blob: b00012b3ba12eebebc661c086bc165ef9b8e2259 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.deidentifyTemplates.html">deidentifyTemplates</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070078 <code><a href="#close">close()</a></code></p>
79<p class="firstline">Close httplib2 connections.</p>
80<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070081 <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070082<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070083<p class="toc_element">
84 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070085<p class="firstline">Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070086<p class="toc_element">
87 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070088<p class="firstline">Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070089<p class="toc_element">
Yoshi Automation Botb6971b02020-11-26 17:16:03 -080090 <code><a href="#list">list(parent, orderBy=None, locationId=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070091<p class="firstline">Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070092<p class="toc_element">
93 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
94<p class="firstline">Retrieves the next page of results.</p>
95<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070096 <code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070097<p class="firstline">Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070098<h3>Method Details</h3>
99<div class="method">
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700100 <code class="details" id="close">close()</code>
101 <pre>Close httplib2 connections.</pre>
102</div>
103
104<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700105 <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700106 <pre>Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700107
108Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700109 parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700110 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700111 The object takes the form of:
112
113{ # Request message for CreateDeidentifyTemplate.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700114 &quot;deidentifyTemplate&quot;: { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # Required. The DeidentifyTemplate to create.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800115 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
116 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
117 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
118 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
119 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700120 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800121 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
122 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
123 { # A transformation to apply to text that is identified as a specific info_type.
124 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800125 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800126 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
127 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800128 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
129 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800130 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800131 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800132 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800133 &quot;stringValue&quot;: &quot;A String&quot;, # string
134 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
135 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800136 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
137 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800138 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800139 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800140 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
141 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
142 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800143 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800144 },
145 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
146 &quot;integerValue&quot;: &quot;A String&quot;, # integer
147 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
148 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
149 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
150 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
151 },
152 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800153 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800154 &quot;floatValue&quot;: 3.14, # float
155 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
156 &quot;booleanValue&quot;: True or False, # boolean
157 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
158 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
159 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
160 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
161 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
162 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800163 },
164 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
165 },
166 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
167 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
168 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800169 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800170 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
171 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
172 },
173 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
174 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
175 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800176 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
177 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
178 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
179 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
180 },
181 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
182 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
183 },
184 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
185 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
186 },
187 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700188 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800189 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
190 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
191 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
192 },
193 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
194 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
195 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
196 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
197 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
198 },
199 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
200 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
201 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
202 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
203 },
204 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
205 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
206 },
207 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
208 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
209 },
210 },
211 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700212 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800213 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800214 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800215 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700216 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
217 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
218 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
219 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700220 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700221 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700222 },
223 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
224 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700225 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
226 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
227 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
228 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700229 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
230 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
231 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700232 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
233 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
234 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700235 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700236 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800237 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
238 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
239 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800240 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
241 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800242 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800243 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800244 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800245 &quot;stringValue&quot;: &quot;A String&quot;, # string
246 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
247 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800248 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
249 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800250 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800251 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800252 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
253 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
254 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800255 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800256 },
257 },
258 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
259 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
260 { # Bucket is represented as a range, along with replacement values.
261 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
262 &quot;integerValue&quot;: &quot;A String&quot;, # integer
263 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
264 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
265 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
266 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
267 },
268 &quot;stringValue&quot;: &quot;A String&quot;, # string
269 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
270 &quot;floatValue&quot;: 3.14, # float
271 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
272 &quot;booleanValue&quot;: True or False, # boolean
273 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
274 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
275 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
276 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
277 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
278 },
279 },
280 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
281 &quot;integerValue&quot;: &quot;A String&quot;, # integer
282 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
283 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
284 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
285 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
286 },
287 &quot;stringValue&quot;: &quot;A String&quot;, # string
288 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
289 &quot;floatValue&quot;: 3.14, # float
290 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
291 &quot;booleanValue&quot;: True or False, # boolean
292 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
293 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
294 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
295 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
296 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
297 },
298 },
299 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
300 &quot;integerValue&quot;: &quot;A String&quot;, # integer
301 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
302 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
303 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
304 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
305 },
306 &quot;stringValue&quot;: &quot;A String&quot;, # string
307 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
308 &quot;floatValue&quot;: 3.14, # float
309 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
310 &quot;booleanValue&quot;: True or False, # boolean
311 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
312 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
313 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
314 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
315 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
316 },
317 },
318 },
319 ],
320 },
321 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
322 },
323 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
324 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
325 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
326 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
327 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
328 },
329 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
330 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
331 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
332 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
333 },
334 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
335 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
336 },
337 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
338 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
339 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800340 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700341 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800342 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700343 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700344 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800345 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
346 { # Type of information detected by the API.
347 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
348 },
349 ],
350 },
351 ],
352 },
353 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
354 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
355 },
356 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
357 },
358 },
359 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
360 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
361 { # The transformation to apply to the field.
362 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
363 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
364 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
365 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
366 &quot;conditions&quot;: [ # A collection of conditions.
367 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
368 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
369 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
370 },
371 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
372 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
373 &quot;integerValue&quot;: &quot;A String&quot;, # integer
374 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
375 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
376 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
377 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
378 },
379 &quot;stringValue&quot;: &quot;A String&quot;, # string
380 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
381 &quot;floatValue&quot;: 3.14, # float
382 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
383 &quot;booleanValue&quot;: True or False, # boolean
384 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
385 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
386 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
387 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
388 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
389 },
390 },
391 },
392 ],
393 },
394 },
395 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800396 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
397 { # General identifier of a data field in a storage service.
398 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700399 },
400 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800401 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
402 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
403 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
404 &quot;integerValue&quot;: &quot;A String&quot;, # integer
405 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
406 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
407 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
408 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
409 },
410 &quot;stringValue&quot;: &quot;A String&quot;, # string
411 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
412 &quot;floatValue&quot;: 3.14, # float
413 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
414 &quot;booleanValue&quot;: True or False, # boolean
415 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
416 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
417 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
418 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
419 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
420 },
421 },
422 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
423 &quot;integerValue&quot;: &quot;A String&quot;, # integer
424 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
425 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
426 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
427 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
428 },
429 &quot;stringValue&quot;: &quot;A String&quot;, # string
430 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
431 &quot;floatValue&quot;: 3.14, # float
432 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
433 &quot;booleanValue&quot;: True or False, # boolean
434 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
435 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
436 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
437 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
438 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
439 },
440 },
441 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
442 },
443 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
444 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
445 },
446 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
447 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
448 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
449 },
450 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
451 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
452 },
453 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
454 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
455 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
456 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
457 },
458 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
459 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
460 },
461 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
462 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
463 },
464 },
465 },
466 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
467 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
468 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
469 },
470 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
471 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
472 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
473 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
474 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
475 },
476 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
477 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
478 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
479 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
480 },
481 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
482 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
483 },
484 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
485 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
486 },
487 },
488 },
489 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
490 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
491 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
492 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
493 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
494 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
495 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
496 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
497 },
498 ],
499 },
500 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
501 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
502 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
503 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
504 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
505 },
506 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
507 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
508 },
509 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
510 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
511 },
512 },
513 },
514 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
515 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
516 &quot;integerValue&quot;: &quot;A String&quot;, # integer
517 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
518 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
519 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
520 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
521 },
522 &quot;stringValue&quot;: &quot;A String&quot;, # string
523 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
524 &quot;floatValue&quot;: 3.14, # float
525 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
526 &quot;booleanValue&quot;: True or False, # boolean
527 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
528 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
529 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
530 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
531 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
532 },
533 },
534 },
535 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
536 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
537 { # Bucket is represented as a range, along with replacement values.
