Blame - docs/dyn/dlp_v2.projects.deidentifyTemplates.html - platform/external/python/google-api-python-client

2020-10-06 16:46:05 -0700

[diff] [blame]

78

<code><a href="#close">close()</a></code></p>

79

<p class="firstline">Close httplib2 connections.</p>

80

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

81

<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

82

<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

83

84

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

85

<p class="firstline">Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

86

87

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

88

<p class="firstline">Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

89

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

90

<code><a href="#list">list(parent, pageSize=None, orderBy=None, pageToken=None, locationId=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

91

<p class="firstline">Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

92

93

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

94

<p class="firstline">Retrieves the next page of results.</p>

95

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

96

<code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

97

<p class="firstline">Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

98

<h3>Method Details</h3>

99

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

100

<code class="details" id="close">close()</code>

101

<pre>Close httplib2 connections.</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

105

<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

106

<pre>Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

107

108

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

109

parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

110

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

111

The object takes the form of:

112

113

{ # Request message for CreateDeidentifyTemplate.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

114

"deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # Required. The DeidentifyTemplate to create.

115

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

116

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

117

"fieldTransformations": [ # Transform the record by applying various field transformations.

118

{ # The transformation to apply to the field.

119

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

120

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

121

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

122

"integerValue": "A String", # integer

123

"floatValue": 3.14, # float

124

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

125

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

126

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

127

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

128

},

129

"dayOfWeekValue": "A String", # day of week

130

"booleanValue": True or False, # boolean

131

"stringValue": "A String", # string

132

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

133

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

134

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

135

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

136

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

137

},

138

"timestampValue": "A String", # timestamp

139

},

140

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

141

"integerValue": "A String", # integer

142

"floatValue": 3.14, # float

143

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

144

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

145

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

146

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

147

},

148

"dayOfWeekValue": "A String", # day of week

149

"booleanValue": True or False, # boolean

150

"stringValue": "A String", # string

151

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

152

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

153

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

154

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

155

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

156

},

157

"timestampValue": "A String", # timestamp

158

},

159

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

160

},

161

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

162

"partToExtract": "A String", # The part of the time to keep.

163

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

164

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

165

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

166

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

167

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

168

"name": "A String", # Name describing the field.

169

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

170

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

171

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

172

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

173

"wrappedKey": "A String", # Required. The wrapped data crypto key.

174

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

175

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

176

"key": "A String", # Required. A 128/192/256 bit key.

177

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

178

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

179

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

180

},

181

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

182

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

183

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

184

},

185

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

186

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

187

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

188

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

189

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

190

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

191

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

192

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

193

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

194

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

195

},

196

"dayOfWeekValue": "A String", # day of week

197

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

198

"stringValue": "A String", # string

199

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

200

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

201

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

202

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

203

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

204

},

205

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

206

},

207

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

208

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

209

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

210

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

211

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

212

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

213

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

214

},

215

"dayOfWeekValue": "A String", # day of week

216

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

217

"stringValue": "A String", # string

218

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

219

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

220

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

221

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

222

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

223

},

224

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

225

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

226

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

227

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

228

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

229

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

230

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

231

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

232

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

233

},

234

"dayOfWeekValue": "A String", # day of week

235

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

236

"stringValue": "A String", # string

237

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

238

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

239

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

240

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

241

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

242

},

243

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

248

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

249

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

250

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

251

},

252

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

253

"name": "A String", # Name describing the field.

254

},

255

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

256

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

257

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

258

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

259

"wrappedKey": "A String", # Required. The wrapped data crypto key.

260

},

261

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

262

"key": "A String", # Required. A 128/192/256 bit key.

263

},

264

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

265

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

266

},

267

},

268

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

269

"commonAlphabet": "A String", # Common alphabets.

270

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

271

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

272

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

273

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

274

},

275

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

276

"name": "A String", # Name describing the field.

277

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

278

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

279

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

280

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

281

"wrappedKey": "A String", # Required. The wrapped data crypto key.

282

},

283

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

284

"key": "A String", # Required. A 128/192/256 bit key.

285

},

286

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

287

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

288

},

289

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

290

},

291

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

292

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

293

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

294

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

295

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

296

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

297

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

298

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

299

],

300

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

301

},

302

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

303

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

304

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

305

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

306

"wrappedKey": "A String", # Required. The wrapped data crypto key.

307

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

308

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

309

"key": "A String", # Required. A 128/192/256 bit key.

310

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

311

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

312

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

313

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

314

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

315

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

316

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

317

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

318

"integerValue": "A String", # integer

319

"floatValue": 3.14, # float

320

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

321

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

322

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

323

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

324

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

325

"dayOfWeekValue": "A String", # day of week

326

"booleanValue": True or False, # boolean

327

"stringValue": "A String", # string

328

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

329

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

330

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

331

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

332

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

333

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

334

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

335

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

336

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

337

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

338

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

339

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

340

"fields": [ # Required. Input field(s) to apply the transformation to.

341

{ # General identifier of a data field in a storage service.

342

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

343

},

344

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

345

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

346

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

347

{ # A transformation to apply to text that is identified as a specific info_type.

348

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

349

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

350

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

351

"integerValue": "A String", # integer

352

"floatValue": 3.14, # float

353

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

354

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

355

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

356

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

357

},

358

"dayOfWeekValue": "A String", # day of week

359

"booleanValue": True or False, # boolean

360

"stringValue": "A String", # string

361

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

362

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

363

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

364

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

365

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

366

},

367

"timestampValue": "A String", # timestamp

368

},

369

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

370

"integerValue": "A String", # integer

371

"floatValue": 3.14, # float

372

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

373

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

374

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

375

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

376

},

377

"dayOfWeekValue": "A String", # day of week

378

"booleanValue": True or False, # boolean

379

"stringValue": "A String", # string

380

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

381

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

382

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

383

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

384

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

385

},

386

"timestampValue": "A String", # timestamp

387

},

388

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

389

},

390

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

391

"partToExtract": "A String", # The part of the time to keep.

392

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

393

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

394

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

395

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

396

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

397

"name": "A String", # Name describing the field.

398

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

399

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

400

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

401

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

402

"wrappedKey": "A String", # Required. The wrapped data crypto key.

403

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

404

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

405

"key": "A String", # Required. A 128/192/256 bit key.

406

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

407

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

408

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

409

},

410

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

411

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

412

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

413

},

414

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

415

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

416

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

417

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

418

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

419

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

420

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

421

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

422

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

423

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

424

},

425

"dayOfWeekValue": "A String", # day of week

426

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

427

"stringValue": "A String", # string

428

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

429

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

430

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

431

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

432

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

433

},

434

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

435

},

436

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

437

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

438

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

439

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

440

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

441

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

442

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

443

},

444

"dayOfWeekValue": "A String", # day of week

445

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

446

"stringValue": "A String", # string

447

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

448

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

449

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

450

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

451

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

452

},

453

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

454

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

455

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

456

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

457

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

458

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

459

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

460

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

461

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

462

},

463

"dayOfWeekValue": "A String", # day of week

464

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

465

"stringValue": "A String", # string

466

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

467

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

468

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

469

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

470

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

471

},

472

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

477

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

478

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

479

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

480

},

481

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

482

"name": "A String", # Name describing the field.

483

},

484

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

485

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

486

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

487

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

488

"wrappedKey": "A String", # Required. The wrapped data crypto key.

489

},

490

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

491

"key": "A String", # Required. A 128/192/256 bit key.

492

},

493

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

494

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

495

},

496

},

497

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

498

"commonAlphabet": "A String", # Common alphabets.

499

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

500

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

501

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

502

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

503

},

504

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

505

"name": "A String", # Name describing the field.

506

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

507

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

508

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

509

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

510

"wrappedKey": "A String", # Required. The wrapped data crypto key.

511

},

512

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

513

"key": "A String", # Required. A 128/192/256 bit key.

514

},

515

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

516

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

517

},

518

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

519

},

520

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

521

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

522

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

523

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

524

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

525

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

526

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

527

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

528

],

529

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

530

},

531

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

532

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

533

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

534

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

535

"wrappedKey": "A String", # Required. The wrapped data crypto key.

536

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

537

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

538

"key": "A String", # Required. A 128/192/256 bit key.

539

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

540

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

541

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

542

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

543

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

544

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

545

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

546

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

547

"integerValue": "A String", # integer

548

"floatValue": 3.14, # float

549

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

550

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

551

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

552

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

553

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

554

"dayOfWeekValue": "A String", # day of week

555

"booleanValue": True or False, # boolean

556

"stringValue": "A String", # string

557

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

558

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

559

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

560

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

561

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

562

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

563

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

564

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

565

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

566

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

567

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

568

},

569

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

570

{ # Type of information detected by the API.

571

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

577

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

578

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

579

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

580

"conditions": [ # A collection of conditions.

581

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

582

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

583

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

584

"name": "A String", # Name describing the field.

585

},

586

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

587

"integerValue": "A String", # integer

588

"floatValue": 3.14, # float

589

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

590

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

591

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

592

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

593

},

594

"dayOfWeekValue": "A String", # day of week

595

"booleanValue": True or False, # boolean

596

"stringValue": "A String", # string

597

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

598

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

599

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

600

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

601

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

602

},

603

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

609

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

614

{ # Configuration to suppress records whose suppression conditions evaluate to true.

615

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

616

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

617

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

618

"conditions": [ # A collection of conditions.

619

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

620

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

621

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

622

"name": "A String", # Name describing the field.

623

},

624

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

625

"integerValue": "A String", # integer

626

"floatValue": 3.14, # float

627

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

628

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

629

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

630

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

631

},

632

"dayOfWeekValue": "A String", # day of week

633

"booleanValue": True or False, # boolean

634

"stringValue": "A String", # string

635

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

636

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

637

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

638

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

639

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

640

},

641

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

653

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

654

},

655

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

656

},

657

},

658

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

659

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

660

{ # A transformation to apply to text that is identified as a specific info_type.

