returns:

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

3360

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3361

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3366

<code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3367

<pre>Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3368

3369

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3370

name: string, Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3371

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3372

The object takes the form of:

3373

3374

{ # Request message for UpdateDeidentifyTemplate.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3375

"deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # New DeidentifyTemplate value.

3376

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

3377

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3378

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

3379

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

3380

{ # A transformation to apply to text that is identified as a specific info_type.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3381

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

3382

{ # Type of information detected by the API.

3383

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3384

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3385

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3386

],

3387

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

3388

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3389

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3390

{ # Bucket is represented as a range, along with replacement values.

3391

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

3392

"booleanValue": True or False, # boolean

3393

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3394

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3395

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3396

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3397

},

3398

"dayOfWeekValue": "A String", # day of week

3399

"floatValue": 3.14, # float

3400

"integerValue": "A String", # integer

3401

"stringValue": "A String", # string

3402

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3403

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3404

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3405

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3406

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3407

},

3408

"timestampValue": "A String", # timestamp

3409

},

3410

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

3411

"booleanValue": True or False, # boolean

3412

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3413

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3414

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3415

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3416

},

3417

"dayOfWeekValue": "A String", # day of week

3418

"floatValue": 3.14, # float

3419

"integerValue": "A String", # integer

3420

"stringValue": "A String", # string

3421

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3422

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3423

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3424

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3425

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3426

},

3427

"timestampValue": "A String", # timestamp

3428

},

3429

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

3430

"booleanValue": True or False, # boolean

3431

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3432

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3433

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3434

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3435

},

3436

"dayOfWeekValue": "A String", # day of week

3437

"floatValue": 3.14, # float

3438

"integerValue": "A String", # integer

3439

"stringValue": "A String", # string

3440

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3441

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3442

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3443

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3444

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3445

},

3446

"timestampValue": "A String", # timestamp

3447

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3448

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3449

],

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3450

},

3451

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3452

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3453

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3454

"charactersToSkip": "A String", # Characters to not transform when masking.

3455

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3456

},

3457

],

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3458

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

3459

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3460

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3461

},

3462

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3463

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3464

"name": "A String", # Name describing the field.

3465

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3466

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

3467

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3468

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3469

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3470

},

3471

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3472

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3473

},

3474

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3475

"key": "A String", # Required. A 128/192/256 bit key.

3476

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3477

},

3478

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3479

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3480

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3481

},

3482

},

3483

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3484

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

3485

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3486

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3487

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3488

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3489

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3490

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3491

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3492

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3493

"key": "A String", # Required. A 128/192/256 bit key.

3494

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3495

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3496

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3497

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3498

"commonAlphabet": "A String", # Common alphabets.

3499

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3500

"name": "A String", # Name describing the field.

3501

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3502

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

3503

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3504

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3505

"wrappedKey": "A String", # Required. The wrapped data crypto key.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3506

},

3507

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3508

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3509

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3510

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3511

"key": "A String", # Required. A 128/192/256 bit key.

3512

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3513

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3514

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3515

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3516

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3517

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3518

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3519

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3520

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3521

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3522

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3523

"name": "A String", # Name describing the field.

3524

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3525

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

3526

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3527

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3528

"wrappedKey": "A String", # Required. The wrapped data crypto key.

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3529

},

3530

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3531

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3532

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3533

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3534

"key": "A String", # Required. A 128/192/256 bit key.