538 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
539 &quot;integerValue&quot;: &quot;A String&quot;, # integer
540 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
541 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
542 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
543 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
544 },
545 &quot;stringValue&quot;: &quot;A String&quot;, # string
546 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
547 &quot;floatValue&quot;: 3.14, # float
548 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
549 &quot;booleanValue&quot;: True or False, # boolean
550 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
551 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
552 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
553 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
554 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
555 },
556 },
557 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
558 &quot;integerValue&quot;: &quot;A String&quot;, # integer
559 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
560 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
561 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
562 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
563 },
564 &quot;stringValue&quot;: &quot;A String&quot;, # string
565 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
566 &quot;floatValue&quot;: 3.14, # float
567 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
568 &quot;booleanValue&quot;: True or False, # boolean
569 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
570 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
571 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
572 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
573 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
574 },
575 },
576 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
577 &quot;integerValue&quot;: &quot;A String&quot;, # integer
578 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
579 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
580 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
581 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
582 },
583 &quot;stringValue&quot;: &quot;A String&quot;, # string
584 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
585 &quot;floatValue&quot;: 3.14, # float
586 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
587 &quot;booleanValue&quot;: True or False, # boolean
588 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
589 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
590 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
591 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
592 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
593 },
594 },
595 },
596 ],
597 },
598 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
599 },
600 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
601 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
602 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
603 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
604 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
605 },
606 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
607 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
608 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
609 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
610 },
611 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
612 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
613 },
614 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
615 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
616 },
617 },
618 },
619 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
620 },
621 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700622 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
623 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
624 { # A transformation to apply to text that is identified as a specific info_type.
625 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800626 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800627 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
628 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800629 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
630 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800631 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800632 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800633 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800634 &quot;stringValue&quot;: &quot;A String&quot;, # string
635 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
636 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800637 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
638 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800639 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800640 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800641 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
642 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
643 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800644 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800645 },
646 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
647 &quot;integerValue&quot;: &quot;A String&quot;, # integer
648 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
649 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
650 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
651 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
652 },
653 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800654 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800655 &quot;floatValue&quot;: 3.14, # float
656 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
657 &quot;booleanValue&quot;: True or False, # boolean
658 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
659 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
660 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
661 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
662 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
663 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800664 },
665 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
666 },
667 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
668 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
669 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800670 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800671 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
672 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
673 },
674 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
675 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
676 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800677 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
678 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
679 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
680 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
681 },
682 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
683 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
684 },
685 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
686 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
687 },
688 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700689 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800690 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
691 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
692 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
693 },
694 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
695 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
696 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
697 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
698 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
699 },
700 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
701 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
702 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
703 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
704 },
705 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
706 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
707 },
708 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
709 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
710 },
711 },
712 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700713 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800714 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800715 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800716 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700717 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
718 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
719 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
720 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700721 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700722 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700723 },
724 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
725 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700726 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
727 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
728 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
729 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700730 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
731 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
732 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700733 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
734 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
735 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700736 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700737 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800738 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
739 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
740 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800741 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
742 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800743 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800744 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800745 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800746 &quot;stringValue&quot;: &quot;A String&quot;, # string
747 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
748 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800749 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
750 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800751 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800752 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800753 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
754 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
755 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800756 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800757 },
758 },
759 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
760 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
761 { # Bucket is represented as a range, along with replacement values.
762 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
763 &quot;integerValue&quot;: &quot;A String&quot;, # integer
764 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
765 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
766 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
767 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
768 },
769 &quot;stringValue&quot;: &quot;A String&quot;, # string
770 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
771 &quot;floatValue&quot;: 3.14, # float
772 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
773 &quot;booleanValue&quot;: True or False, # boolean
774 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
775 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
776 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
777 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
778 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
779 },
780 },
781 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
782 &quot;integerValue&quot;: &quot;A String&quot;, # integer
783 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
784 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
785 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
786 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
787 },
788 &quot;stringValue&quot;: &quot;A String&quot;, # string
789 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
790 &quot;floatValue&quot;: 3.14, # float
791 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
792 &quot;booleanValue&quot;: True or False, # boolean
793 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
794 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
795 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
796 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
797 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
798 },
799 },
800 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
801 &quot;integerValue&quot;: &quot;A String&quot;, # integer
802 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
803 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
804 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
805 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
806 },
807 &quot;stringValue&quot;: &quot;A String&quot;, # string
808 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
809 &quot;floatValue&quot;: 3.14, # float
810 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
811 &quot;booleanValue&quot;: True or False, # boolean
812 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
813 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
814 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
815 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
816 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
817 },
818 },
819 },
820 ],
821 },
822 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
823 },
824 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
825 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
826 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
827 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
828 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
829 },
830 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
831 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
832 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
833 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
834 },
835 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
836 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
837 },
838 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
839 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
840 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800841 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700842 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800843 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700844 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700845 },
846 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
847 { # Type of information detected by the API.
848 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
849 },
850 ],
851 },
852 ],
853 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800854 },
855 ],
856 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
857 { # Configuration to suppress records whose suppression conditions evaluate to true.
858 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
859 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800860 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800861 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
862 &quot;conditions&quot;: [ # A collection of conditions.
863 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800864 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
865 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
866 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800867 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800868 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
869 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800870 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
871 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800872 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800873 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800874 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800875 &quot;stringValue&quot;: &quot;A String&quot;, # string
876 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
877 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800878 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
879 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800880 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800881 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800882 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
883 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
884 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800885 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800886 },
887 },
888 ],
889 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800890 },
891 },
892 },
893 ],
894 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700895 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700896 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700897 &quot;templateId&quot;: &quot;A String&quot;, # The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800898 &quot;locationId&quot;: &quot;A String&quot;, # Deprecated. This field has no effect.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700899 }
900
901 x__xgafv: string, V1 error format.
902 Allowed values
903 1 - v1 error format
904 2 - v2 error format
905
906Returns:
907 An object of the form:
908
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700909 { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800910 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
911 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
912 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
913 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
914 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700915 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800916 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
917 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
918 { # A transformation to apply to text that is identified as a specific info_type.
919 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800920 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800921 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
922 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800923 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
924 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800925 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800926 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800927 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800928 &quot;stringValue&quot;: &quot;A String&quot;, # string
929 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
930 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800931 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
932 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800933 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800934 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800935 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
936 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
937 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800938 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800939 },
940 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
941 &quot;integerValue&quot;: &quot;A String&quot;, # integer
942 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
943 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
944 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
945 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
946 },
947 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800948 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800949 &quot;floatValue&quot;: 3.14, # float
950 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
951 &quot;booleanValue&quot;: True or False, # boolean
952 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
953 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
954 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
955 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
956 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
957 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800958 },
959 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
960 },
961 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
962 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
963 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800964 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -0800965 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
966 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
967 },
968 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
969 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
970 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800971 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
972 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
973 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
974 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
975 },
976 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
977 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
978 },
979 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
980 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
981 },
982 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700983 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800984 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
985 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
986 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
987 },
988 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
989 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
990 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
991 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
992 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
993 },
994 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
995 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
996 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
997 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
998 },
999 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1000 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1001 },
1002 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1003 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1004 },
1005 },
1006 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001007 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001008 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001009 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001010 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001011 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
1012 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
1013 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
1014 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001015 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001016 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001017 },
1018 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
1019 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001020 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1021 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1022 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1023 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001024 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1025 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1026 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001027 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1028 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1029 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001030 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001031 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001032 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1033 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
1034 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001035 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1036 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001037 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001038 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001039 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001040 &quot;stringValue&quot;: &quot;A String&quot;, # string
1041 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1042 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001043 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1044 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001045 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001046 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001047 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1048 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1049 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001050 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001051 },
1052 },
1053 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
1054 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
1055 { # Bucket is represented as a range, along with replacement values.
1056 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
1057 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1058 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1059 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1060 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1061 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1062 },
1063 &quot;stringValue&quot;: &quot;A String&quot;, # string
1064 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1065 &quot;floatValue&quot;: 3.14, # float
1066 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1067 &quot;booleanValue&quot;: True or False, # boolean
1068 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1069 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1070 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1071 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1072 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1073 },
1074 },
1075 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
1076 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1077 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1078 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1079 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1080 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1081 },
1082 &quot;stringValue&quot;: &quot;A String&quot;, # string
1083 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1084 &quot;floatValue&quot;: 3.14, # float
1085 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1086 &quot;booleanValue&quot;: True or False, # boolean
1087 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1088 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1089 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1090 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1091 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1092 },
1093 },
1094 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
1095 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1096 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1097 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1098 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1099 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1100 },
1101 &quot;stringValue&quot;: &quot;A String&quot;, # string
1102 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1103 &quot;floatValue&quot;: 3.14, # float
1104 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1105 &quot;booleanValue&quot;: True or False, # boolean
1106 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1107 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1108 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1109 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1110 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1111 },
1112 },
1113 },
1114 ],
1115 },
1116 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
1117 },
1118 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
1119 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
1120 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
1121 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
1122 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1123 },
1124 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
1125 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1126 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1127 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1128 },
1129 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1130 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1131 },
1132 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1133 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1134 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001135 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001136 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001137 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001138 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001139 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001140 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
1141 { # Type of information detected by the API.