661

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

662

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

663

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

664

"integerValue": "A String", # integer

665

"floatValue": 3.14, # float

666

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

667

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

668

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

669

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

670

},

671

"dayOfWeekValue": "A String", # day of week

672

"booleanValue": True or False, # boolean

673

"stringValue": "A String", # string

674

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

675

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

676

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

677

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

678

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

679

},

680

"timestampValue": "A String", # timestamp

681

},

682

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

683

"integerValue": "A String", # integer

684

"floatValue": 3.14, # float

685

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

686

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

687

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

688

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

689

},

690

"dayOfWeekValue": "A String", # day of week

691

"booleanValue": True or False, # boolean

692

"stringValue": "A String", # string

693

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

694

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

695

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

696

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

697

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

698

},

699

"timestampValue": "A String", # timestamp

700

},

701

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

702

},

703

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

704

"partToExtract": "A String", # The part of the time to keep.

705

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

706

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

707

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

708

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

709

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

710

"name": "A String", # Name describing the field.

711

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

712

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

713

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

714

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

715

"wrappedKey": "A String", # Required. The wrapped data crypto key.

716

},

717

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

718

"key": "A String", # Required. A 128/192/256 bit key.

719

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

720

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

721

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

722

},

723

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

724

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

725

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

726

},

727

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

728

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

729

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

730

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

731

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

732

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

733

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

734

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

735

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

736

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

737

},

738

"dayOfWeekValue": "A String", # day of week

739

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

740

"stringValue": "A String", # string

741

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

742

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

743

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

744

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

745

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

746

},

747

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

748

},

749

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

750

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

751

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

752

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

753

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

754

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

755

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

756

},

757

"dayOfWeekValue": "A String", # day of week

758

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

759

"stringValue": "A String", # string

760

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

761

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

762

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

763

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

764

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

765

},

766

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

767

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

768

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

769

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

770

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

771

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

772

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

773

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

774

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

775

},

776

"dayOfWeekValue": "A String", # day of week

777

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

778

"stringValue": "A String", # string

779

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

780

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

781

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

782

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

783

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

784

},

785

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

790

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

791

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

792

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

793

},

794

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

795

"name": "A String", # Name describing the field.

796

},

797

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

798

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

799

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

800

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

801

"wrappedKey": "A String", # Required. The wrapped data crypto key.

802

},

803

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

804

"key": "A String", # Required. A 128/192/256 bit key.

805

},

806

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

807

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

808

},

809

},

810

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

811

"commonAlphabet": "A String", # Common alphabets.

812

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

813

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

814

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

815

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

816

},

817

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

818

"name": "A String", # Name describing the field.

819

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

820

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

821

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

822

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

823

"wrappedKey": "A String", # Required. The wrapped data crypto key.

824

},

825

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

826

"key": "A String", # Required. A 128/192/256 bit key.

827

},

828

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

829

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

830

},

831

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

832

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

833

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

834

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

835

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

836

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

837

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

838

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

839

"charactersToSkip": "A String", # Characters to not transform when masking.

840

},

841

],

842

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

843

},

844

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

845

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

846

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

847

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

848

"wrappedKey": "A String", # Required. The wrapped data crypto key.

849

},

850

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

851

"key": "A String", # Required. A 128/192/256 bit key.

852

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

853

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

854

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

855

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

856

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

857

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

858

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

859

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

860

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

861

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

862

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

863

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

864

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

865

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

866

},

867

"dayOfWeekValue": "A String", # day of week

868

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

869

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

870

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

871

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

872

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

873

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

874

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

875

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

876

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

877

},

878

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

879

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

880

},

881

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

882

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

883

{ # Type of information detected by the API.

884

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

885

},

886

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

887

},

888

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

889

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

890

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

891

"displayName": "A String", # Display name (max 256 chars).

892

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

893

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

894

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

895

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

896

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

897

"templateId": "A String", # The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

898

"locationId": "A String", # Deprecated. This field has no effect.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

899

}

900

901

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

908

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

909

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

910

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

911

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

912

"fieldTransformations": [ # Transform the record by applying various field transformations.

913

{ # The transformation to apply to the field.

914

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

915

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

916

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

917

"integerValue": "A String", # integer

918

"floatValue": 3.14, # float

919

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

920

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

921

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

922

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

923

},

924

"dayOfWeekValue": "A String", # day of week

925

"booleanValue": True or False, # boolean

926

"stringValue": "A String", # string

927

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

928

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

929

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

930

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

931

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

932

},

933

"timestampValue": "A String", # timestamp

934

},

935

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

936

"integerValue": "A String", # integer

937

"floatValue": 3.14, # float

938

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

939

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

940

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

941

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

942

},

943

"dayOfWeekValue": "A String", # day of week

944

"booleanValue": True or False, # boolean

945

"stringValue": "A String", # string

946

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

947

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

948

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

949

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

950

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

951

},

952

"timestampValue": "A String", # timestamp

953

},

954

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

955

},

956

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

957

"partToExtract": "A String", # The part of the time to keep.

958

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

959

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

960

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

961

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

962

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

963

"name": "A String", # Name describing the field.

964

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

965

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

966

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

967

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

968

"wrappedKey": "A String", # Required. The wrapped data crypto key.

969

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

970

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

971

"key": "A String", # Required. A 128/192/256 bit key.

972

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

973

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

974

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

975

},

976

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

977

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

978

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

979

},

980

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

981

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

982

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

983

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

984

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

985

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

986

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

987

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

988

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

989

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

990

},

991

"dayOfWeekValue": "A String", # day of week

992

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

993

"stringValue": "A String", # string

994

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

995

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

996

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

997

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

998

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

999

},

1000

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1001

},

1002

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1003

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1004

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1005

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1006

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1007

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1008

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1009

},

1010

"dayOfWeekValue": "A String", # day of week

1011

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1012

"stringValue": "A String", # string

1013

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1014

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1015

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1016

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1017

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1018

},

1019

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1020

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1021

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1022

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1023

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1024

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1025

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1026

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1027

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1028

},

1029

"dayOfWeekValue": "A String", # day of week

1030

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1031

"stringValue": "A String", # string

1032

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1033

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1034

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1035

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1036

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1037

},

1038

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1043

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1044

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1045

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1046

},

1047

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1048

"name": "A String", # Name describing the field.

1049

},

1050

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1051

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

1052

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1053

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1054

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1055

},

1056

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1057

"key": "A String", # Required. A 128/192/256 bit key.

1058

},

1059

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1060

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1061

},

1062

},

1063

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1064

"commonAlphabet": "A String", # Common alphabets.

1065

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1066

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1067

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1068

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1069

},

1070

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1071

"name": "A String", # Name describing the field.

1072

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1073

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

1074

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1075

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1076

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1077

},

1078

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1079

"key": "A String", # Required. A 128/192/256 bit key.

1080

},

1081

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1082

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1083

},

1084

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1085

},

1086

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1087

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1088

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1089

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1090

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1091

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1092

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1093

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1094

],

1095

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1096

},

1097

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

1098

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1099

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1100

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1101

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1102

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1103

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1104

"key": "A String", # Required. A 128/192/256 bit key.

1105

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1106

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1107

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1108

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1109

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1110

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1111

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

1112

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1113

"integerValue": "A String", # integer

1114

"floatValue": 3.14, # float

1115

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1116

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1117

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1118

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1119

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1120

"dayOfWeekValue": "A String", # day of week

1121

"booleanValue": True or False, # boolean

1122

"stringValue": "A String", # string

1123

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1124

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1125

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1126

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1127

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1128

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1129

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1130

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1131

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1132

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1133

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1134

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1135

"fields": [ # Required. Input field(s) to apply the transformation to.

1136

{ # General identifier of a data field in a storage service.

1137

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1138

},

1139

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1140

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

1141

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

1142

{ # A transformation to apply to text that is identified as a specific info_type.

1143

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1144

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

1145

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1146

"integerValue": "A String", # integer

1147

"floatValue": 3.14, # float

1148

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1149

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1150

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1151

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1152

},

1153

"dayOfWeekValue": "A String", # day of week

1154

"booleanValue": True or False, # boolean

1155

"stringValue": "A String", # string

1156

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1157

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1158

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1159

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1160

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1161

},

1162

"timestampValue": "A String", # timestamp

1163

},

1164

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1165

"integerValue": "A String", # integer

1166

"floatValue": 3.14, # float

1167

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1168

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1169

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1170

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1171

},

1172

"dayOfWeekValue": "A String", # day of week

1173

"booleanValue": True or False, # boolean

1174

"stringValue": "A String", # string

1175

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1176

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1177

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1178

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1179

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1180

},

1181

"timestampValue": "A String", # timestamp

1182

},

1183

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1184

},

1185

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1186

"partToExtract": "A String", # The part of the time to keep.

1187

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1188

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1189

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1190

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1191

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1192

"name": "A String", # Name describing the field.

1193

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1194

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1195

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1196

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1197

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1198

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1199

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1200

"key": "A String", # Required. A 128/192/256 bit key.

1201

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1202

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1203

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1204

},

1205

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1206

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1207

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1208

},

1209

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1210

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1211

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1212

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1213

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1214

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1215

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1216

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1217

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1218

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1219

},

1220

"dayOfWeekValue": "A String", # day of week

1221

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1222

"stringValue": "A String", # string

1223

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1224

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1225

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1226

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1227

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1228

},

1229

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1230

},

1231

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1232

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1233

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1234

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1235

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1236

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1237

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1238

},

1239

"dayOfWeekValue": "A String", # day of week

1240

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1241

"stringValue": "A String", # string

1242

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1243

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1244

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1245

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1246

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1247

},

1248

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1249

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1250

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1251

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1252

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1253

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1254

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1255

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1256

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1257

},

1258

"dayOfWeekValue": "A String", # day of week

1259

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1260

"stringValue": "A String", # string

1261

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1262

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1263

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1264

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1265

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1266

},

1267

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1272

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1273

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1274

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1275

},

1276

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1277

"name": "A String", # Name describing the field.

1278

},

1279

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1280

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

1281

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1282

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1283

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1284

},

1285

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1286

"key": "A String", # Required. A 128/192/256 bit key.

1287

},

1288

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1289

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1290

},

1291

},

1292

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1293

"commonAlphabet": "A String", # Common alphabets.

1294

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1295

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1296

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1297

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1298

},

1299

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1300

"name": "A String", # Name describing the field.