3535

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3536

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3537

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3538

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3539

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

3540

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3541

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3542

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3543

"booleanValue": True or False, # boolean

3544

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3545

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3546

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3547

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3548

},

3549

"dayOfWeekValue": "A String", # day of week

3550

"floatValue": 3.14, # float

3551

"integerValue": "A String", # integer

3552

"stringValue": "A String", # string

3553

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3554

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3555

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3556

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3557

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3558

},

3559

"timestampValue": "A String", # timestamp

3560

},

3561

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3562

"booleanValue": True or False, # boolean

3563

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3564

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3565

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3566

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3567

},

3568

"dayOfWeekValue": "A String", # day of week

3569

"floatValue": 3.14, # float

3570

"integerValue": "A String", # integer

3571

"stringValue": "A String", # string

3572

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3573

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3574

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3575

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3576

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3577

},

3578

"timestampValue": "A String", # timestamp

3579

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3580

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3581

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

3582

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

3583

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3584

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3585

"booleanValue": True or False, # boolean

3586

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3587

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3588

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3589

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3590

},

3591

"dayOfWeekValue": "A String", # day of week

3592

"floatValue": 3.14, # float

3593

"integerValue": "A String", # integer

3594

"stringValue": "A String", # string

3595

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3596

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3597

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3598

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3599

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3600

},

3601

"timestampValue": "A String", # timestamp

3602

},

3603

},

3604

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

3605

},

3606

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3607

"partToExtract": "A String", # The part of the time to keep.

3608

},

3609

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3610

},

3611

],

3612

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

3613

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

3614

"fieldTransformations": [ # Transform the record by applying various field transformations.

3615

{ # The transformation to apply to the field.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3616

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

3617

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

3618

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

3619

"conditions": [ # A collection of conditions.

3620

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3621

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3622

"name": "A String", # Name describing the field.

3623

},

3624

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3625

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3626

"booleanValue": True or False, # boolean

3627

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3628

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3629

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3630

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3631

},

3632

"dayOfWeekValue": "A String", # day of week

3633

"floatValue": 3.14, # float

3634

"integerValue": "A String", # integer

3635

"stringValue": "A String", # string

3636

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3637

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3638

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3639

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3640

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3641

},

3642

"timestampValue": "A String", # timestamp

3643

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

3648

},

3649

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

3650

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

3651

{ # General identifier of a data field in a storage service.

3652

"name": "A String", # Name describing the field.

3653

},

3654

],

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3655

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

3656

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

3657

{ # A transformation to apply to text that is identified as a specific info_type.

3658

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

3659

{ # Type of information detected by the API.

3660

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3661

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3662

},

3663

],

3664

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

3665

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3666

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3667

{ # Bucket is represented as a range, along with replacement values.

3668

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

3669

"booleanValue": True or False, # boolean

3670

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3671

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3672

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3673

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3674

},

3675

"dayOfWeekValue": "A String", # day of week

3676

"floatValue": 3.14, # float

3677

"integerValue": "A String", # integer

3678

"stringValue": "A String", # string

3679

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3680

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3681

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3682

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3683

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3684

},

3685

"timestampValue": "A String", # timestamp

3686

},

3687

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

3688

"booleanValue": True or False, # boolean

3689

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3690

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3691

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3692

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3693

},

3694

"dayOfWeekValue": "A String", # day of week

3695

"floatValue": 3.14, # float

3696

"integerValue": "A String", # integer

3697

"stringValue": "A String", # string

3698

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3699

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3700

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3701

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3702

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3703

},

3704

"timestampValue": "A String", # timestamp

3705

},

3706

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

3707

"booleanValue": True or False, # boolean

3708

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3709

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3710

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3711

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3712

},

3713

"dayOfWeekValue": "A String", # day of week

3714

"floatValue": 3.14, # float

3715

"integerValue": "A String", # integer

3716

"stringValue": "A String", # string

3717

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3718

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3719

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3720

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3721

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3722

},

3723

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

3729

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3730

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3731

"charactersToSkip": "A String", # Characters to not transform when masking.

3732

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3733

},

3734

],

3735

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

3736

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3737

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

3738

},

3739

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

3740

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3741

"name": "A String", # Name describing the field.

3742

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3743

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

3744

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3745

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3746

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3747

},

3748

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3749

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3750

},

3751

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3752

"key": "A String", # Required. A 128/192/256 bit key.