1142 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1143 },
1144 ],
1145 },
1146 ],
1147 },
1148 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
1149 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
1150 },
1151 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
1152 },
1153 },
1154 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
1155 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
1156 { # The transformation to apply to the field.
1157 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
1158 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
1159 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
1160 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
1161 &quot;conditions&quot;: [ # A collection of conditions.
1162 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
1163 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
1164 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1165 },
1166 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
1167 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
1168 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1169 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1170 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1171 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1172 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1173 },
1174 &quot;stringValue&quot;: &quot;A String&quot;, # string
1175 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1176 &quot;floatValue&quot;: 3.14, # float
1177 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1178 &quot;booleanValue&quot;: True or False, # boolean
1179 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1180 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1181 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1182 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1183 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1184 },
1185 },
1186 },
1187 ],
1188 },
1189 },
1190 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001191 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
1192 { # General identifier of a data field in a storage service.
1193 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001194 },
1195 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001196 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
1197 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
1198 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
1199 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1200 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1201 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1202 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1203 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1204 },
1205 &quot;stringValue&quot;: &quot;A String&quot;, # string
1206 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1207 &quot;floatValue&quot;: 3.14, # float
1208 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1209 &quot;booleanValue&quot;: True or False, # boolean
1210 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1211 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1212 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1213 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1214 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1215 },
1216 },
1217 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
1218 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1219 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1220 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1221 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1222 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1223 },
1224 &quot;stringValue&quot;: &quot;A String&quot;, # string
1225 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1226 &quot;floatValue&quot;: 3.14, # float
1227 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1228 &quot;booleanValue&quot;: True or False, # boolean
1229 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1230 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1231 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1232 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1233 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1234 },
1235 },
1236 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
1237 },
1238 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
1239 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
1240 },
1241 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
1242 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
1243 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1244 },
1245 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
1246 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1247 },
1248 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
1249 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1250 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1251 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1252 },
1253 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1254 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1255 },
1256 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1257 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1258 },
1259 },
1260 },
1261 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
1262 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
1263 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1264 },
1265 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
1266 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
1267 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
1268 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
1269 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1270 },
1271 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
1272 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1273 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1274 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1275 },
1276 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1277 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1278 },
1279 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1280 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1281 },
1282 },
1283 },
1284 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
1285 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
1286 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
1287 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
1288 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
1289 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
1290 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
1291 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
1292 },
1293 ],
1294 },
1295 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
1296 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
1297 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1298 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1299 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1300 },
1301 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1302 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1303 },
1304 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1305 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1306 },
1307 },
1308 },
1309 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1310 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
1311 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1312 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1313 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1314 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1315 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1316 },
1317 &quot;stringValue&quot;: &quot;A String&quot;, # string
1318 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1319 &quot;floatValue&quot;: 3.14, # float
1320 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1321 &quot;booleanValue&quot;: True or False, # boolean
1322 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1323 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1324 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1325 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1326 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1327 },
1328 },
1329 },
1330 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
1331 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
1332 { # Bucket is represented as a range, along with replacement values.
1333 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
1334 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1335 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1336 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1337 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1338 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1339 },
1340 &quot;stringValue&quot;: &quot;A String&quot;, # string
1341 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1342 &quot;floatValue&quot;: 3.14, # float
1343 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1344 &quot;booleanValue&quot;: True or False, # boolean
1345 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1346 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1347 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1348 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1349 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1350 },
1351 },
1352 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
1353 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1354 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1355 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1356 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1357 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1358 },
1359 &quot;stringValue&quot;: &quot;A String&quot;, # string
1360 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1361 &quot;floatValue&quot;: 3.14, # float
1362 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1363 &quot;booleanValue&quot;: True or False, # boolean
1364 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1365 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1366 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1367 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1368 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1369 },
1370 },
1371 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
1372 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1373 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1374 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1375 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1376 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1377 },
1378 &quot;stringValue&quot;: &quot;A String&quot;, # string
1379 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1380 &quot;floatValue&quot;: 3.14, # float
1381 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1382 &quot;booleanValue&quot;: True or False, # boolean
1383 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1384 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1385 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1386 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1387 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1388 },
1389 },
1390 },
1391 ],
1392 },
1393 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
1394 },
1395 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
1396 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
1397 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
1398 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
1399 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1400 },
1401 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
1402 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1403 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1404 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1405 },
1406 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1407 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1408 },
1409 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1410 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1411 },
1412 },
1413 },
1414 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
1415 },
1416 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001417 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
1418 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
1419 { # A transformation to apply to text that is identified as a specific info_type.
1420 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001421 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001422 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
1423 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001424 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1425 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001426 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001427 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001428 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001429 &quot;stringValue&quot;: &quot;A String&quot;, # string
1430 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1431 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001432 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1433 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001434 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001435 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001436 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1437 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1438 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001439 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001440 },
1441 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
1442 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1443 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1444 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1445 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1446 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1447 },
1448 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001449 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001450 &quot;floatValue&quot;: 3.14, # float
1451 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1452 &quot;booleanValue&quot;: True or False, # boolean
1453 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1454 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1455 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1456 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1457 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1458 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001459 },
1460 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
1461 },
1462 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
1463 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
1464 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001465 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001466 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
1467 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1468 },
1469 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
1470 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1471 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001472 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
1473 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1474 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1475 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1476 },
1477 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1478 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1479 },
1480 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1481 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1482 },
1483 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001484 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001485 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
1486 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
1487 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1488 },
1489 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
1490 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
1491 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
1492 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
1493 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1494 },
1495 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
1496 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1497 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1498 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1499 },
1500 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1501 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1502 },
1503 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1504 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1505 },
1506 },
1507 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001508 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001509 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001510 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001511 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001512 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
1513 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
1514 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
1515 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001516 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001517 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001518 },
1519 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
1520 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001521 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1522 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1523 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1524 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001525 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1526 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1527 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001528 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1529 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1530 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001531 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001532 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001533 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1534 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
1535 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001536 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1537 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001538 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001539 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001540 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001541 &quot;stringValue&quot;: &quot;A String&quot;, # string
1542 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1543 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001544 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1545 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001546 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001547 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001548 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1549 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1550 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001551 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001552 },
1553 },
1554 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
1555 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
1556 { # Bucket is represented as a range, along with replacement values.
1557 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
1558 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1559 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1560 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1561 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1562 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1563 },
1564 &quot;stringValue&quot;: &quot;A String&quot;, # string
1565 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1566 &quot;floatValue&quot;: 3.14, # float
1567 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1568 &quot;booleanValue&quot;: True or False, # boolean
1569 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1570 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1571 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1572 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1573 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1574 },
1575 },
1576 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
1577 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1578 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1579 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1580 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1581 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1582 },
1583 &quot;stringValue&quot;: &quot;A String&quot;, # string
1584 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1585 &quot;floatValue&quot;: 3.14, # float
1586 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1587 &quot;booleanValue&quot;: True or False, # boolean
1588 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1589 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1590 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1591 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1592 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1593 },
1594 },
1595 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
1596 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1597 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1598 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1599 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1600 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1601 },
1602 &quot;stringValue&quot;: &quot;A String&quot;, # string
1603 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1604 &quot;floatValue&quot;: 3.14, # float
1605 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1606 &quot;booleanValue&quot;: True or False, # boolean
1607 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1608 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1609 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1610 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1611 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1612 },
1613 },
1614 },
1615 ],
1616 },
1617 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
1618 },
1619 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
1620 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
1621 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
1622 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
1623 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1624 },
1625 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
1626 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1627 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1628 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1629 },
1630 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1631 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1632 },
1633 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1634 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1635 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001636 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001637 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001638 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001639 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001640 },
1641 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
1642 { # Type of information detected by the API.
1643 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1644 },
1645 ],
1646 },
1647 ],
1648 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001649 },
1650 ],
1651 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
1652 { # Configuration to suppress records whose suppression conditions evaluate to true.
1653 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
1654 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001655 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001656 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
1657 &quot;conditions&quot;: [ # A collection of conditions.
1658 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001659 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
1660 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1661 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001662 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001663 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
1664 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001665 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1666 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001667 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001668 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001669 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001670 &quot;stringValue&quot;: &quot;A String&quot;, # string
1671 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1672 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001673 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1674 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001675 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001676 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001677 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1678 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1679 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001680 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001681 },
1682 },
1683 ],
1684 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001685 },
1686 },
1687 },
1688 ],
1689 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001690 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001691 }</pre>
1692</div>
1693
1694<div class="method">
1695 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001696 <pre>Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001697
1698Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001699 name: string, Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001700 x__xgafv: string, V1 error format.