1301

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1302

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

1303

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1304

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1305

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1306

},

1307

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1308

"key": "A String", # Required. A 128/192/256 bit key.

1309

},

1310

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1311

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1312

},

1313

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1314

},

1315

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1316

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1317

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1318

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1319

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1320

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1321

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1322

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1323

],

1324

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1325

},

1326

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

1327

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1328

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1329

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1330

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1331

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1332

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1333

"key": "A String", # Required. A 128/192/256 bit key.

1334

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1335

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1336

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1337

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1338

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1339

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1340

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

1341

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1342

"integerValue": "A String", # integer

1343

"floatValue": 3.14, # float

1344

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1345

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1346

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1347

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1348

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1349

"dayOfWeekValue": "A String", # day of week

1350

"booleanValue": True or False, # boolean

1351

"stringValue": "A String", # string

1352

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1353

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1354

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1355

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1356

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1357

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1358

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1359

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1360

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1361

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1362

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1363

},

1364

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

1365

{ # Type of information detected by the API.

1366

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1372

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

1373

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

1374

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

1375

"conditions": [ # A collection of conditions.

1376

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

1377

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

1378

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

1379

"name": "A String", # Name describing the field.

1380

},

1381

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

1382

"integerValue": "A String", # integer

1383

"floatValue": 3.14, # float

1384

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1385

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1386

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1387

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1388

},

1389

"dayOfWeekValue": "A String", # day of week

1390

"booleanValue": True or False, # boolean

1391

"stringValue": "A String", # string

1392

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1393

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1394

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1395

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1396

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1397

},

1398

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1404

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

1409

{ # Configuration to suppress records whose suppression conditions evaluate to true.

1410

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

1411

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

1412

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

1413

"conditions": [ # A collection of conditions.

1414

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

1415

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

1416

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

1417

"name": "A String", # Name describing the field.

1418

},

1419

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

1420

"integerValue": "A String", # integer

1421

"floatValue": 3.14, # float

1422

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1423

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1424

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1425

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1426

},

1427

"dayOfWeekValue": "A String", # day of week

1428

"booleanValue": True or False, # boolean

1429

"stringValue": "A String", # string

1430

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1431

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1432

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1433

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1434

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1435

},

1436

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

1448

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

1449

},

1450

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

1451

},

1452

},

1453

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

1454

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

1455

{ # A transformation to apply to text that is identified as a specific info_type.

1456

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

1457

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

1458

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1459

"integerValue": "A String", # integer

1460

"floatValue": 3.14, # float

1461

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1462

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1463

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1464

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1465

},

1466

"dayOfWeekValue": "A String", # day of week

1467

"booleanValue": True or False, # boolean

1468

"stringValue": "A String", # string

1469

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1470

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1471

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1472

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1473

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1474

},

1475

"timestampValue": "A String", # timestamp

1476

},

1477

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1478

"integerValue": "A String", # integer

1479

"floatValue": 3.14, # float

1480

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1481

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1482

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1483

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1484

},

1485

"dayOfWeekValue": "A String", # day of week

1486

"booleanValue": True or False, # boolean

1487

"stringValue": "A String", # string

1488

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1489

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1490

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1491

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1492

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1493

},

1494

"timestampValue": "A String", # timestamp

1495

},

1496

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1497

},

1498

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1499

"partToExtract": "A String", # The part of the time to keep.

1500

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1501

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1502

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1503

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1504

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1505

"name": "A String", # Name describing the field.

1506

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1507

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1508

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1509

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1510

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1511

},

1512

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1513

"key": "A String", # Required. A 128/192/256 bit key.

1514

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1515

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1516

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1517

},

1518

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1519

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1520

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1521

},

1522

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1523

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1524

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1525

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1526

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1527

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1528

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1529

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1530

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1531

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1532

},

1533

"dayOfWeekValue": "A String", # day of week

1534

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1535

"stringValue": "A String", # string

1536

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1537

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1538

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1539

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1540

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1541

},

1542

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1543

},

1544

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1545

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1546

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1547

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1548

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1549

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1550

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1551

},

1552

"dayOfWeekValue": "A String", # day of week

1553

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1554

"stringValue": "A String", # string

1555

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1556

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1557

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1558

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1559

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1560

},

1561

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1562

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1563

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1564

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1565

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1566

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1567

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1568

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1569

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1570

},

1571

"dayOfWeekValue": "A String", # day of week

1572

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1573

"stringValue": "A String", # string

1574

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1575

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1576

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1577

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1578

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1579

},

1580

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1585

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1586

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1587

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1588

},

1589

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1590

"name": "A String", # Name describing the field.

1591

},

1592

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1593

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

1594

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1595

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1596

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1597

},

1598

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1599

"key": "A String", # Required. A 128/192/256 bit key.

1600

},

1601

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1602

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1603

},

1604

},

1605

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1606

"commonAlphabet": "A String", # Common alphabets.

1607

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1608

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1609

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1610

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1611

},

1612

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1613

"name": "A String", # Name describing the field.

1614

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1615

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

1616

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1617

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1618

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1619

},

1620

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1621

"key": "A String", # Required. A 128/192/256 bit key.

1622

},

1623

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1624

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1625

},

1626

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1627

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1628

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1629

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1630

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1631

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1632

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1633

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1634

"charactersToSkip": "A String", # Characters to not transform when masking.

1635

},

1636

],

1637

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1638

},

1639

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

1640

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1641

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1642

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1643

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1644

},

1645

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1646

"key": "A String", # Required. A 128/192/256 bit key.

1647

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1648

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1649

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1650

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1651

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1652

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1653

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

1654

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1655

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1656

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1657

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1658

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1659

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1660

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1661

},

1662

"dayOfWeekValue": "A String", # day of week

1663

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1664

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1665

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1666

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1667

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1668

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1669

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1670

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1671

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1672

},

1673

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1674

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1675

},

1676

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1677

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

1678

{ # Type of information detected by the API.

1679

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1680

},

1681

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1682

},

1683

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1684

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1685

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1686

"displayName": "A String", # Display name (max 256 chars).

1687

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

1688

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

1689

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

1690

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1696

<pre>Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1697

1698

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1699

name: string, Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1700

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1707

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1708

{ # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1714

<pre>Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1715

1716

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1717

name: string, Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1718

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1725

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1726

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

1727

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1728

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

1729

"fieldTransformations": [ # Transform the record by applying various field transformations.

1730

{ # The transformation to apply to the field.

1731

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

1732

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

1733

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1734

"integerValue": "A String", # integer

1735

"floatValue": 3.14, # float

1736

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1737

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1738

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1739

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1740

},

1741

"dayOfWeekValue": "A String", # day of week

1742

"booleanValue": True or False, # boolean

1743

"stringValue": "A String", # string

1744

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1745

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1746

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1747

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1748

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1749

},

1750

"timestampValue": "A String", # timestamp

1751

},

1752

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1753

"integerValue": "A String", # integer

1754

"floatValue": 3.14, # float

1755

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1756

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1757

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1758

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1759

},

1760

"dayOfWeekValue": "A String", # day of week

1761

"booleanValue": True or False, # boolean

1762

"stringValue": "A String", # string

1763

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1764

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1765

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1766

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1767

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1768

},

1769

"timestampValue": "A String", # timestamp

1770

},

1771

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

1772

},

1773

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

1774

"partToExtract": "A String", # The part of the time to keep.

1775

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1776

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1777

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1778

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1779

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

1780

"name": "A String", # Name describing the field.

1781

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1782

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1783

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1784

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1785

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1786

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1787

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1788

"key": "A String", # Required. A 128/192/256 bit key.

1789

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1790

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1791

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1792

},

1793

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1794

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1795

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1796

},

1797

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

1798

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

1799

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1800

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1801

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1802

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1803

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1804

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1805

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1806

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1807

},

1808

"dayOfWeekValue": "A String", # day of week

1809

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1810

"stringValue": "A String", # string

1811

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1812

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1813

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1814

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1815

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1816

},

1817

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1818

},

1819

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1820

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1821

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1822

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1823

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1824

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1825

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1826

},

1827

"dayOfWeekValue": "A String", # day of week

1828

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1829

"stringValue": "A String", # string

1830

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1831

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1832

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1833

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1834

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1835

},

1836

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1837

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1838

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1839

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1840

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1841

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1842

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1843

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1844

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1845

},

1846

"dayOfWeekValue": "A String", # day of week

1847

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1848

"stringValue": "A String", # string

1849

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1850

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1851

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1852

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1853

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1854

},

1855

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1860

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

1861

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

1862

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1863

},

1864

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

1865

"name": "A String", # Name describing the field.

1866

},

1867

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

1868

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

1869

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1870

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1871

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1872

},

1873

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1874

"key": "A String", # Required. A 128/192/256 bit key.

1875

},

1876

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1877

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1878

},

1879

},

1880

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

1881

"commonAlphabet": "A String", # Common alphabets.

1882

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1883

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1884

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

1885

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

1886

},

1887

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

1888

"name": "A String", # Name describing the field.

1889

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1890

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

1891

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1892

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1893

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1894

},

1895

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1896

"key": "A String", # Required. A 128/192/256 bit key.

1897

},

1898

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1899

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1900

},

1901

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1902

},

1903

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1904

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

1905

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1906

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

1907

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

1908

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

1909

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1910

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1911

],

1912

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1913

},

1914

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

1915

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1916

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

1917

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

1918

"wrappedKey": "A String", # Required. The wrapped data crypto key.

1919

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1920

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

1921

"key": "A String", # Required. A 128/192/256 bit key.

1922

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1923

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

1924

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

1925

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1926

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1927

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1928

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

1929

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

1930

"integerValue": "A String", # integer

1931

"floatValue": 3.14, # float

1932

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1933

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1934

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1935

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1936

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1937

"dayOfWeekValue": "A String", # day of week

1938

"booleanValue": True or False, # boolean

1939

"stringValue": "A String", # string

1940

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1941

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1942

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1943

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1944

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1945

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1946

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

1947

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1948

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1949

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

1950

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1951

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1952

"fields": [ # Required. Input field(s) to apply the transformation to.