3753

},

3754

},

3755

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3756

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3757

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3758

},

3759

},

3760

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3761

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

3762

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3763

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3764

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3765

},

3766

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3767

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3768

},

3769

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3770

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

3775

"commonAlphabet": "A String", # Common alphabets.

3776

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3777

"name": "A String", # Name describing the field.

3778

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3779

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

3780

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3781

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3782

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3783

},

3784

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3785

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3786

},

3787

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3788

"key": "A String", # Required. A 128/192/256 bit key.

3789

},

3790

},

3791

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3792

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

3793

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3794

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3795

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3796

},

3797

},

3798

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

3799

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3800

"name": "A String", # Name describing the field.

3801

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3802

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

3803

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3804

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3805

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3806

},

3807

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3808

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3809

},

3810

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3811

"key": "A String", # Required. A 128/192/256 bit key.

3812

},

3813

},

3814

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

3815

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

3816

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

3817

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3818

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3819

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3820

"booleanValue": True or False, # boolean

3821

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3822

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3823

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3824

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3825

},

3826

"dayOfWeekValue": "A String", # day of week

3827

"floatValue": 3.14, # float

3828

"integerValue": "A String", # integer

3829

"stringValue": "A String", # string

3830

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3831

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3832

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3833

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3834

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3835

},

3836

"timestampValue": "A String", # timestamp

3837

},

3838

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3839

"booleanValue": True or False, # boolean

3840

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3841

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3842

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3843

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3844

},

3845

"dayOfWeekValue": "A String", # day of week

3846

"floatValue": 3.14, # float

3847

"integerValue": "A String", # integer

3848

"stringValue": "A String", # string

3849

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3850

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3851

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3852

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3853

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3854

},

3855

"timestampValue": "A String", # timestamp

3856

},

3857

},

3858

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

3859

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

3860

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3861

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3862

"booleanValue": True or False, # boolean

3863

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3864

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3865

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3866

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3867

},

3868

"dayOfWeekValue": "A String", # day of week

3869

"floatValue": 3.14, # float

3870

"integerValue": "A String", # integer

3871

"stringValue": "A String", # string

3872

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3873

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3874

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3875

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3876

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3877

},

3878

"timestampValue": "A String", # timestamp

3879

},

3880

},

3881

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

3882

},

3883

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3884

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

3891

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3892

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3893

{ # Bucket is represented as a range, along with replacement values.

3894

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

3895

"booleanValue": True or False, # boolean

3896

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3897

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3898

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3899

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3900

},

3901

"dayOfWeekValue": "A String", # day of week

3902

"floatValue": 3.14, # float

3903

"integerValue": "A String", # integer

3904

"stringValue": "A String", # string

3905

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3906

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3907

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3908

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3909

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3910

},

3911

"timestampValue": "A String", # timestamp

3912

},

3913

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

3914

"booleanValue": True or False, # boolean

3915

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3916

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3917

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3918

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3919

},

3920

"dayOfWeekValue": "A String", # day of week

3921

"floatValue": 3.14, # float

3922

"integerValue": "A String", # integer

3923

"stringValue": "A String", # string

3924

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3925

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3926

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3927

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3928

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3929

},

3930

"timestampValue": "A String", # timestamp

3931

},

3932

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

3933

"booleanValue": True or False, # boolean

3934

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3935

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3936

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3937

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3938

},

3939

"dayOfWeekValue": "A String", # day of week

3940

"floatValue": 3.14, # float

3941

"integerValue": "A String", # integer

3942

"stringValue": "A String", # string

3943

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3944

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3945

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3946

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3947

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3948

},

3949

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

3955

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3956

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3957

"charactersToSkip": "A String", # Characters to not transform when masking.

3958

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3959

},

3960

],

3961

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

3962

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3963

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

3964

},

3965

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

3966

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3967

"name": "A String", # Name describing the field.