1701 Allowed values
1702 1 - v1 error format
1703 2 - v2 error format
1704
1705Returns:
1706 An object of the form:
1707
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001708 { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001709 }</pre>
1710</div>
1711
1712<div class="method">
1713 <code class="details" id="get">get(name, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001714 <pre>Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001715
1716Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001717 name: string, Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001718 x__xgafv: string, V1 error format.
1719 Allowed values
1720 1 - v1 error format
1721 2 - v2 error format
1722
1723Returns:
1724 An object of the form:
1725
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001726 { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001727 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
1728 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
1729 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
1730 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
1731 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001732 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001733 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
1734 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
1735 { # A transformation to apply to text that is identified as a specific info_type.
1736 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001737 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001738 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
1739 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001740 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1741 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001742 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001743 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001744 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001745 &quot;stringValue&quot;: &quot;A String&quot;, # string
1746 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1747 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001748 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1749 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001750 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001751 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001752 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1753 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1754 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001755 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001756 },
1757 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
1758 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1759 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1760 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1761 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1762 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1763 },
1764 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001765 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001766 &quot;floatValue&quot;: 3.14, # float
1767 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1768 &quot;booleanValue&quot;: True or False, # boolean
1769 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1770 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1771 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1772 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1773 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1774 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001775 },
1776 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
1777 },
1778 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
1779 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
1780 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001781 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001782 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
1783 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1784 },
1785 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
1786 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1787 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001788 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
1789 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1790 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1791 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1792 },
1793 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1794 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1795 },
1796 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1797 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1798 },
1799 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001800 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001801 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
1802 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
1803 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1804 },
1805 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
1806 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
1807 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
1808 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
1809 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1810 },
1811 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
1812 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1813 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1814 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1815 },
1816 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1817 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1818 },
1819 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1820 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1821 },
1822 },
1823 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001824 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001825 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001826 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001827 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001828 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
1829 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
1830 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
1831 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001832 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001833 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001834 },
1835 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
1836 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001837 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1838 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1839 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1840 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001841 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1842 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1843 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001844 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1845 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1846 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001847 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07001848 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001849 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1850 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
1851 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001852 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1853 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001854 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001855 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001856 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001857 &quot;stringValue&quot;: &quot;A String&quot;, # string
1858 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1859 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001860 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1861 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001862 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001863 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001864 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1865 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1866 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001867 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001868 },
1869 },
1870 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
1871 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
1872 { # Bucket is represented as a range, along with replacement values.
1873 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
1874 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1875 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1876 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1877 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1878 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1879 },
1880 &quot;stringValue&quot;: &quot;A String&quot;, # string
1881 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1882 &quot;floatValue&quot;: 3.14, # float
1883 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1884 &quot;booleanValue&quot;: True or False, # boolean
1885 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1886 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1887 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1888 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1889 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1890 },
1891 },
1892 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
1893 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1894 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1895 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1896 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1897 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1898 },
1899 &quot;stringValue&quot;: &quot;A String&quot;, # string
1900 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1901 &quot;floatValue&quot;: 3.14, # float
1902 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1903 &quot;booleanValue&quot;: True or False, # boolean
1904 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1905 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1906 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1907 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1908 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1909 },
1910 },
1911 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
1912 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1913 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1914 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1915 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1916 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1917 },
1918 &quot;stringValue&quot;: &quot;A String&quot;, # string
1919 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1920 &quot;floatValue&quot;: 3.14, # float
1921 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1922 &quot;booleanValue&quot;: True or False, # boolean
1923 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1924 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1925 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1926 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
1927 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1928 },
1929 },
1930 },
1931 ],
1932 },
1933 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
1934 },
1935 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
1936 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
1937 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
1938 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
1939 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1940 },
1941 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
1942 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
1943 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1944 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1945 },
1946 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
1947 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1948 },
1949 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
1950 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
1951 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08001952 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001953 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08001954 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07001955 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001956 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08001957 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
1958 { # Type of information detected by the API.
1959 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
1960 },
1961 ],
1962 },
1963 ],
1964 },
1965 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
1966 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
1967 },
1968 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
1969 },
1970 },
1971 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
1972 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
1973 { # The transformation to apply to the field.
1974 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
1975 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
1976 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
1977 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
1978 &quot;conditions&quot;: [ # A collection of conditions.
1979 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
1980 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
1981 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1982 },
1983 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
1984 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
1985 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1986 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
1987 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
1988 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
1989 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
1990 },
1991 &quot;stringValue&quot;: &quot;A String&quot;, # string
1992 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1993 &quot;floatValue&quot;: 3.14, # float
1994 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1995 &quot;booleanValue&quot;: True or False, # boolean
1996 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
1997 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1998 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1999 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2000 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2001 },
2002 },
2003 },
2004 ],
2005 },
2006 },
2007 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002008 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
2009 { # General identifier of a data field in a storage service.
2010 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002011 },
2012 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002013 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
2014 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
2015 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
2016 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2017 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2018 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2019 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2020 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2021 },
2022 &quot;stringValue&quot;: &quot;A String&quot;, # string
2023 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2024 &quot;floatValue&quot;: 3.14, # float
2025 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2026 &quot;booleanValue&quot;: True or False, # boolean
2027 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2028 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2029 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2030 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2031 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2032 },
2033 },
2034 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
2035 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2036 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2037 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2038 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2039 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2040 },
2041 &quot;stringValue&quot;: &quot;A String&quot;, # string
2042 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2043 &quot;floatValue&quot;: 3.14, # float
2044 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2045 &quot;booleanValue&quot;: True or False, # boolean
2046 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2047 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2048 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2049 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2050 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2051 },
2052 },
2053 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
2054 },
2055 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
2056 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2057 },
2058 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
2059 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
2060 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2061 },
2062 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
2063 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2064 },
2065 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
2066 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2067 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2068 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2069 },
2070 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2071 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2072 },
2073 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2074 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2075 },
2076 },
2077 },
2078 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
2079 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
2080 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2081 },
2082 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
2083 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
2084 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
2085 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
2086 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2087 },
2088 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
2089 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2090 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2091 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2092 },
2093 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2094 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2095 },
2096 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2097 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2098 },
2099 },
2100 },
2101 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
2102 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
2103 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
2104 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
2105 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
2106 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
2107 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
2108 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
2109 },
2110 ],
2111 },
2112 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
2113 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
2114 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2115 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2116 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2117 },
2118 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2119 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2120 },
2121 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2122 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2123 },
2124 },
2125 },
2126 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
2127 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
2128 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2129 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2130 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2131 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2132 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2133 },
2134 &quot;stringValue&quot;: &quot;A String&quot;, # string
2135 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2136 &quot;floatValue&quot;: 3.14, # float
2137 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2138 &quot;booleanValue&quot;: True or False, # boolean
2139 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2140 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2141 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2142 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2143 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2144 },
2145 },
2146 },
2147 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
2148 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
2149 { # Bucket is represented as a range, along with replacement values.
2150 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
2151 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2152 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2153 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2154 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2155 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2156 },
2157 &quot;stringValue&quot;: &quot;A String&quot;, # string
2158 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2159 &quot;floatValue&quot;: 3.14, # float
2160 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2161 &quot;booleanValue&quot;: True or False, # boolean
2162 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2163 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2164 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2165 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2166 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2167 },
2168 },
2169 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
2170 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2171 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2172 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2173 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2174 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2175 },
2176 &quot;stringValue&quot;: &quot;A String&quot;, # string
2177 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2178 &quot;floatValue&quot;: 3.14, # float
2179 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2180 &quot;booleanValue&quot;: True or False, # boolean
2181 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2182 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2183 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2184 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2185 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2186 },
2187 },
2188 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
2189 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2190 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2191 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2192 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2193 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2194 },
2195 &quot;stringValue&quot;: &quot;A String&quot;, # string
2196 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2197 &quot;floatValue&quot;: 3.14, # float
2198 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2199 &quot;booleanValue&quot;: True or False, # boolean
2200 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2201 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2202 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2203 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2204 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2205 },
2206 },
2207 },
2208 ],
2209 },
2210 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
2211 },
2212 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
2213 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
2214 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
2215 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
2216 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2217 },
2218 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
2219 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2220 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2221 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2222 },
2223 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2224 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2225 },
2226 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2227 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2228 },
2229 },
2230 },
2231 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
2232 },
2233 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002234 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
2235 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
2236 { # A transformation to apply to text that is identified as a specific info_type.