1953

{ # General identifier of a data field in a storage service.

1954

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1955

},

1956

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

1957

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

1958

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

1959

{ # A transformation to apply to text that is identified as a specific info_type.

1960

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

1961

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

1962

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

1963

"integerValue": "A String", # integer

1964

"floatValue": 3.14, # float

1965

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1966

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1967

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1968

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1969

},

1970

"dayOfWeekValue": "A String", # day of week

1971

"booleanValue": True or False, # boolean

1972

"stringValue": "A String", # string

1973

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1974

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1975

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1976

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1977

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1978

},

1979

"timestampValue": "A String", # timestamp

1980

},

1981

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

1982

"integerValue": "A String", # integer

1983

"floatValue": 3.14, # float

1984

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

1985

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

1986

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

1987

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

1988

},

1989

"dayOfWeekValue": "A String", # day of week

1990

"booleanValue": True or False, # boolean

1991

"stringValue": "A String", # string

1992

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

1993

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

1994

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

1995

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

1996

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

1997

},

1998

"timestampValue": "A String", # timestamp

1999

},

2000

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2001

},

2002

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2003

"partToExtract": "A String", # The part of the time to keep.

2004

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2005

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2006

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2007

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2008

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2009

"name": "A String", # Name describing the field.

2010

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2011

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2012

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2013

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2014

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2015

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2016

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2017

"key": "A String", # Required. A 128/192/256 bit key.

2018

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2019

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2020

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2021

},

2022

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2023

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2024

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2025

},

2026

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2027

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2028

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2029

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2030

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2031

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2032

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2033

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2034

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2035

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2036

},

2037

"dayOfWeekValue": "A String", # day of week

2038

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2039

"stringValue": "A String", # string

2040

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2041

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2042

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2043

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2044

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2045

},

2046

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2047

},

2048

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2049

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2050

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2051

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2052

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2053

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2054

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2055

},

2056

"dayOfWeekValue": "A String", # day of week

2057

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2058

"stringValue": "A String", # string

2059

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2060

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2061

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2062

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2063

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2064

},

2065

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2066

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2067

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2068

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2069

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2070

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2071

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2072

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2073

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2074

},

2075

"dayOfWeekValue": "A String", # day of week

2076

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2077

"stringValue": "A String", # string

2078

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2079

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2080

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2081

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2082

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2083

},

2084

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2089

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2090

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2091

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2092

},

2093

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2094

"name": "A String", # Name describing the field.

2095

},

2096

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2097

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

2098

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2099

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2100

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2101

},

2102

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2103

"key": "A String", # Required. A 128/192/256 bit key.

2104

},

2105

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2106

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2107

},

2108

},

2109

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2110

"commonAlphabet": "A String", # Common alphabets.

2111

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2112

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2113

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2114

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2115

},

2116

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2117

"name": "A String", # Name describing the field.

2118

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2119

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

2120

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2121

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2122

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2123

},

2124

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2125

"key": "A String", # Required. A 128/192/256 bit key.

2126

},

2127

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2128

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2129

},

2130

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2131

},

2132

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2133

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2134

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2135

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2136

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2137

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2138

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2139

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2140

],

2141

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2142

},

2143

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

2144

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2145

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2146

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2147

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2148

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2149

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2150

"key": "A String", # Required. A 128/192/256 bit key.

2151

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2152

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2153

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2154

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2155

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2156

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2157

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

2158

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2159

"integerValue": "A String", # integer

2160

"floatValue": 3.14, # float

2161

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2162

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2163

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2164

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2165

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2166

"dayOfWeekValue": "A String", # day of week

2167

"booleanValue": True or False, # boolean

2168

"stringValue": "A String", # string

2169

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2170

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2171

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2172

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2173

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2174

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2175

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2176

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2177

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2178

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2179

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2180

},

2181

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2182

{ # Type of information detected by the API.

2183

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2189

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

2190

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

2191

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

2192

"conditions": [ # A collection of conditions.

2193

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

2194

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

2195

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

2196

"name": "A String", # Name describing the field.

2197

},

2198

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

2199

"integerValue": "A String", # integer

2200

"floatValue": 3.14, # float

2201

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2202

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2203

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2204

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2205

},

2206

"dayOfWeekValue": "A String", # day of week

2207

"booleanValue": True or False, # boolean

2208

"stringValue": "A String", # string

2209

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2210

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2211

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2212

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2213

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2214

},

2215

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2221

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

2226

{ # Configuration to suppress records whose suppression conditions evaluate to true.

2227

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

2228

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

2229

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

2230

"conditions": [ # A collection of conditions.

2231

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

2232

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

2233

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

2234

"name": "A String", # Name describing the field.

2235

},

2236

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

2237

"integerValue": "A String", # integer

2238

"floatValue": 3.14, # float

2239

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2240

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2241

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2242

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2243

},

2244

"dayOfWeekValue": "A String", # day of week

2245

"booleanValue": True or False, # boolean

2246

"stringValue": "A String", # string

2247

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2248

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2249

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2250

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2251

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2252

},

2253

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

2265

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

2266

},

2267

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

2268

},

2269

},

2270

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

2271

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

2272

{ # A transformation to apply to text that is identified as a specific info_type.

2273

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

2274

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

2275

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2276

"integerValue": "A String", # integer

2277

"floatValue": 3.14, # float

2278

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2279

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2280

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2281

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2282

},

2283

"dayOfWeekValue": "A String", # day of week

2284

"booleanValue": True or False, # boolean

2285

"stringValue": "A String", # string

2286

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2287

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2288

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2289

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2290

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2291

},

2292

"timestampValue": "A String", # timestamp

2293

},

2294

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2295

"integerValue": "A String", # integer

2296

"floatValue": 3.14, # float

2297

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2298

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2299

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2300

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2301

},

2302

"dayOfWeekValue": "A String", # day of week

2303

"booleanValue": True or False, # boolean

2304

"stringValue": "A String", # string

2305

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2306

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2307

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2308

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2309

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2310

},

2311

"timestampValue": "A String", # timestamp

2312

},

2313

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2314

},

2315

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2316

"partToExtract": "A String", # The part of the time to keep.

2317

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2318

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2319

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2320

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2321

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2322

"name": "A String", # Name describing the field.

2323

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2324

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2325

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2326

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2327

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2328

},

2329

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2330

"key": "A String", # Required. A 128/192/256 bit key.

2331

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2332

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2333

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2334

},

2335

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2336

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2337

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2338

},

2339

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2340

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2341

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2342

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2343

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2344

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2345

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2346

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2347

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2348

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2349

},

2350

"dayOfWeekValue": "A String", # day of week

2351

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2352

"stringValue": "A String", # string

2353

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2354

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2355

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2356

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2357

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2358

},

2359

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2360

},

2361

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2362

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2363

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2364

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2365

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2366

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2367

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2368

},

2369

"dayOfWeekValue": "A String", # day of week

2370

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2371

"stringValue": "A String", # string

2372

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2373

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2374

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2375

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2376

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2377

},

2378

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2379

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2380

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2381

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2382

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2383

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2384

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2385

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2386

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2387

},

2388

"dayOfWeekValue": "A String", # day of week

2389

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2390

"stringValue": "A String", # string

2391

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2392

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2393

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2394

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2395

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2396

},

2397

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2402

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2403

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2404

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2405

},

2406

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2407

"name": "A String", # Name describing the field.

2408

},

2409

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2410

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

2411

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2412

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2413

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2414

},

2415

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2416

"key": "A String", # Required. A 128/192/256 bit key.

2417

},

2418

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2419

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2420

},

2421

},

2422

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2423

"commonAlphabet": "A String", # Common alphabets.

2424

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2425

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2426

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2427

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2428

},

2429

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2430

"name": "A String", # Name describing the field.

2431

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2432

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

2433

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2434

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2435

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2436

},

2437

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2438

"key": "A String", # Required. A 128/192/256 bit key.

2439

},

2440

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2441

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2442

},

2443

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

2444

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2445

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2446

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2447

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2448

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2449

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2450

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2451

"charactersToSkip": "A String", # Characters to not transform when masking.

2452

},

2453

],

2454

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2455

},

2456

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

2457

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2458

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2459

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2460

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2461

},

2462

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2463

"key": "A String", # Required. A 128/192/256 bit key.

2464

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2465

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2466

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2467

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2468

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2469

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2470

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

2471

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2472

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2473

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2474

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2475

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2476

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2477

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2478

},

2479

"dayOfWeekValue": "A String", # day of week

2480

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2481

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2482

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2483

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2484

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2485

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2486

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2487

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2488

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2489

},

2490

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2491

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2492

},

2493

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2494

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2495

{ # Type of information detected by the API.

2496

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2497

},

2498

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

2499

},

2500

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

2501

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2502

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2503

"displayName": "A String", # Display name (max 256 chars).

2504

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

2505

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

2506

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

2507

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2512

<code class="details" id="list">list(parent, pageSize=None, orderBy=None, pageToken=None, locationId=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2513

<pre>Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2514

2515

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2516

parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2517

pageSize: integer, Size of the page, can be limited by server. If zero server returns a page of max size 100.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2518

orderBy: string, Comma separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to time the template was created. - `update_time`: corresponds to time the template was last updated. - `name`: corresponds to template's name. - `display_name`: corresponds to template's display name.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2519

pageToken: string, Page token to continue retrieval. Comes from previous call to `ListDeidentifyTemplates`.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2520

locationId: string, Deprecated. This field has no effect.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2521

x__xgafv: string, V1 error format.

2522

Allowed values

2523

1 - v1 error format

2524

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

2525

2526

Returns:

2527

An object of the form:

2528

2529

{ # Response message for ListDeidentifyTemplates.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2530

"deidentifyTemplates": [ # List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.

2531

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

2532

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2533

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

2534

"fieldTransformations": [ # Transform the record by applying various field transformations.

2535

{ # The transformation to apply to the field.