3968

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3969

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

3970

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3971

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3972

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3973

},

3974

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3975

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3976

},

3977

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3978

"key": "A String", # Required. A 128/192/256 bit key.

3979

},

3980

},

3981

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3982

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

3983

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3984

},

3985

},

3986

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

3987

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

3988

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

3989

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3990

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3991

},

3992

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3993

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3994

},

3995

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3996

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4001

"commonAlphabet": "A String", # Common alphabets.

4002

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4003

"name": "A String", # Name describing the field.

4004

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4005

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

4006

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4007

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4008

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4009

},

4010

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4011

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4012

},

4013

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4014

"key": "A String", # Required. A 128/192/256 bit key.

4015

},

4016

},

4017

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4018

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4019

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4020

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4021

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4022

},

4023

},

4024

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

4025

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4026

"name": "A String", # Name describing the field.

4027

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4028

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

4029

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4030

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4031

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4032

},

4033

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4034

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4035

},

4036

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4037

"key": "A String", # Required. A 128/192/256 bit key.

4038

},

4039

},

4040

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

4041

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

4042

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

4043

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4044

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4045

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4046

"booleanValue": True or False, # boolean

4047

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4048

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4049

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4050

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4051

},

4052

"dayOfWeekValue": "A String", # day of week

4053

"floatValue": 3.14, # float

4054

"integerValue": "A String", # integer

4055

"stringValue": "A String", # string

4056

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4057

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4058

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4059

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4060

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4061

},

4062

"timestampValue": "A String", # timestamp

4063

},

4064

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4065

"booleanValue": True or False, # boolean

4066

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4067

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4068

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4069

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4070

},

4071

"dayOfWeekValue": "A String", # day of week

4072

"floatValue": 3.14, # float

4073

"integerValue": "A String", # integer

4074

"stringValue": "A String", # string

4075

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4076

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4077

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4078

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4079

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4080

},

4081

"timestampValue": "A String", # timestamp

4082

},

4083

},

4084

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

4085

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

4086

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4087

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4088

"booleanValue": True or False, # boolean

4089

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4090

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4091

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4092

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4093

},

4094

"dayOfWeekValue": "A String", # day of week

4095

"floatValue": 3.14, # float

4096

"integerValue": "A String", # integer

4097

"stringValue": "A String", # string

4098

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4099

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4100

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4101

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4102

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4103

},

4104

"timestampValue": "A String", # timestamp

4105

},

4106

},

4107

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

4108

},

4109

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4110

"partToExtract": "A String", # The part of the time to keep.

4111

},

4112

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4113

},

4114

],

4115

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

4116

{ # Configuration to suppress records whose suppression conditions evaluate to true.

4117

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

4118

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

4119

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

4120

"conditions": [ # A collection of conditions.

4121

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4122

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

4123

"name": "A String", # Name describing the field.

4124

},

Yoshi Automation Bot

2020-11-26 17:16:03 -0800

[diff] [blame]

4125

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4126

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

4127

"booleanValue": True or False, # boolean

4128

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4129

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4130

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4131

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4132

},

4133

"dayOfWeekValue": "A String", # day of week

4134

"floatValue": 3.14, # float

4135

"integerValue": "A String", # integer

4136

"stringValue": "A String", # string

4137

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4138

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4139

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4140

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4141

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4142

},

4143

"timestampValue": "A String", # timestamp

4144

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4145

},

4146

],

4147

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

4148

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

},

],

},

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4154

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

4155

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

4156

},

4157

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

4158

},

4159

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4160

},

Yoshi Automation Bot

2020-12-09 08:56:03 -0800

[diff] [blame]

4161

"description": "A String", # Short description (max 256 chars).

4162

"displayName": "A String", # Display name (max 256 chars).

4163

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4164

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

4165

},

4166

"updateMask": "A String", # Mask to control which fields get updated.