2237 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002238 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002239 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
2240 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002241 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2242 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002243 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002244 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002245 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002246 &quot;stringValue&quot;: &quot;A String&quot;, # string
2247 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2248 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002249 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2250 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002251 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002252 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002253 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2254 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2255 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002256 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002257 },
2258 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
2259 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2260 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2261 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2262 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2263 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2264 },
2265 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002266 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002267 &quot;floatValue&quot;: 3.14, # float
2268 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2269 &quot;booleanValue&quot;: True or False, # boolean
2270 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2271 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2272 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2273 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2274 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2275 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002276 },
2277 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
2278 },
2279 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
2280 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2281 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002282 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002283 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
2284 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2285 },
2286 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
2287 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2288 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002289 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
2290 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2291 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2292 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2293 },
2294 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2295 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2296 },
2297 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2298 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2299 },
2300 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002301 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002302 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
2303 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
2304 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2305 },
2306 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
2307 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
2308 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
2309 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
2310 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2311 },
2312 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
2313 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2314 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2315 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2316 },
2317 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2318 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2319 },
2320 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2321 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2322 },
2323 },
2324 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002325 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002326 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002327 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002328 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002329 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
2330 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
2331 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
2332 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002333 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002334 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002335 },
2336 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
2337 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002338 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2339 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2340 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2341 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002342 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2343 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2344 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002345 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2346 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2347 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002348 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002349 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002350 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
2351 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
2352 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002353 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2354 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002355 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002356 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002357 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002358 &quot;stringValue&quot;: &quot;A String&quot;, # string
2359 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2360 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002361 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2362 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002363 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002364 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002365 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2366 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2367 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002368 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002369 },
2370 },
2371 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
2372 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
2373 { # Bucket is represented as a range, along with replacement values.
2374 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
2375 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2376 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2377 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2378 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2379 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2380 },
2381 &quot;stringValue&quot;: &quot;A String&quot;, # string
2382 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2383 &quot;floatValue&quot;: 3.14, # float
2384 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2385 &quot;booleanValue&quot;: True or False, # boolean
2386 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2387 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2388 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2389 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2390 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2391 },
2392 },
2393 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
2394 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2395 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2396 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2397 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2398 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2399 },
2400 &quot;stringValue&quot;: &quot;A String&quot;, # string
2401 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2402 &quot;floatValue&quot;: 3.14, # float
2403 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2404 &quot;booleanValue&quot;: True or False, # boolean
2405 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2406 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2407 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2408 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2409 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2410 },
2411 },
2412 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
2413 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2414 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2415 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2416 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2417 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2418 },
2419 &quot;stringValue&quot;: &quot;A String&quot;, # string
2420 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2421 &quot;floatValue&quot;: 3.14, # float
2422 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2423 &quot;booleanValue&quot;: True or False, # boolean
2424 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2425 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2426 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2427 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2428 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2429 },
2430 },
2431 },
2432 ],
2433 },
2434 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
2435 },
2436 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
2437 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
2438 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
2439 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
2440 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2441 },
2442 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
2443 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2444 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2445 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2446 },
2447 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2448 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2449 },
2450 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2451 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2452 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002453 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002454 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002455 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002456 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002457 },
2458 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
2459 { # Type of information detected by the API.
2460 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2461 },
2462 ],
2463 },
2464 ],
2465 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002466 },
2467 ],
2468 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
2469 { # Configuration to suppress records whose suppression conditions evaluate to true.
2470 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
2471 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002472 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002473 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
2474 &quot;conditions&quot;: [ # A collection of conditions.
2475 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002476 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
2477 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2478 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002479 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002480 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
2481 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002482 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2483 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002484 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002485 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002486 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002487 &quot;stringValue&quot;: &quot;A String&quot;, # string
2488 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2489 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002490 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2491 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002492 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002493 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002494 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2495 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2496 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002497 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002498 },
2499 },
2500 ],
2501 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002502 },
2503 },
2504 },
2505 ],
2506 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002507 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002508 }</pre>
2509</div>
2510
2511<div class="method">
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002512 <code class="details" id="list">list(parent, orderBy=None, locationId=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002513 <pre>Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002514
2515Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002516 parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002517 orderBy: string, Comma separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to time the template was created. - `update_time`: corresponds to time the template was last updated. - `name`: corresponds to template&#x27;s name. - `display_name`: corresponds to template&#x27;s display name.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002518 locationId: string, Deprecated. This field has no effect.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002519 pageToken: string, Page token to continue retrieval. Comes from previous call to `ListDeidentifyTemplates`.
2520 pageSize: integer, Size of the page, can be limited by server. If zero server returns a page of max size 100.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002521 x__xgafv: string, V1 error format.
2522 Allowed values
2523 1 - v1 error format
2524 2 - v2 error format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002525
2526Returns:
2527 An object of the form:
2528
2529 { # Response message for ListDeidentifyTemplates.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002530 &quot;deidentifyTemplates&quot;: [ # List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.
2531 { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002532 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
2533 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
2534 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
2535 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
2536 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002537 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002538 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
2539 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
2540 { # A transformation to apply to text that is identified as a specific info_type.
2541 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002542 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002543 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
2544 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002545 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2546 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002547 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002548 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002549 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002550 &quot;stringValue&quot;: &quot;A String&quot;, # string
2551 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2552 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002553 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2554 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002555 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002556 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002557 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2558 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2559 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002560 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002561 },
2562 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
2563 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2564 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2565 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2566 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2567 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2568 },
2569 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002570 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002571 &quot;floatValue&quot;: 3.14, # float
2572 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2573 &quot;booleanValue&quot;: True or False, # boolean
2574 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2575 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2576 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2577 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2578 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2579 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002580 },
2581 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
2582 },
2583 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
2584 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2585 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002586 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002587 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
2588 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2589 },
2590 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
2591 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2592 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002593 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
2594 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2595 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2596 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2597 },
2598 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2599 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2600 },
2601 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2602 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2603 },
2604 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002605 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002606 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
2607 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
2608 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2609 },
2610 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
2611 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
2612 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
2613 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
2614 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2615 },
2616 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
2617 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2618 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2619 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2620 },
2621 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2622 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2623 },
2624 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2625 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2626 },
2627 },
2628 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002629 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002630 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002631 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002632 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002633 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
2634 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
2635 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
2636 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07002637 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002638 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002639 },
2640 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
2641 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002642 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2643 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2644 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2645 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002646 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2647 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2648 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002649 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2650 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2651 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002652 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002653 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002654 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
2655 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
2656 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002657 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2658 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002659 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002660 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002661 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002662 &quot;stringValue&quot;: &quot;A String&quot;, # string
2663 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2664 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002665 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2666 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002667 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002668 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002669 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2670 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2671 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002672 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002673 },
2674 },
2675 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
2676 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
2677 { # Bucket is represented as a range, along with replacement values.
2678 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
2679 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2680 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2681 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2682 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2683 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2684 },
2685 &quot;stringValue&quot;: &quot;A String&quot;, # string
2686 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2687 &quot;floatValue&quot;: 3.14, # float
2688 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2689 &quot;booleanValue&quot;: True or False, # boolean
2690 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2691 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2692 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2693 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2694 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2695 },
2696 },
2697 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
2698 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2699 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2700 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2701 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2702 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2703 },
2704 &quot;stringValue&quot;: &quot;A String&quot;, # string
2705 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2706 &quot;floatValue&quot;: 3.14, # float
2707 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2708 &quot;booleanValue&quot;: True or False, # boolean
2709 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2710 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2711 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2712 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2713 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2714 },
2715 },
2716 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
2717 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2718 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2719 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2720 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2721 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2722 },
2723 &quot;stringValue&quot;: &quot;A String&quot;, # string
2724 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2725 &quot;floatValue&quot;: 3.14, # float
2726 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2727 &quot;booleanValue&quot;: True or False, # boolean
2728 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2729 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2730 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2731 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2732 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2733 },
2734 },
2735 },
2736 ],
2737 },
2738 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
2739 },
2740 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
2741 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
2742 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
2743 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
2744 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2745 },
2746 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
2747 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2748 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2749 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2750 },
2751 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2752 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2753 },
2754 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2755 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2756 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08002757 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002758 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002759 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07002760 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002761 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002762 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
2763 { # Type of information detected by the API.