2536

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

2537

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

2538

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2539

"integerValue": "A String", # integer

2540

"floatValue": 3.14, # float

2541

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2542

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2543

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2544

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2545

},

2546

"dayOfWeekValue": "A String", # day of week

2547

"booleanValue": True or False, # boolean

2548

"stringValue": "A String", # string

2549

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2550

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2551

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2552

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2553

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2554

},

2555

"timestampValue": "A String", # timestamp

2556

},

2557

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2558

"integerValue": "A String", # integer

2559

"floatValue": 3.14, # float

2560

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2561

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2562

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2563

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2564

},

2565

"dayOfWeekValue": "A String", # day of week

2566

"booleanValue": True or False, # boolean

2567

"stringValue": "A String", # string

2568

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2569

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2570

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2571

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2572

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2573

},

2574

"timestampValue": "A String", # timestamp

2575

},

2576

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2577

},

2578

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2579

"partToExtract": "A String", # The part of the time to keep.

2580

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2581

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2582

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2583

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2584

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2585

"name": "A String", # Name describing the field.

2586

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2587

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2588

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

2589

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2590

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2591

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2592

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2593

"key": "A String", # Required. A 128/192/256 bit key.

2594

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2595

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2596

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2597

},

2598

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2599

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2600

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2601

},

2602

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2603

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2604

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2605

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2606

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2607

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2608

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2609

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2610

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2611

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2612

},

2613

"dayOfWeekValue": "A String", # day of week

2614

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2615

"stringValue": "A String", # string

2616

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2617

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2618

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2619

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2620

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2621

},

2622

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2623

},

2624

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2625

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2626

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2627

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2628

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2629

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2630

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2631

},

2632

"dayOfWeekValue": "A String", # day of week

2633

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2634

"stringValue": "A String", # string

2635

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2636

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2637

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2638

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2639

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2640

},

2641

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2642

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2643

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2644

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2645

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2646

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2647

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2648

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2649

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2650

},

2651

"dayOfWeekValue": "A String", # day of week

2652

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2653

"stringValue": "A String", # string

2654

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2655

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2656

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2657

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2658

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2659

},

2660

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2665

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2666

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2667

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2668

},

2669

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2670

"name": "A String", # Name describing the field.

2671

},

2672

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2673

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

2674

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2675

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2676

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2677

},

2678

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2679

"key": "A String", # Required. A 128/192/256 bit key.

2680

},

2681

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2682

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2683

},

2684

},

2685

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2686

"commonAlphabet": "A String", # Common alphabets.

2687

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2688

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2689

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2690

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2691

},

2692

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2693

"name": "A String", # Name describing the field.

2694

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2695

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

2696

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2697

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2698

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2699

},

2700

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2701

"key": "A String", # Required. A 128/192/256 bit key.

2702

},

2703

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2704

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2705

},

2706

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2707

},

2708

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2709

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2710

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2711

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2712

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2713

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2714

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

2715

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2716

],

2717

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2718

},

2719

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

2720

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2721

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2722

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2723

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2724

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2725

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2726

"key": "A String", # Required. A 128/192/256 bit key.

2727

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2728

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2729

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2730

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2731

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2732

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2733

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

2734

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2735

"integerValue": "A String", # integer

2736

"floatValue": 3.14, # float

2737

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2738

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2739

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2740

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2741

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2742

"dayOfWeekValue": "A String", # day of week

2743

"booleanValue": True or False, # boolean

2744

"stringValue": "A String", # string

2745

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2746

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2747

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2748

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2749

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2750

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2751

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2752

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2753

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2754

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2755

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

2756

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2757

"fields": [ # Required. Input field(s) to apply the transformation to.

2758

{ # General identifier of a data field in a storage service.

2759

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2760

},

2761

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2762

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

2763

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

2764

{ # A transformation to apply to text that is identified as a specific info_type.

2765

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2766

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

2767

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

2768

"integerValue": "A String", # integer

2769

"floatValue": 3.14, # float

2770

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2771

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2772

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2773

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2774

},

2775

"dayOfWeekValue": "A String", # day of week

2776

"booleanValue": True or False, # boolean

2777

"stringValue": "A String", # string

2778

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2779

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2780

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2781

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2782

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2783

},

2784

"timestampValue": "A String", # timestamp

2785

},

2786

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

2787

"integerValue": "A String", # integer

2788

"floatValue": 3.14, # float

2789

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2790

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2791

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2792

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

2793

},

2794

"dayOfWeekValue": "A String", # day of week

2795

"booleanValue": True or False, # boolean

2796

"stringValue": "A String", # string

2797

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2798

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2799

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2800

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2801

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2802

},

2803

"timestampValue": "A String", # timestamp

2804

},

2805

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

2806

},

2807

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

2808

"partToExtract": "A String", # The part of the time to keep.

2809

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2810

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2811

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2812

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2813

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

2814

"name": "A String", # Name describing the field.

2815

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2816

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2817

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2818

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2819

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2820

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2821

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2822

"key": "A String", # Required. A 128/192/256 bit key.

2823

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2824

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2825

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2826

},

2827

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2828

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2829

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2830

},

2831

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

2832

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

2833

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2834

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2835

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2836

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2837

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2838

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2839

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2840

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2841

},

2842

"dayOfWeekValue": "A String", # day of week

2843

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2844

"stringValue": "A String", # string

2845

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2846

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2847

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2848

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2849

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2850

},

2851

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2852

},

2853

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2854

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2855

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2856

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2857

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2858

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2859

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2860

},

2861

"dayOfWeekValue": "A String", # day of week

2862

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2863

"stringValue": "A String", # string

2864

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2865

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2866

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2867

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2868

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2869

},

2870

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2871

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2872

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2873

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2874

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2875

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2876

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2877

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2878

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2879

},

2880

"dayOfWeekValue": "A String", # day of week

2881

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2882

"stringValue": "A String", # string

2883

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2884

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2885

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2886

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2887

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

2888

},

2889

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2894

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

2895

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

2896

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2897

},

2898

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

2899

"name": "A String", # Name describing the field.

2900

},

2901

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

2902

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

2903

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2904

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2905

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2906

},

2907

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2908

"key": "A String", # Required. A 128/192/256 bit key.

2909

},

2910

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2911

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2912

},

2913

},

2914

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

2915

"commonAlphabet": "A String", # Common alphabets.

2916

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2917

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2918

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

2919

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

2920

},

2921

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

2922

"name": "A String", # Name describing the field.

2923

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2924

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

2925

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2926

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2927

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2928

},

2929

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2930

"key": "A String", # Required. A 128/192/256 bit key.

2931

},

2932

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2933

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2934

},

2935

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2936

},

2937

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2938

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

2939

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2940

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

2941

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

2942

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

2943

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2944

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2945

],

2946

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2947

},

2948

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

2949

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2950

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

2951

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

2952

"wrappedKey": "A String", # Required. The wrapped data crypto key.

2953

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2954

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

2955

"key": "A String", # Required. A 128/192/256 bit key.

2956

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2957

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

2958

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

2959

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2960

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2961

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2962

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

2963

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

2964

"integerValue": "A String", # integer

2965

"floatValue": 3.14, # float

2966

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

2967

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

2968

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

2969

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2970

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2971

"dayOfWeekValue": "A String", # day of week

2972

"booleanValue": True or False, # boolean

2973

"stringValue": "A String", # string

2974

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

2975

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

2976

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

2977

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

2978

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2979

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2980

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

2981

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2982

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2983

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

2984

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

2985

},

2986

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

2987

{ # Type of information detected by the API.

2988

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

2994

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

2995

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

2996

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

2997

"conditions": [ # A collection of conditions.

2998

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

2999

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

3000

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3001

"name": "A String", # Name describing the field.

3002

},

3003

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3004

"integerValue": "A String", # integer

3005

"floatValue": 3.14, # float

3006

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3007

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3008

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3009

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3010

},

3011

"dayOfWeekValue": "A String", # day of week

3012

"booleanValue": True or False, # boolean

3013

"stringValue": "A String", # string

3014

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3015

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3016

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3017

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3018

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3019

},

3020

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3026

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

3031

{ # Configuration to suppress records whose suppression conditions evaluate to true.

3032

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

3033

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

3034

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

3035

"conditions": [ # A collection of conditions.

3036

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

3037

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

3038

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3039

"name": "A String", # Name describing the field.

3040

},

3041

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3042

"integerValue": "A String", # integer

3043

"floatValue": 3.14, # float

3044

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3045

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3046

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3047

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3048

},

3049

"dayOfWeekValue": "A String", # day of week

3050

"booleanValue": True or False, # boolean

3051

"stringValue": "A String", # string

3052

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3053

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3054

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3055

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3056

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3057

},

3058

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

3070

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

3071

},

3072

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

3073

},

3074

},

3075

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

3076

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

3077

{ # A transformation to apply to text that is identified as a specific info_type.

3078

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

3079

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

3080

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3081

"integerValue": "A String", # integer

3082

"floatValue": 3.14, # float

3083

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3084

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3085

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3086

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3087

},

3088

"dayOfWeekValue": "A String", # day of week

3089

"booleanValue": True or False, # boolean

3090

"stringValue": "A String", # string

3091

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3092

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3093

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3094

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3095

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3096

},

3097

"timestampValue": "A String", # timestamp

3098

},

3099

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3100

"integerValue": "A String", # integer

3101

"floatValue": 3.14, # float

3102

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3103

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3104

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3105

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3106

},

3107

"dayOfWeekValue": "A String", # day of week

3108

"booleanValue": True or False, # boolean

3109

"stringValue": "A String", # string

3110

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3111

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3112

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3113

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3114

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3115

},

3116

"timestampValue": "A String", # timestamp

3117

},

3118

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3119

},

3120

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3121

"partToExtract": "A String", # The part of the time to keep.

3122

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3123

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3124

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3125

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3126

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3127

"name": "A String", # Name describing the field.

3128

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3129

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3130

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3131

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3132

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3133

},

3134

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3135

"key": "A String", # Required. A 128/192/256 bit key.