4167

}

4168

4169

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

4176

4177

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

4178

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

yoshi-code-bot

2021-03-02 11:49:08 -0800

[diff] [blame]

4179

"deidentifyConfig": { # The configuration that controls how the data will change. # The core content of the template.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4180

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

4181

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

4182

{ # A transformation to apply to text that is identified as a specific info_type.

4183

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

4184

{ # Type of information detected by the API.

4185

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4186

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4187

},

4188

],

4189

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

4190

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4191

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4192

{ # Bucket is represented as a range, along with replacement values.

4193

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

4194

"booleanValue": True or False, # boolean

4195

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4196

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4197

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4198

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4199

},

4200

"dayOfWeekValue": "A String", # day of week

4201

"floatValue": 3.14, # float

4202

"integerValue": "A String", # integer

4203

"stringValue": "A String", # string

4204

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4205

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4206

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4207

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4208

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4209

},

4210

"timestampValue": "A String", # timestamp

4211

},

4212

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

4213

"booleanValue": True or False, # boolean

4214

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4215

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4216

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4217

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4218

},

4219

"dayOfWeekValue": "A String", # day of week

4220

"floatValue": 3.14, # float

4221

"integerValue": "A String", # integer

4222

"stringValue": "A String", # string

4223

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4224

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4225

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4226

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4227

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4228

},

4229

"timestampValue": "A String", # timestamp

4230

},

4231

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

4232

"booleanValue": True or False, # boolean

4233

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4234

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4235

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4236

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4237

},

4238

"dayOfWeekValue": "A String", # day of week

4239

"floatValue": 3.14, # float

4240

"integerValue": "A String", # integer

4241

"stringValue": "A String", # string

4242

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4243

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4244

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4245

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4246

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4247

},

4248

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

4254

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4255

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4256

"charactersToSkip": "A String", # Characters to not transform when masking.

4257

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4258

},

4259

],

4260

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

4261

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4262

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

4263

},

4264

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

4265

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4266

"name": "A String", # Name describing the field.

4267

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4268

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

4269

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4270

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4271

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4272

},

4273

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4274

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4275

},

4276

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4277

"key": "A String", # Required. A 128/192/256 bit key.

4278

},

4279

},

4280

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4281

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4282

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4283

},

4284

},

4285

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4286

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

4287

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4288

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4289

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4290

},

4291

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4292

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4293

},

4294

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4295

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4300

"commonAlphabet": "A String", # Common alphabets.

4301

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4302

"name": "A String", # Name describing the field.

4303

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4304

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

4305

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4306

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4307

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4308

},

4309

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4310

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4311

},

4312

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4313

"key": "A String", # Required. A 128/192/256 bit key.

4314

},

4315

},

4316

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4317

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4318

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4319

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4320

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4321

},

4322

},

4323

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

4324

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4325

"name": "A String", # Name describing the field.

4326

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4327

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

4328

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4329

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4330

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4331

},

4332

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4333

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4334

},

4335

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4336

"key": "A String", # Required. A 128/192/256 bit key.