2764 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2765 },
2766 ],
2767 },
2768 ],
2769 },
2770 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
2771 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
2772 },
2773 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
2774 },
2775 },
2776 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
2777 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
2778 { # The transformation to apply to the field.
2779 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
2780 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
2781 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
2782 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
2783 &quot;conditions&quot;: [ # A collection of conditions.
2784 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
2785 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
2786 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2787 },
2788 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
2789 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
2790 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2791 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2792 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2793 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2794 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2795 },
2796 &quot;stringValue&quot;: &quot;A String&quot;, # string
2797 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2798 &quot;floatValue&quot;: 3.14, # float
2799 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2800 &quot;booleanValue&quot;: True or False, # boolean
2801 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2802 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2803 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2804 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2805 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2806 },
2807 },
2808 },
2809 ],
2810 },
2811 },
2812 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08002813 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
2814 { # General identifier of a data field in a storage service.
2815 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07002816 },
2817 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08002818 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
2819 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
2820 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
2821 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2822 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2823 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2824 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2825 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2826 },
2827 &quot;stringValue&quot;: &quot;A String&quot;, # string
2828 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2829 &quot;floatValue&quot;: 3.14, # float
2830 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2831 &quot;booleanValue&quot;: True or False, # boolean
2832 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2833 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2834 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2835 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2836 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2837 },
2838 },
2839 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
2840 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2841 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2842 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2843 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2844 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2845 },
2846 &quot;stringValue&quot;: &quot;A String&quot;, # string
2847 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2848 &quot;floatValue&quot;: 3.14, # float
2849 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2850 &quot;booleanValue&quot;: True or False, # boolean
2851 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2852 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2853 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2854 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2855 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2856 },
2857 },
2858 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
2859 },
2860 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
2861 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2862 },
2863 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
2864 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
2865 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2866 },
2867 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
2868 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2869 },
2870 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
2871 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2872 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2873 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2874 },
2875 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2876 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2877 },
2878 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2879 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2880 },
2881 },
2882 },
2883 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
2884 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
2885 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2886 },
2887 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
2888 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
2889 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
2890 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
2891 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
2892 },
2893 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
2894 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2895 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2896 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2897 },
2898 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2899 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2900 },
2901 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2902 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2903 },
2904 },
2905 },
2906 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
2907 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
2908 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
2909 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
2910 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
2911 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
2912 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
2913 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
2914 },
2915 ],
2916 },
2917 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
2918 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
2919 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
2920 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2921 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2922 },
2923 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
2924 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2925 },
2926 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
2927 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
2928 },
2929 },
2930 },
2931 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
2932 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
2933 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2934 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2935 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2936 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2937 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2938 },
2939 &quot;stringValue&quot;: &quot;A String&quot;, # string
2940 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2941 &quot;floatValue&quot;: 3.14, # float
2942 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2943 &quot;booleanValue&quot;: True or False, # boolean
2944 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2945 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2946 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2947 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2948 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2949 },
2950 },
2951 },
2952 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
2953 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
2954 { # Bucket is represented as a range, along with replacement values.
2955 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
2956 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2957 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2958 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2959 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2960 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2961 },
2962 &quot;stringValue&quot;: &quot;A String&quot;, # string
2963 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2964 &quot;floatValue&quot;: 3.14, # float
2965 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2966 &quot;booleanValue&quot;: True or False, # boolean
2967 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2968 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2969 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2970 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2971 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2972 },
2973 },
2974 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
2975 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2976 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2977 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2978 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2979 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2980 },
2981 &quot;stringValue&quot;: &quot;A String&quot;, # string
2982 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2983 &quot;floatValue&quot;: 3.14, # float
2984 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2985 &quot;booleanValue&quot;: True or False, # boolean
2986 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
2987 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2988 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2989 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
2990 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2991 },
2992 },
2993 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
2994 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2995 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
2996 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
2997 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
2998 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
2999 },
3000 &quot;stringValue&quot;: &quot;A String&quot;, # string
3001 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3002 &quot;floatValue&quot;: 3.14, # float
3003 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3004 &quot;booleanValue&quot;: True or False, # boolean
3005 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3006 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3007 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3008 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3009 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3010 },
3011 },
3012 },
3013 ],
3014 },
3015 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
3016 },
3017 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
3018 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
3019 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
3020 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
3021 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3022 },
3023 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
3024 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3025 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3026 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3027 },
3028 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3029 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3030 },
3031 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3032 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3033 },
3034 },
3035 },
3036 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
3037 },
3038 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003039 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
3040 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
3041 { # A transformation to apply to text that is identified as a specific info_type.
3042 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003043 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003044 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
3045 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003046 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3047 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003048 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003049 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003050 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003051 &quot;stringValue&quot;: &quot;A String&quot;, # string
3052 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3053 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003054 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3055 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003056 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003057 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003058 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3059 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3060 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003061 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003062 },
3063 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
3064 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3065 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3066 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3067 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3068 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3069 },
3070 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003071 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003072 &quot;floatValue&quot;: 3.14, # float
3073 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3074 &quot;booleanValue&quot;: True or False, # boolean
3075 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3076 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3077 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3078 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3079 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3080 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003081 },
3082 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
3083 },
3084 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
3085 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
3086 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003087 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003088 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
3089 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3090 },
3091 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
3092 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3093 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003094 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
3095 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3096 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3097 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3098 },
3099 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3100 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3101 },
3102 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3103 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3104 },
3105 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003106 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003107 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
3108 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
3109 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3110 },
3111 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
3112 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3113 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
3114 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
3115 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3116 },
3117 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
3118 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3119 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3120 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3121 },
3122 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3123 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3124 },
3125 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3126 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3127 },
3128 },
3129 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003130 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003131 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003132 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003133 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003134 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
3135 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
3136 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
3137 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003138 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003139 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003140 },
3141 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
3142 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003143 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3144 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3145 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3146 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003147 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3148 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3149 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003150 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3151 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3152 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003153 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003154 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003155 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3156 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
3157 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003158 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3159 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003160 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003161 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003162 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003163 &quot;stringValue&quot;: &quot;A String&quot;, # string
3164 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3165 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003166 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3167 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003168 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003169 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003170 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3171 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3172 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003173 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003174 },
3175 },
3176 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
3177 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
3178 { # Bucket is represented as a range, along with replacement values.
3179 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
3180 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3181 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3182 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3183 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3184 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3185 },
3186 &quot;stringValue&quot;: &quot;A String&quot;, # string
3187 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3188 &quot;floatValue&quot;: 3.14, # float
3189 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3190 &quot;booleanValue&quot;: True or False, # boolean
3191 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3192 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3193 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3194 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3195 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3196 },
3197 },
3198 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
3199 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3200 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3201 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3202 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3203 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3204 },
3205 &quot;stringValue&quot;: &quot;A String&quot;, # string
3206 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3207 &quot;floatValue&quot;: 3.14, # float
3208 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3209 &quot;booleanValue&quot;: True or False, # boolean
3210 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3211 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3212 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3213 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3214 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3215 },
3216 },
3217 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
3218 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3219 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3220 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3221 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3222 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3223 },
3224 &quot;stringValue&quot;: &quot;A String&quot;, # string
3225 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3226 &quot;floatValue&quot;: 3.14, # float
3227 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3228 &quot;booleanValue&quot;: True or False, # boolean
3229 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3230 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3231 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3232 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3233 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3234 },
3235 },
3236 },
3237 ],
3238 },
3239 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
3240 },
3241 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
3242 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
3243 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
3244 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
3245 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3246 },
3247 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
3248 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3249 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3250 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3251 },
3252 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3253 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3254 },
3255 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3256 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3257 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003258 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003259 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003260 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003261 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003262 },
3263 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
3264 { # Type of information detected by the API.
3265 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3266 },
3267 ],
3268 },
3269 ],
3270 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003271 },
3272 ],
3273 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
3274 { # Configuration to suppress records whose suppression conditions evaluate to true.
3275 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
3276 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003277 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003278 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
3279 &quot;conditions&quot;: [ # A collection of conditions.