3136

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3137

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3138

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3139

},

3140

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3141

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3142

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3143

},

3144

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3145

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3146

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3147

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3148

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3149

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3150

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3151

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3152

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3153

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3154

},

3155

"dayOfWeekValue": "A String", # day of week

3156

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3157

"stringValue": "A String", # string

3158

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3159

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3160

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3161

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3162

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3163

},

3164

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3165

},

3166

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3167

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3168

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3169

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3170

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3171

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3172

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3173

},

3174

"dayOfWeekValue": "A String", # day of week

3175

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3176

"stringValue": "A String", # string

3177

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3178

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3179

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3180

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3181

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3182

},

3183

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3184

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3185

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3186

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3187

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3188

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3189

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3190

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3191

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3192

},

3193

"dayOfWeekValue": "A String", # day of week

3194

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3195

"stringValue": "A String", # string

3196

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3197

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3198

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3199

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3200

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3201

},

3202

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3207

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

3208

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3209

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3210

},

3211

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3212

"name": "A String", # Name describing the field.

3213

},

3214

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3215

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

3216

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3217

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3218

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3219

},

3220

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3221

"key": "A String", # Required. A 128/192/256 bit key.

3222

},

3223

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3224

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3225

},

3226

},

3227

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

3228

"commonAlphabet": "A String", # Common alphabets.

3229

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3230

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3231

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3232

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3233

},

3234

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3235

"name": "A String", # Name describing the field.

3236

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3237

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

3238

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3239

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3240

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3241

},

3242

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3243

"key": "A String", # Required. A 128/192/256 bit key.

3244

},

3245

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3246

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3247

},

3248

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

3249

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3250

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3251

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3252

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3253

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3254

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3255

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3256

"charactersToSkip": "A String", # Characters to not transform when masking.

3257

},

3258

],

3259

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3260

},

3261

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

3262

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3263

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3264

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3265

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3266

},

3267

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3268

"key": "A String", # Required. A 128/192/256 bit key.

3269

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3270

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3271

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3272

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3273

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3274

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3275

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

3276

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3277

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3278

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3279

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3280

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3281

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3282

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3283

},

3284

"dayOfWeekValue": "A String", # day of week

3285

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3286

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3287

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3288

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3289

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3290

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3291

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3292

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3293

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3294

},

3295

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3296

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3297

},

3298

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3299

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

3300

{ # Type of information detected by the API.

3301

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3302

},

3303

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3304

},

3305

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3306

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3307

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3308

"displayName": "A String", # Display name (max 256 chars).

3309

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

3310

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

3311

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

3312

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3313

},

3314

],

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3315

"nextPageToken": "A String", # If the next page is available then the next page token to be used in following ListDeidentifyTemplates request.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

3321

<pre>Retrieves the next page of results.

3322

3323

Args:

3324

previous_request: The request for the previous page. (required)

3325

previous_response: The response from the request for the previous page. (required)

3326

3327

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

3328

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3329

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3334

<code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3335

<pre>Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3336

3337

Args:

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3338

name: string, Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

3339

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

3340

The object takes the form of:

3341

3342

{ # Request message for UpdateDeidentifyTemplate.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3343

"updateMask": "A String", # Mask to control which fields get updated.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3344

"deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # New DeidentifyTemplate value.

3345

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3346

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

3347

"fieldTransformations": [ # Transform the record by applying various field transformations.

3348

{ # The transformation to apply to the field.

3349

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

3350

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

3351

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3352

"integerValue": "A String", # integer

3353

"floatValue": 3.14, # float

3354

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3355

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3356

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3357

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3358

},

3359

"dayOfWeekValue": "A String", # day of week

3360

"booleanValue": True or False, # boolean

3361

"stringValue": "A String", # string

3362

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3363

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3364

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3365

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3366

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3367

},

3368

"timestampValue": "A String", # timestamp

3369

},

3370

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3371

"integerValue": "A String", # integer

3372

"floatValue": 3.14, # float

3373

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3374

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3375

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3376

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3377

},

3378

"dayOfWeekValue": "A String", # day of week

3379

"booleanValue": True or False, # boolean

3380

"stringValue": "A String", # string

3381

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3382

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3383

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3384

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3385

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3386

},

3387

"timestampValue": "A String", # timestamp

3388

},

3389

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3390

},

3391

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3392

"partToExtract": "A String", # The part of the time to keep.

3393

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3394

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3395

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3396

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3397

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3398

"name": "A String", # Name describing the field.

3399

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3400

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3401

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

3402

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3403

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3404

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3405

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3406

"key": "A String", # Required. A 128/192/256 bit key.

3407

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3408

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3409

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3410

},

3411

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3412

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3413

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3414

},

3415

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3416

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3417

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3418

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3419

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3420

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3421

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3422

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3423

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3424

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3425

},

3426

"dayOfWeekValue": "A String", # day of week

3427

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3428

"stringValue": "A String", # string

3429

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3430

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3431

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3432

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3433

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3434

},

3435

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3436

},

3437

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3438

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3439

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3440

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3441

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3442

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3443

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3444

},

3445

"dayOfWeekValue": "A String", # day of week

3446

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3447

"stringValue": "A String", # string

3448

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3449

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3450

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3451

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3452

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3453

},

3454

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3455

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3456

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3457

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3458

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3459

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3460

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3461

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3462

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3463

},

3464

"dayOfWeekValue": "A String", # day of week

3465

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3466

"stringValue": "A String", # string

3467

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3468

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3469

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3470

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3471

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3472

},

3473

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3478

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

3479

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3480

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3481

},

3482

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3483

"name": "A String", # Name describing the field.

3484

},

3485

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3486

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

3487

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3488

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3489

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3490

},

3491

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3492

"key": "A String", # Required. A 128/192/256 bit key.

3493

},

3494

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3495

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3496

},

3497

},

3498

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

3499

"commonAlphabet": "A String", # Common alphabets.

3500

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3501

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3502

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3503

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3504

},

3505

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3506

"name": "A String", # Name describing the field.

3507

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3508

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

3509

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3510

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3511

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3512

},

3513

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3514

"key": "A String", # Required. A 128/192/256 bit key.

3515

},

3516

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3517

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3518

},

3519

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3520

},

3521

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3522

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3523

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3524

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3525

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3526

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3527

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

3528

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3529

],

3530

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3531

},

3532

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

3533

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3534

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3535

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3536

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3537

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3538

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3539

"key": "A String", # Required. A 128/192/256 bit key.

3540

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3541

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3542

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3543

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3544

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3545

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3546

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

3547

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3548

"integerValue": "A String", # integer

3549

"floatValue": 3.14, # float

3550

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3551

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3552

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3553

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3554

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3555

"dayOfWeekValue": "A String", # day of week

3556

"booleanValue": True or False, # boolean

3557

"stringValue": "A String", # string

3558

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3559

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3560

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3561

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3562

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3563

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3564

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3565

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3566

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3567

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3568

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

3569

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3570

"fields": [ # Required. Input field(s) to apply the transformation to.

3571

{ # General identifier of a data field in a storage service.

3572

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3573

},

3574

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3575

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

3576

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

3577

{ # A transformation to apply to text that is identified as a specific info_type.

3578

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3579

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

3580

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3581

"integerValue": "A String", # integer

3582

"floatValue": 3.14, # float

3583

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3584

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3585

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3586

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3587

},

3588

"dayOfWeekValue": "A String", # day of week

3589

"booleanValue": True or False, # boolean

3590

"stringValue": "A String", # string

3591

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3592

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3593

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3594

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3595

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3596

},

3597

"timestampValue": "A String", # timestamp

3598

},

3599

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3600

"integerValue": "A String", # integer

3601

"floatValue": 3.14, # float

3602

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3603

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3604

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3605

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3606

},

3607

"dayOfWeekValue": "A String", # day of week

3608

"booleanValue": True or False, # boolean

3609

"stringValue": "A String", # string

3610

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3611

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3612

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3613

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3614

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3615

},

3616

"timestampValue": "A String", # timestamp

3617

},

3618

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3619

},

3620

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3621

"partToExtract": "A String", # The part of the time to keep.

3622

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3623

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3624

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3625

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3626

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3627

"name": "A String", # Name describing the field.

3628

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3629

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3630

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3631

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3632

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3633

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3634

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3635

"key": "A String", # Required. A 128/192/256 bit key.

3636

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3637

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3638

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3639

},

3640

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3641

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3642

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3643

},

3644

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3645

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3646

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3647

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3648

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3649

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3650

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3651

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3652

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3653

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3654

},

3655

"dayOfWeekValue": "A String", # day of week

3656

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3657

"stringValue": "A String", # string

3658

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3659

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3660

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3661

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3662

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3663

},

3664

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3665

},

3666

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3667

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3668

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3669

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3670

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3671

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3672

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3673

},

3674

"dayOfWeekValue": "A String", # day of week

3675

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3676

"stringValue": "A String", # string

3677

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3678

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3679

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3680

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3681

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3682

},

3683

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3684

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3685

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3686

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3687

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3688

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3689

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3690

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3691

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3692

},

3693

"dayOfWeekValue": "A String", # day of week

3694

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3695

"stringValue": "A String", # string

3696

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3697

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3698

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3699

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3700

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3701

},

3702

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3707

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

3708

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

3709

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3710

},

3711

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

3712

"name": "A String", # Name describing the field.

3713

},

3714

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

3715

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

3716

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3717

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3718

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3719

},

3720

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3721

"key": "A String", # Required. A 128/192/256 bit key.

3722

},

3723

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3724

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3725

},

3726

},

3727

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

3728

"commonAlphabet": "A String", # Common alphabets.

3729

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3730

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3731

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

3732

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

3733

},

3734

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

3735

"name": "A String", # Name describing the field.

3736

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3737

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

3738

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3739

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3740

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3741

},

3742

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3743

"key": "A String", # Required. A 128/192/256 bit key.

3744

},

3745

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3746

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3747

},

3748

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3749

},

3750

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3751

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

3752

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3753

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

3754

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

3755

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

3756

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3757

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3758

],

3759

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3760

},

3761

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

3762

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3763

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3764

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3765

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3766

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3767

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3768

"key": "A String", # Required. A 128/192/256 bit key.

3769

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3770

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3771

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3772

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3773

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3774

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3775

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

3776

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

3777

"integerValue": "A String", # integer

3778

"floatValue": 3.14, # float

3779

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3780

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3781

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3782

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3783

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3784

"dayOfWeekValue": "A String", # day of week

3785

"booleanValue": True or False, # boolean

3786

"stringValue": "A String", # string

3787

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3788

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3789

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3790

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3791

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3792

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3793

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3794

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3795

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3796

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3797

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

3798

},

3799

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

3800

{ # Type of information detected by the API.