4337

},

4338

},

4339

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

4340

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

4341

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

4342

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4343

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4344

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4345

"booleanValue": True or False, # boolean

4346

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4347

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4348

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4349

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4350

},

4351

"dayOfWeekValue": "A String", # day of week

4352

"floatValue": 3.14, # float

4353

"integerValue": "A String", # integer

4354

"stringValue": "A String", # string

4355

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4356

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4357

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4358

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4359

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4360

},

4361

"timestampValue": "A String", # timestamp

4362

},

4363

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4364

"booleanValue": True or False, # boolean

4365

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4366

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4367

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4368

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4369

},

4370

"dayOfWeekValue": "A String", # day of week

4371

"floatValue": 3.14, # float

4372

"integerValue": "A String", # integer

4373

"stringValue": "A String", # string

4374

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4375

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4376

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4377

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4378

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4379

},

4380

"timestampValue": "A String", # timestamp

4381

},

4382

},

4383

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

4384

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

4385

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4386

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4387

"booleanValue": True or False, # boolean

4388

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4389

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4390

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4391

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4392

},

4393

"dayOfWeekValue": "A String", # day of week

4394

"floatValue": 3.14, # float

4395

"integerValue": "A String", # integer

4396

"stringValue": "A String", # string

4397

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4398

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4399

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4400

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4401

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4402

},

4403

"timestampValue": "A String", # timestamp

4404

},

4405

},

4406

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

4407

},

4408

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4409

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

4416

"fieldTransformations": [ # Transform the record by applying various field transformations.

4417

{ # The transformation to apply to the field.

4418

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

4419

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

4420

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

4421

"conditions": [ # A collection of conditions.

4422

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

4423

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

4424

"name": "A String", # Name describing the field.

4425

},

4426

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

4427

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

4428

"booleanValue": True or False, # boolean

4429

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4430

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4431

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4432

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4433

},

4434

"dayOfWeekValue": "A String", # day of week

4435

"floatValue": 3.14, # float

4436

"integerValue": "A String", # integer

4437

"stringValue": "A String", # string

4438

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4439

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4440

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4441

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4442

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4443

},

4444

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

4450

},

4451

},

yoshi-code-bot

2021-05-20 04:44:03 -0700

[diff] [blame]

4452

"fields": [ # Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type".

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4453

{ # General identifier of a data field in a storage service.

4454

"name": "A String", # Name describing the field.

4455

},

4456

],

4457

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

4458

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

4459

{ # A transformation to apply to text that is identified as a specific info_type.

4460

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

4461

{ # Type of information detected by the API.

4462

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4463

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4464

},

4465

],

4466

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

4467

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4468

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4469

{ # Bucket is represented as a range, along with replacement values.

4470

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

4471

"booleanValue": True or False, # boolean

4472

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4473

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4474

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4475

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4476

},

4477

"dayOfWeekValue": "A String", # day of week

4478

"floatValue": 3.14, # float

4479

"integerValue": "A String", # integer

4480

"stringValue": "A String", # string

4481

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4482

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4483

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4484

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4485

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4486

},

4487

"timestampValue": "A String", # timestamp

4488

},

4489

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

4490

"booleanValue": True or False, # boolean

4491

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4492

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4493

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4494

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4495

},

4496

"dayOfWeekValue": "A String", # day of week

4497

"floatValue": 3.14, # float

4498

"integerValue": "A String", # integer

4499

"stringValue": "A String", # string

4500

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4501

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4502

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4503

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4504

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4505

},

4506

"timestampValue": "A String", # timestamp

4507

},

4508

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

4509

"booleanValue": True or False, # boolean

4510

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4511

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4512

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4513

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4514

},

4515

"dayOfWeekValue": "A String", # day of week

4516

"floatValue": 3.14, # float

4517

"integerValue": "A String", # integer

4518

"stringValue": "A String", # string

4519

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4520

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4521

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4522

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4523

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4524

},

4525

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

4531

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4532

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4533

"charactersToSkip": "A String", # Characters to not transform when masking.

4534

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4535

},

4536

],

4537

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

4538

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4539

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

4540

},

4541

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

4542

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4543

"name": "A String", # Name describing the field.

4544

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4545

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

4546

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4547

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4548

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4549

},

4550

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4551

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4552

},

4553

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4554

"key": "A String", # Required. A 128/192/256 bit key.

4555

},

4556

},

4557

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4558

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4559

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4560

},

4561

},

4562

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4563

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

4564

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4565

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4566

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4567

},

4568

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4569

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4570

},

4571

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4572

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4577

"commonAlphabet": "A String", # Common alphabets.

4578

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4579

"name": "A String", # Name describing the field.