3280 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003281 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
3282 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3283 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003284 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003285 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
3286 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003287 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3288 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003289 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003290 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003291 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003292 &quot;stringValue&quot;: &quot;A String&quot;, # string
3293 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3294 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003295 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3296 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003297 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003298 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003299 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3300 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3301 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003302 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003303 },
3304 },
3305 ],
3306 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003307 },
3308 },
3309 },
3310 ],
3311 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003312 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003313 },
3314 ],
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003315 &quot;nextPageToken&quot;: &quot;A String&quot;, # If the next page is available then the next page token to be used in following ListDeidentifyTemplates request.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003316 }</pre>
3317</div>
3318
3319<div class="method">
3320 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
3321 <pre>Retrieves the next page of results.
3322
3323Args:
3324 previous_request: The request for the previous page. (required)
3325 previous_response: The response from the request for the previous page. (required)
3326
3327Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -07003328 A request object that you can call &#x27;execute()&#x27; on to request the next
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003329 page. Returns None if there are no more items in the collection.
3330 </pre>
3331</div>
3332
3333<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07003334 <code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003335 <pre>Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003336
3337Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003338 name: string, Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07003339 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003340 The object takes the form of:
3341
3342{ # Request message for UpdateDeidentifyTemplate.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003343 &quot;deidentifyTemplate&quot;: { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # New DeidentifyTemplate value.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003344 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
3345 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
3346 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
3347 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
3348 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003349 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003350 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
3351 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
3352 { # A transformation to apply to text that is identified as a specific info_type.
3353 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003354 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003355 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
3356 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003357 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3358 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003359 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003360 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003361 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003362 &quot;stringValue&quot;: &quot;A String&quot;, # string
3363 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3364 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003365 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3366 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003367 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003368 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003369 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3370 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3371 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003372 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003373 },
3374 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
3375 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3376 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3377 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3378 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3379 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3380 },
3381 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003382 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003383 &quot;floatValue&quot;: 3.14, # float
3384 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3385 &quot;booleanValue&quot;: True or False, # boolean
3386 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3387 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3388 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3389 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3390 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3391 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003392 },
3393 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
3394 },
3395 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
3396 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
3397 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003398 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003399 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
3400 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3401 },
3402 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
3403 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3404 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003405 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
3406 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3407 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3408 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3409 },
3410 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3411 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3412 },
3413 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3414 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3415 },
3416 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003417 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003418 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
3419 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
3420 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3421 },
3422 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
3423 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3424 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
3425 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
3426 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3427 },
3428 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
3429 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3430 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3431 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3432 },
3433 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3434 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3435 },
3436 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3437 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3438 },
3439 },
3440 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003441 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003442 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003443 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003444 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003445 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
3446 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
3447 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
3448 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07003449 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003450 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003451 },
3452 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
3453 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003454 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3455 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3456 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3457 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003458 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3459 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3460 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003461 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3462 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3463 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003464 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003465 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003466 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3467 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
3468 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003469 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3470 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003471 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003472 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003473 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003474 &quot;stringValue&quot;: &quot;A String&quot;, # string
3475 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3476 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003477 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3478 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003479 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003480 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003481 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3482 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3483 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003484 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003485 },
3486 },
3487 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
3488 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
3489 { # Bucket is represented as a range, along with replacement values.
3490 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
3491 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3492 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3493 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3494 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3495 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3496 },
3497 &quot;stringValue&quot;: &quot;A String&quot;, # string
3498 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3499 &quot;floatValue&quot;: 3.14, # float
3500 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3501 &quot;booleanValue&quot;: True or False, # boolean
3502 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3503 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3504 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3505 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3506 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3507 },
3508 },
3509 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
3510 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3511 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3512 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3513 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3514 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3515 },
3516 &quot;stringValue&quot;: &quot;A String&quot;, # string
3517 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3518 &quot;floatValue&quot;: 3.14, # float
3519 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3520 &quot;booleanValue&quot;: True or False, # boolean
3521 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3522 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3523 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3524 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3525 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3526 },
3527 },
3528 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
3529 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3530 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3531 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3532 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3533 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3534 },
3535 &quot;stringValue&quot;: &quot;A String&quot;, # string
3536 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3537 &quot;floatValue&quot;: 3.14, # float
3538 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3539 &quot;booleanValue&quot;: True or False, # boolean
3540 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3541 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3542 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3543 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3544 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3545 },
3546 },
3547 },
3548 ],
3549 },
3550 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
3551 },
3552 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
3553 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
3554 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
3555 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
3556 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3557 },
3558 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
3559 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3560 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3561 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3562 },
3563 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3564 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3565 },
3566 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3567 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3568 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003569 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003570 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003571 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003572 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003573 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003574 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
3575 { # Type of information detected by the API.
3576 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3577 },
3578 ],
3579 },
3580 ],
3581 },
3582 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
3583 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
3584 },
3585 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
3586 },
3587 },
3588 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
3589 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
3590 { # The transformation to apply to the field.
3591 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
3592 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
3593 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
3594 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
3595 &quot;conditions&quot;: [ # A collection of conditions.
3596 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
3597 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
3598 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3599 },
3600 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
3601 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
3602 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3603 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3604 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3605 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3606 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3607 },
3608 &quot;stringValue&quot;: &quot;A String&quot;, # string
3609 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3610 &quot;floatValue&quot;: 3.14, # float
3611 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3612 &quot;booleanValue&quot;: True or False, # boolean
3613 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3614 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3615 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3616 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3617 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3618 },
3619 },
3620 },
3621 ],
3622 },
3623 },
3624 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003625 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
3626 { # General identifier of a data field in a storage service.
3627 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003628 },
3629 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003630 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
3631 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
3632 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
3633 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3634 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3635 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3636 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3637 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3638 },
3639 &quot;stringValue&quot;: &quot;A String&quot;, # string
3640 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3641 &quot;floatValue&quot;: 3.14, # float
3642 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3643 &quot;booleanValue&quot;: True or False, # boolean
3644 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3645 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3646 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3647 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3648 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3649 },
3650 },
3651 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
3652 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3653 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3654 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3655 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3656 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3657 },
3658 &quot;stringValue&quot;: &quot;A String&quot;, # string
3659 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3660 &quot;floatValue&quot;: 3.14, # float
3661 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3662 &quot;booleanValue&quot;: True or False, # boolean
3663 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3664 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3665 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3666 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3667 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3668 },
3669 },
3670 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
3671 },
3672 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
3673 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
3674 },
3675 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
3676 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
3677 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3678 },
3679 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
3680 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3681 },
3682 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
3683 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3684 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3685 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3686 },
3687 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3688 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3689 },
3690 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3691 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3692 },
3693 },
3694 },
3695 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
3696 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
3697 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3698 },
3699 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
3700 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3701 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
3702 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
3703 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3704 },
3705 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
3706 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3707 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3708 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3709 },
3710 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3711 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3712 },
3713 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3714 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3715 },
3716 },
3717 },
3718 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
3719 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
3720 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
3721 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
3722 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
3723 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
3724 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
3725 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
3726 },
3727 ],
3728 },
3729 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
3730 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
3731 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3732 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3733 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3734 },
3735 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3736 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3737 },
3738 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3739 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3740 },
3741 },
3742 },
3743 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3744 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
3745 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3746 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3747 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3748 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3749 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3750 },
3751 &quot;stringValue&quot;: &quot;A String&quot;, # string
3752 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3753 &quot;floatValue&quot;: 3.14, # float
3754 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3755 &quot;booleanValue&quot;: True or False, # boolean
3756 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3757 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3758 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3759 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3760 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3761 },
3762 },
3763 },
3764 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
3765 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
3766 { # Bucket is represented as a range, along with replacement values.
3767 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
3768 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3769 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3770 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3771 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3772 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3773 },
3774 &quot;stringValue&quot;: &quot;A String&quot;, # string
3775 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3776 &quot;floatValue&quot;: 3.14, # float
3777 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3778 &quot;booleanValue&quot;: True or False, # boolean
3779 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3780 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3781 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3782 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3783 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3784 },
3785 },
3786 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
3787 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3788 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3789 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3790 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3791 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3792 },
3793 &quot;stringValue&quot;: &quot;A String&quot;, # string
3794 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3795 &quot;floatValue&quot;: 3.14, # float
3796 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3797 &quot;booleanValue&quot;: True or False, # boolean
3798 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3799 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3800 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3801 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3802 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3803 },
3804 },
3805 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
3806 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3807 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3808 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3809 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3810 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3811 },
3812 &quot;stringValue&quot;: &quot;A String&quot;, # string
3813 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3814 &quot;floatValue&quot;: 3.14, # float
3815 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3816 &quot;booleanValue&quot;: True or False, # boolean
3817 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3818 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3819 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3820 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3821 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3822 },
3823 },
3824 },
3825 ],
3826 },
3827 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
3828 },
3829 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
3830 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
3831 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
3832 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
3833 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3834 },
3835 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
3836 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3837 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3838 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3839 },
3840 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3841 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3842 },
3843 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3844 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3845 },
3846 },
3847 },
3848 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
3849 },
3850 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003851 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
3852 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
3853 { # A transformation to apply to text that is identified as a specific info_type.