3801

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3807

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

3808

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

3809

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

3810

"conditions": [ # A collection of conditions.

3811

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

3812

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

3813

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3814

"name": "A String", # Name describing the field.

3815

},

3816

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3817

"integerValue": "A String", # integer

3818

"floatValue": 3.14, # float

3819

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3820

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3821

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3822

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3823

},

3824

"dayOfWeekValue": "A String", # day of week

3825

"booleanValue": True or False, # boolean

3826

"stringValue": "A String", # string

3827

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3828

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3829

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3830

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3831

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3832

},

3833

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3839

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

3844

{ # Configuration to suppress records whose suppression conditions evaluate to true.

3845

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

3846

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

3847

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

3848

"conditions": [ # A collection of conditions.

3849

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

3850

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

3851

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

3852

"name": "A String", # Name describing the field.

3853

},

3854

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

3855

"integerValue": "A String", # integer

3856

"floatValue": 3.14, # float

3857

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3858

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3859

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3860

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3861

},

3862

"dayOfWeekValue": "A String", # day of week

3863

"booleanValue": True or False, # boolean

3864

"stringValue": "A String", # string

3865

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3866

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3867

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3868

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3869

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3870

},

3871

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

3883

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

3884

},

3885

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

3886

},

3887

},

3888

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

3889

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

3890

{ # A transformation to apply to text that is identified as a specific info_type.

3891

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

3892

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

3893

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

3894

"integerValue": "A String", # integer

3895

"floatValue": 3.14, # float

3896

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3897

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3898

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3899

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3900

},

3901

"dayOfWeekValue": "A String", # day of week

3902

"booleanValue": True or False, # boolean

3903

"stringValue": "A String", # string

3904

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3905

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3906

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3907

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3908

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3909

},

3910

"timestampValue": "A String", # timestamp

3911

},

3912

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

3913

"integerValue": "A String", # integer

3914

"floatValue": 3.14, # float

3915

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

3916

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3917

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

3918

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

3919

},

3920

"dayOfWeekValue": "A String", # day of week

3921

"booleanValue": True or False, # boolean

3922

"stringValue": "A String", # string

3923

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3924

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3925

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3926

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3927

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3928

},

3929

"timestampValue": "A String", # timestamp

3930

},

3931

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

3932

},

3933

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

3934

"partToExtract": "A String", # The part of the time to keep.

3935

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3936

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3937

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3938

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3939

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

3940

"name": "A String", # Name describing the field.

3941

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3942

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

3943

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

3944

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

3945

"wrappedKey": "A String", # Required. The wrapped data crypto key.

3946

},

3947

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

3948

"key": "A String", # Required. A 128/192/256 bit key.

3949

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3950

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

3951

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

3952

},

3953

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3954

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3955

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3956

},

3957

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

3958

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

3959

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3960

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3961

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3962

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3963

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3964

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3965

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3966

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3967

},

3968

"dayOfWeekValue": "A String", # day of week

3969

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3970

"stringValue": "A String", # string

3971

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3972

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3973

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3974

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3975

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3976

},

3977

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3978

},

3979

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3980

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3981

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3982

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3983

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

3984

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3985

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3986

},

3987

"dayOfWeekValue": "A String", # day of week

3988

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3989

"stringValue": "A String", # string

3990

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

3991

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

3992

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

3993

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

3994

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

3995

},

3996

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3997

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

3998

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

3999

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4000

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4001

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4002

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4003

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4004

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4005

},

4006

"dayOfWeekValue": "A String", # day of week

4007

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4008

"stringValue": "A String", # string

4009

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4010

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4011

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4012

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4013

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4014

},

4015

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4020

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4021

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4022

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4023

},

4024

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4025

"name": "A String", # Name describing the field.

4026

},

4027

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4028

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

4029

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4030

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4031

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4032

},

4033

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4034

"key": "A String", # Required. A 128/192/256 bit key.

4035

},

4036

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4037

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4038

},

4039

},

4040

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4041

"commonAlphabet": "A String", # Common alphabets.

4042

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4043

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4044

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4045

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4046

},

4047

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4048

"name": "A String", # Name describing the field.

4049

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4050

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

4051

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4052

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4053

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4054

},

4055

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4056

"key": "A String", # Required. A 128/192/256 bit key.

4057

},

4058

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4059

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4060

},

4061

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

4062

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4063

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4064

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4065

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4066

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4067

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4068

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4069

"charactersToSkip": "A String", # Characters to not transform when masking.

4070

},

4071

],

4072

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4073

},

4074

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

4075

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4076

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4077

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4078

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4079

},

4080

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4081

"key": "A String", # Required. A 128/192/256 bit key.

4082

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4083

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4084

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4085

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4086

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4087

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4088

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

4089

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4090

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4091

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4092

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4093

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4094

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4095

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4096

},

4097

"dayOfWeekValue": "A String", # day of week

4098

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4099

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4100

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4101

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4102

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4103

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4104

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4105

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4106

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4107

},

4108

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4109

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4110

},

4111

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4112

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

4113

{ # Type of information detected by the API.

4114

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4115

},

4116

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4117

},

4118

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4119

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4120

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4121

"displayName": "A String", # Display name (max 256 chars).

4122

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

4123

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

4124

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

4125

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4126

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4127

}

4128

4129

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

4136

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4137

{ # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

4138

"deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4139

"recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

4140

"fieldTransformations": [ # Transform the record by applying various field transformations.

4141

{ # The transformation to apply to the field.

4142

"primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field.

4143

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

4144

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4145

"integerValue": "A String", # integer

4146

"floatValue": 3.14, # float

4147

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4148

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4149

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4150

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4151

},

4152

"dayOfWeekValue": "A String", # day of week

4153

"booleanValue": True or False, # boolean

4154

"stringValue": "A String", # string

4155

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4156

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4157

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4158

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4159

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4160

},

4161

"timestampValue": "A String", # timestamp

4162

},

4163

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4164

"integerValue": "A String", # integer

4165

"floatValue": 3.14, # float

4166

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4167

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4168

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4169

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4170

},

4171

"dayOfWeekValue": "A String", # day of week

4172

"booleanValue": True or False, # boolean

4173

"stringValue": "A String", # string

4174

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4175

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4176

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4177

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4178

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4179

},

4180

"timestampValue": "A String", # timestamp

4181

},

4182

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4183

},

4184

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4185

"partToExtract": "A String", # The part of the time to keep.

4186

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4187

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4188

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4189

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4190

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4191

"name": "A String", # Name describing the field.

4192

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4193

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4194

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

4195

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4196

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4197

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4198

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4199

"key": "A String", # Required. A 128/192/256 bit key.

4200

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4201

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4202

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4203

},

4204

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4205

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4206

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4207

},

4208

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4209

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4210

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4211

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4212

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4213

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4214

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4215

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4216

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4217

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4218

},

4219

"dayOfWeekValue": "A String", # day of week

4220

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4221

"stringValue": "A String", # string

4222

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4223

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4224

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4225

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4226

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4227

},

4228

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4229

},

4230

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4231

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4232

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4233

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4234

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4235

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4236

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4237

},

4238

"dayOfWeekValue": "A String", # day of week

4239

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4240

"stringValue": "A String", # string

4241

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4242

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4243

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4244

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4245

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4246

},

4247

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4248

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4249

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4250

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4251

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4252

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4253

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4254

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4255

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4256

},

4257

"dayOfWeekValue": "A String", # day of week

4258

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4259

"stringValue": "A String", # string

4260

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4261

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4262

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4263

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4264

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4265

},

4266

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4271

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4272

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4273

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4274

},

4275

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4276

"name": "A String", # Name describing the field.

4277

},

4278

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4279

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

4280

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4281

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4282

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4283

},

4284

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4285

"key": "A String", # Required. A 128/192/256 bit key.

4286

},

4287

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4288

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4289

},

4290

},

4291

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4292

"commonAlphabet": "A String", # Common alphabets.

4293

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4294

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4295

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4296

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4297

},

4298

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4299

"name": "A String", # Name describing the field.

4300

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4301

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

4302

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4303

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4304

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4305

},

4306

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4307

"key": "A String", # Required. A 128/192/256 bit key.

4308

},

4309

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4310

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4311

},

4312

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4313

},

4314

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4315

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4316

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4317

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4318

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4319

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4320

"charactersToSkip": "A String", # Characters to not transform when masking.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

4321

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4322

],

4323

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4324

},

4325

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

4326

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4327

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4328

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4329

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4330

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4331

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4332

"key": "A String", # Required. A 128/192/256 bit key.

4333

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4334

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4335

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4336

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4337

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4338

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4339

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

4340

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4341

"integerValue": "A String", # integer

4342

"floatValue": 3.14, # float

4343

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4344

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4345

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4346

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4347

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4348

"dayOfWeekValue": "A String", # day of week

4349

"booleanValue": True or False, # boolean

4350

"stringValue": "A String", # string

4351

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4352

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4353

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4354

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4355

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4356

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4357

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4358

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4359

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4360

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4361

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

4362

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4363

"fields": [ # Required. Input field(s) to apply the transformation to.

4364

{ # General identifier of a data field in a storage service.

4365

"name": "A String", # Name describing the field.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4366

},

4367

],

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4368

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.

4369

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

4370

{ # A transformation to apply to text that is identified as a specific info_type.

4371

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4372

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

4373

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4374

"integerValue": "A String", # integer

4375

"floatValue": 3.14, # float

4376

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4377

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4378

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4379

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4380

},

4381

"dayOfWeekValue": "A String", # day of week

4382

"booleanValue": True or False, # boolean

4383

"stringValue": "A String", # string

4384

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4385

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4386

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4387

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4388

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4389

},

4390

"timestampValue": "A String", # timestamp

4391

},

4392

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4393

"integerValue": "A String", # integer

4394

"floatValue": 3.14, # float

4395

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4396

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4397

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4398

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4399

},

4400

"dayOfWeekValue": "A String", # day of week

4401

"booleanValue": True or False, # boolean

4402

"stringValue": "A String", # string

4403

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4404

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4405

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4406

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4407

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4408

},

4409

"timestampValue": "A String", # timestamp

4410

},

4411

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4412

},

4413

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4414

"partToExtract": "A String", # The part of the time to keep.