4580

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4581

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

4582

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4583

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4584

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4585

},

4586

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4587

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4588

},

4589

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4590

"key": "A String", # Required. A 128/192/256 bit key.

4591

},

4592

},

4593

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4594

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4595

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4596

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4597

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4598

},

4599

},

4600

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

4601

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4602

"name": "A String", # Name describing the field.

4603

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4604

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

4605

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4606

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4607

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4608

},

4609

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4610

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4611

},

4612

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4613

"key": "A String", # Required. A 128/192/256 bit key.

4614

},

4615

},

4616

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

4617

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

4618

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

4619

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4620

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4621

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4622

"booleanValue": True or False, # boolean

4623

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4624

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4625

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4626

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4627

},

4628

"dayOfWeekValue": "A String", # day of week

4629

"floatValue": 3.14, # float

4630

"integerValue": "A String", # integer

4631

"stringValue": "A String", # string

4632

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4633

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4634

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4635

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4636

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4637

},

4638

"timestampValue": "A String", # timestamp

4639

},

4640

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4641

"booleanValue": True or False, # boolean

4642

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4643

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4644

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4645

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4646

},

4647

"dayOfWeekValue": "A String", # day of week

4648

"floatValue": 3.14, # float

4649

"integerValue": "A String", # integer

4650

"stringValue": "A String", # string

4651

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4652

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4653

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4654

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4655

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4656

},

4657

"timestampValue": "A String", # timestamp

4658

},

4659

},

4660

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

4661

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

4662

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4663

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4664

"booleanValue": True or False, # boolean

4665

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4666

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4667

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4668

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4669

},

4670

"dayOfWeekValue": "A String", # day of week

4671

"floatValue": 3.14, # float

4672

"integerValue": "A String", # integer

4673

"stringValue": "A String", # string

4674

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4675

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4676

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4677

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4678

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4679

},

4680

"timestampValue": "A String", # timestamp

4681

},

4682

},

4683

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

4684

},

4685

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4686

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

},

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

4693

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4694

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4695

{ # Bucket is represented as a range, along with replacement values.

4696

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

4697

"booleanValue": True or False, # boolean

4698

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4699

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4700

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4701

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4702

},

4703

"dayOfWeekValue": "A String", # day of week

4704

"floatValue": 3.14, # float

4705

"integerValue": "A String", # integer

4706

"stringValue": "A String", # string

4707

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4708

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4709

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4710

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4711

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4712

},

4713

"timestampValue": "A String", # timestamp

4714

},

4715

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

4716

"booleanValue": True or False, # boolean

4717

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4718

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4719

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4720

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4721

},

4722

"dayOfWeekValue": "A String", # day of week

4723

"floatValue": 3.14, # float

4724

"integerValue": "A String", # integer

4725

"stringValue": "A String", # string

4726

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4727

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4728

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4729

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4730

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4731

},

4732

"timestampValue": "A String", # timestamp

4733

},

4734

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

4735

"booleanValue": True or False, # boolean

4736

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4737

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4738

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4739

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4740

},

4741

"dayOfWeekValue": "A String", # day of week

4742

"floatValue": 3.14, # float

4743

"integerValue": "A String", # integer

4744

"stringValue": "A String", # string

4745

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4746

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4747

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4748

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4749

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4750

},

4751

"timestampValue": "A String", # timestamp

},

},

],

},

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

4757

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4758

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4759

"charactersToSkip": "A String", # Characters to not transform when masking.

4760

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4761

},

4762

],

4763

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

4764

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4765

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

4766

},

4767

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

4768

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4769

"name": "A String", # Name describing the field.

4770

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4771

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.

4772

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4773

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4774

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4775

},

4776

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4777

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4778

},

4779

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4780

"key": "A String", # Required. A 128/192/256 bit key.

4781

},

4782

},

4783

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4784

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4785

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4786

},

4787

},

4788

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4789

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # The key used by the hash function.

4790

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4791

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4792

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4793

},

4794

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4795

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4796

},

4797

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4798

"key": "A String", # Required. A 128/192/256 bit key.

},

},

},

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4803

"commonAlphabet": "A String", # Common alphabets.

4804

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4805

"name": "A String", # Name describing the field.

4806

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4807

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Required. The key used by the encryption algorithm.

4808

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4809

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4810

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4811

},

4812

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4813

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4814

},

4815

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4816

"key": "A String", # Required. A 128/192/256 bit key.

4817

},

4818

},

4819

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4820

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4821

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4822

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

yoshi-code-bot

2021-11-02 00:26:17 -0700

[diff] [blame^]

4823

"version": "A String", # Optional version name for this InfoType.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4824

},

4825

},

4826

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

4827

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4828

"name": "A String", # Name describing the field.

4829

},

yoshi-code-bot

2021-08-03 00:20:27 -0700

[diff] [blame]

4830

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

4831

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). # Key wrapped using Cloud KMS

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4832

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4833

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4834

},

4835

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4836

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4837

},

4838

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4839

"key": "A String", # Required. A 128/192/256 bit key.

4840

},

4841

},

4842

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

4843

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

4844

},

yoshi-code-bot

2021-06-11 00:22:02 -0700

[diff] [blame]

4845

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4846

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4847

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4848

"booleanValue": True or False, # boolean

4849

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4850

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4851

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4852

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4853

},

4854

"dayOfWeekValue": "A String", # day of week

4855

"floatValue": 3.14, # float

4856

"integerValue": "A String", # integer

4857

"stringValue": "A String", # string

4858

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4859

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4860

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4861

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4862

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4863

},

4864

"timestampValue": "A String", # timestamp

4865

},

4866

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4867

"booleanValue": True or False, # boolean

4868

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4869

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4870

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4871

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4872

},

4873

"dayOfWeekValue": "A String", # day of week

4874

"floatValue": 3.14, # float

4875

"integerValue": "A String", # integer

4876

"stringValue": "A String", # string

4877

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4878

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4879

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4880

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4881

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4882

},

4883

"timestampValue": "A String", # timestamp

4884

},

4885

},

4886

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

4887

},

yoshi-code-bot

2021-09-14 00:22:34 -0700

[diff] [blame]

4888

"replaceConfig": { # Replace each input value with a given `Value`. # Replace with a specified value.

Yoshi Automation Bot

2021-01-15 07:10:04 -0800

[diff] [blame]

4889

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4890

"booleanValue": True or False, # boolean

4891

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4892

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4893

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4894

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4895

},

4896

"dayOfWeekValue": "A String", # day of week

4897

"floatValue": 3.14, # float

4898

"integerValue": "A String", # integer

4899

"stringValue": "A String", # string

4900

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4901

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4902

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4903

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4904

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4905

},

4906

"timestampValue": "A String", # timestamp

4907

},

4908

},

4909

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

4910

},

4911

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4912

"partToExtract": "A String", # The part of the time to keep.

},

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

4918

{ # Configuration to suppress records whose suppression conditions evaluate to true.

4919

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

4920

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

4921

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

4922

"conditions": [ # A collection of conditions.

4923

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

4924

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

4925

"name": "A String", # Name describing the field.

4926

},

4927

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

4928

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

4929

"booleanValue": True or False, # boolean

4930

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4931

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4932

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4933

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4934

},

4935

"dayOfWeekValue": "A String", # day of week

4936

"floatValue": 3.14, # float

4937

"integerValue": "A String", # integer

4938

"stringValue": "A String", # string

4939

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4940

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4941

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4942

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4943

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4944

},

4945

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

4957

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

4958

},

4959

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

},

},

},

"description": "A String", # Short description (max 256 chars).

4964

"displayName": "A String", # Display name (max 256 chars).

4965

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

4966

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

4967

}</pre>

Bu Sun Kim