4415

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4416

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4417

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4418

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4419

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4420

"name": "A String", # Name describing the field.

4421

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4422

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4423

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4424

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4425

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4426

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4427

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4428

"key": "A String", # Required. A 128/192/256 bit key.

4429

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4430

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4431

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4432

},

4433

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4434

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4435

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4436

},

4437

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4438

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4439

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4440

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4441

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4442

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4443

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4444

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4445

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4446

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4447

},

4448

"dayOfWeekValue": "A String", # day of week

4449

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4450

"stringValue": "A String", # string

4451

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4452

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4453

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4454

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4455

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4456

},

4457

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4458

},

4459

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4460

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4461

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4462

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4463

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4464

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4465

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4466

},

4467

"dayOfWeekValue": "A String", # day of week

4468

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4469

"stringValue": "A String", # string

4470

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4471

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4472

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4473

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4474

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4475

},

4476

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4477

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4478

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4479

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4480

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4481

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4482

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4483

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4484

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4485

},

4486

"dayOfWeekValue": "A String", # day of week

4487

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4488

"stringValue": "A String", # string

4489

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4490

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4491

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4492

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4493

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4494

},

4495

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4500

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4501

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4502

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4503

},

4504

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4505

"name": "A String", # Name describing the field.

4506

},

4507

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4508

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

4509

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4510

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4511

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4512

},

4513

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4514

"key": "A String", # Required. A 128/192/256 bit key.

4515

},

4516

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4517

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4518

},

4519

},

4520

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4521

"commonAlphabet": "A String", # Common alphabets.

4522

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4523

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4524

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4525

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4526

},

4527

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4528

"name": "A String", # Name describing the field.

4529

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4530

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

4531

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4532

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4533

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4534

},

4535

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4536

"key": "A String", # Required. A 128/192/256 bit key.

4537

},

4538

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4539

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4540

},

4541

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4542

},

4543

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4544

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4545

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4546

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4547

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4548

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4549

"charactersToSkip": "A String", # Characters to not transform when masking.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4550

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4551

],

4552

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4553

},

4554

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

4555

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4556

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4557

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4558

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4559

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4560

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4561

"key": "A String", # Required. A 128/192/256 bit key.

4562

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4563

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4564

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4565

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4566

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4567

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4568

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

4569

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

4570

"integerValue": "A String", # integer

4571

"floatValue": 3.14, # float

4572

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4573

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4574

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4575

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4576

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4577

"dayOfWeekValue": "A String", # day of week

4578

"booleanValue": True or False, # boolean

4579

"stringValue": "A String", # string

4580

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4581

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4582

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4583

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4584

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4585

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4586

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4587

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4588

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4589

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4590

},

Dmitry Frenkel

2020-10-06 16:46:05 -0700

[diff] [blame]

4591

},

4592

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

4593

{ # Type of information detected by the API.

4594

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

},

],

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4600

"condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

4601

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

4602

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

4603

"conditions": [ # A collection of conditions.

4604

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

4605

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

4606

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

4607

"name": "A String", # Name describing the field.

4608

},

4609

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

4610

"integerValue": "A String", # integer

4611

"floatValue": 3.14, # float

4612

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4613

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4614

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4615

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4616

},

4617

"dayOfWeekValue": "A String", # day of week

4618

"booleanValue": True or False, # boolean

4619

"stringValue": "A String", # string

4620

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4621

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4622

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4623

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4624

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4625

},

4626

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4632

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

},

},

],

"recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.

4637

{ # Configuration to suppress records whose suppression conditions evaluate to true.

4638

"condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

4639

"expressions": { # An expression, consisting or an operator and conditions. # An expression.

4640

"conditions": { # A collection of conditions. # Conditions to apply to the expression.

4641

"conditions": [ # A collection of conditions.

4642

{ # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

4643

"operator": "A String", # Required. Operator used to compare the field or infoType to the value.

4644

"field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.

4645

"name": "A String", # Name describing the field.

4646

},

4647

"value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]

4648

"integerValue": "A String", # integer

4649

"floatValue": 3.14, # float

4650

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4651

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4652

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4653

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4654

},

4655

"dayOfWeekValue": "A String", # day of week

4656

"booleanValue": True or False, # boolean

4657

"stringValue": "A String", # string

4658

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4659

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4660

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4661

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4662

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4663

},

4664

"timestampValue": "A String", # timestamp

},

},

],

},

"logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.

},

},

},

],

},

"transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.

4676

"leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors

4677

},

4678

"throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error

4679

},

4680

},

4681

"infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.

4682

"transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.

4683

{ # A transformation to apply to text that is identified as a specific info_type.

4684

"primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.

4685

"fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing

4686

"upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+".

4687

"integerValue": "A String", # integer

4688

"floatValue": 3.14, # float

4689

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4690

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4691

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4692

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4693

},

4694

"dayOfWeekValue": "A String", # day of week

4695

"booleanValue": True or False, # boolean

4696

"stringValue": "A String", # string

4697

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4698

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4699

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4700

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4701

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4702

},

4703

"timestampValue": "A String", # timestamp

4704

},

4705

"lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10".

4706

"integerValue": "A String", # integer

4707

"floatValue": 3.14, # float

4708

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

4709

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4710

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

4711

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

4712

},

4713

"dayOfWeekValue": "A String", # day of week

4714

"booleanValue": True or False, # boolean

4715

"stringValue": "A String", # string

4716

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4717

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4718

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4719

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4720

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4721

},

4722

"timestampValue": "A String", # timestamp

4723

},

4724

"bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.

4725

},

4726

"timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction

4727

"partToExtract": "A String", # The part of the time to keep.

4728

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4729

"dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4730

"upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4731

"lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4732

"context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

4733

"name": "A String", # Name describing the field.

4734

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4735

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4736

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4737

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4738

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4739

},

4740

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4741

"key": "A String", # Required. A 128/192/256 bit key.

4742

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4743

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4744

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4745

},

4746

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4747

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4748

"replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4749

},

4750

"bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing

4751

"buckets": [ # Set of buckets. Ranges must be non-overlapping.

4752

{ # Bucket is represented as a range, along with replacement values.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4753

"min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4754

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4755

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4756

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4757

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4758

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4759

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4760

},

4761

"dayOfWeekValue": "A String", # day of week

4762

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4763

"stringValue": "A String", # string

4764

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4765

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4766

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4767

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4768

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4769

},

4770

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4771

},

4772

"replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4773

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4774

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4775

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4776

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4777

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4778

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4779

},

4780

"dayOfWeekValue": "A String", # day of week

4781

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4782

"stringValue": "A String", # string

4783

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4784

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4785

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4786

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4787

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4788

},

4789

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4790

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4791

"max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4792

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4793

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4794

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4795

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4796

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4797

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4798

},

4799

"dayOfWeekValue": "A String", # day of week

4800

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4801

"stringValue": "A String", # string

4802

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

4803

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

4804

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4805

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

4806

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

4807

},

4808

"timestampValue": "A String", # timestamp

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

},

},

],

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4813

"cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe

4814

"surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

4815

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4816

},

4817

"context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

4818

"name": "A String", # Name describing the field.

4819

},

4820

"customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

4821

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.

4822

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4823

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4824

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4825

},

4826

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4827

"key": "A String", # Required. A 128/192/256 bit key.

4828

},

4829

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4830

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4831

},

4832

},

4833

"radix": 42, # The native way to select the alphabet. Must be in the range [2, 95].

4834

"commonAlphabet": "A String", # Common alphabets.

4835

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4836

"cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4837

"surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

4838

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4839

},

4840

"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.

4841

"name": "A String", # Name describing the field.

4842

},

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4843

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.

4844

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4845

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4846

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4847

},

4848

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4849

"key": "A String", # Required. A 128/192/256 bit key.

4850

},

4851

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4852

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4853

},

4854

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

4855

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4856

"characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4857

"numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

4858

"maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4859

"charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.

4860

{ # Characters to skip when doing deidentification of a value. These will be left alone and skipped.

4861

"commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation.

4862

"charactersToSkip": "A String", # Characters to not transform when masking.

4863

},

4864

],

4865

"reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4866

},

4867

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto

4868

"cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4869

"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key

4870

"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.

4871

"wrappedKey": "A String", # Required. The wrapped data crypto key.

4872

},

4873

"unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key

4874

"key": "A String", # Required. A 128/192/256 bit key.

4875

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4876

"transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key

4877

"name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

4878

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4879

},

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4880

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4881

"replaceConfig": { # Replace each input value with a given `Value`. # Replace

4882

"newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4883

"integerValue": "A String", # integer

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4884

"floatValue": 3.14, # float

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4885

"dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4886

"month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

4887

"year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4888

"day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4889

},

4890

"dayOfWeekValue": "A String", # day of week

4891

"booleanValue": True or False, # boolean

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4892

"stringValue": "A String", # string

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4893

"timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4894

"minutes": 42, # Minutes of hour of day. Must be from 0 to 59.

Yoshi Automation Bot

2020-11-24 15:48:03 -0800

[diff] [blame]

4895

"nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

4896

"seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4897

"hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4898

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4899

"timestampValue": "A String", # timestamp

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4900

},

4901

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4902

"redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact

Bu Sun Kim

2020-11-16 11:05:03 -0700

[diff] [blame]

4903

},

4904

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4905

"infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.

4906

{ # Type of information detected by the API.

4907

"name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.

4908

},

4909

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

4910

},

4911

],

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

4912

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

4913

},

Yoshi Automation Bot

2020-11-25 07:50:41 -0800

[diff] [blame]

4914

"displayName": "A String", # Display name (max 256 chars).

4915

"createTime": "A String", # Output only. The creation timestamp of an inspectTemplate.

4916

"updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate.

4917

"name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`

4918

"description": "A String", # Short description (max 256 chars).

Bu Sun Kim