3854 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003855 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003856 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
3857 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003858 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3859 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003860 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003861 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003862 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003863 &quot;stringValue&quot;: &quot;A String&quot;, # string
3864 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3865 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003866 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3867 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003868 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003869 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003870 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3871 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3872 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003873 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003874 },
3875 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
3876 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3877 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3878 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3879 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3880 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3881 },
3882 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003883 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003884 &quot;floatValue&quot;: 3.14, # float
3885 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3886 &quot;booleanValue&quot;: True or False, # boolean
3887 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
3888 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3889 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3890 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3891 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3892 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003893 },
3894 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
3895 },
3896 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
3897 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
3898 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003899 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003900 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
3901 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3902 },
3903 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
3904 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3905 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003906 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
3907 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3908 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3909 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3910 },
3911 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3912 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3913 },
3914 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3915 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3916 },
3917 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003918 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003919 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
3920 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
3921 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3922 },
3923 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
3924 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3925 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
3926 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
3927 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
3928 },
3929 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
3930 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3931 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3932 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3933 },
3934 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3935 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3936 },
3937 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3938 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3939 },
3940 },
3941 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003942 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003943 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003944 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003945 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003946 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
3947 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
3948 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
3949 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003950 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003951 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003952 },
3953 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
3954 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003955 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
3956 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3957 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3958 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003959 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
3960 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3961 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003962 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
3963 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
3964 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07003965 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07003966 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003967 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3968 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
3969 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003970 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3971 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003972 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003973 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003974 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003975 &quot;stringValue&quot;: &quot;A String&quot;, # string
3976 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3977 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003978 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3979 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003980 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08003981 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003982 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3983 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
3984 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08003985 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08003986 },
3987 },
3988 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
3989 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
3990 { # Bucket is represented as a range, along with replacement values.
3991 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
3992 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3993 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
3994 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
3995 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
3996 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
3997 },
3998 &quot;stringValue&quot;: &quot;A String&quot;, # string
3999 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4000 &quot;floatValue&quot;: 3.14, # float
4001 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4002 &quot;booleanValue&quot;: True or False, # boolean
4003 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4004 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4005 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4006 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4007 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4008 },
4009 },
4010 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
4011 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4012 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4013 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4014 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4015 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4016 },
4017 &quot;stringValue&quot;: &quot;A String&quot;, # string
4018 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4019 &quot;floatValue&quot;: 3.14, # float
4020 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4021 &quot;booleanValue&quot;: True or False, # boolean
4022 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4023 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4024 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4025 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4026 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4027 },
4028 },
4029 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
4030 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4031 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4032 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4033 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4034 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4035 },
4036 &quot;stringValue&quot;: &quot;A String&quot;, # string
4037 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4038 &quot;floatValue&quot;: 3.14, # float
4039 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4040 &quot;booleanValue&quot;: True or False, # boolean
4041 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4042 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4043 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4044 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4045 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4046 },
4047 },
4048 },
4049 ],
4050 },
4051 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
4052 },
4053 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
4054 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
4055 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4056 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
4057 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4058 },
4059 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
4060 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4061 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4062 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4063 },
4064 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4065 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4066 },
4067 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4068 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4069 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004070 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004071 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004072 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004073 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004074 },
4075 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
4076 { # Type of information detected by the API.
4077 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4078 },
4079 ],
4080 },
4081 ],
4082 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004083 },
4084 ],
4085 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
4086 { # Configuration to suppress records whose suppression conditions evaluate to true.
4087 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
4088 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004089 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004090 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
4091 &quot;conditions&quot;: [ # A collection of conditions.
4092 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004093 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
4094 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4095 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004096 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004097 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
4098 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004099 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4100 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004101 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004102 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004103 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004104 &quot;stringValue&quot;: &quot;A String&quot;, # string
4105 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4106 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004107 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4108 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004109 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004110 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004111 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4112 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4113 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004114 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004115 },
4116 },
4117 ],
4118 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004119 },
4120 },
4121 },
4122 ],
4123 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004124 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004125 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004126 &quot;updateMask&quot;: &quot;A String&quot;, # Mask to control which fields get updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004127 }
4128
4129 x__xgafv: string, V1 error format.
4130 Allowed values
4131 1 - v1 error format
4132 2 - v2 error format
4133
4134Returns:
4135 An object of the form:
4136
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004137 { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004138 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
4139 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
4140 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
4141 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
4142 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004143 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004144 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere.
4145 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
4146 { # A transformation to apply to text that is identified as a specific info_type.
4147 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004148 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004149 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
4150 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004151 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4152 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004153 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004154 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004155 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004156 &quot;stringValue&quot;: &quot;A String&quot;, # string
4157 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4158 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004159 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4160 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004161 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004162 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004163 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4164 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4165 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004166 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004167 },
4168 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
4169 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4170 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4171 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4172 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4173 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4174 },
4175 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004176 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004177 &quot;floatValue&quot;: 3.14, # float
4178 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4179 &quot;booleanValue&quot;: True or False, # boolean
4180 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4181 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4182 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4183 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4184 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4185 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004186 },
4187 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
4188 },
4189 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
4190 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
4191 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004192 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004193 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
4194 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4195 },
4196 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
4197 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4198 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004199 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
4200 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4201 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4202 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4203 },
4204 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4205 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4206 },
4207 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4208 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4209 },
4210 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004211 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004212 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
4213 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
4214 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4215 },
4216 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
4217 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
4218 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
4219 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
4220 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4221 },
4222 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
4223 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4224 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4225 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4226 },
4227 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4228 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4229 },
4230 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4231 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4232 },
4233 },
4234 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004235 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004236 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004237 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004238 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004239 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
4240 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
4241 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
4242 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07004243 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004244 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004245 },
4246 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
4247 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004248 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4249 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4250 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4251 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004252 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4253 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4254 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004255 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4256 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4257 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004258 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004259 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004260 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
4261 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
4262 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004263 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4264 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004265 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004266 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004267 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004268 &quot;stringValue&quot;: &quot;A String&quot;, # string
4269 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4270 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004271 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4272 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004273 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004274 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004275 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4276 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4277 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004278 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004279 },
4280 },
4281 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
4282 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
4283 { # Bucket is represented as a range, along with replacement values.
4284 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
4285 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4286 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4287 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4288 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4289 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4290 },
4291 &quot;stringValue&quot;: &quot;A String&quot;, # string
4292 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4293 &quot;floatValue&quot;: 3.14, # float
4294 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4295 &quot;booleanValue&quot;: True or False, # boolean
4296 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4297 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4298 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4299 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4300 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4301 },
4302 },
4303 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
4304 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4305 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4306 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4307 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4308 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4309 },
4310 &quot;stringValue&quot;: &quot;A String&quot;, # string
4311 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4312 &quot;floatValue&quot;: 3.14, # float
4313 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4314 &quot;booleanValue&quot;: True or False, # boolean
4315 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4316 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4317 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4318 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4319 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4320 },
4321 },
4322 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
4323 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4324 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4325 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4326 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4327 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4328 },
4329 &quot;stringValue&quot;: &quot;A String&quot;, # string
4330 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4331 &quot;floatValue&quot;: 3.14, # float
4332 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4333 &quot;booleanValue&quot;: True or False, # boolean
4334 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4335 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4336 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4337 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4338 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4339 },
4340 },
4341 },
4342 ],
4343 },
4344 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
4345 },
4346 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
4347 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
4348 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4349 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
4350 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4351 },
4352 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
4353 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4354 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4355 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4356 },
4357 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4358 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4359 },
4360 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4361 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4362 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004363 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004364 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004365 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004366 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004367 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004368 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
4369 { # Type of information detected by the API.
4370 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4371 },
4372 ],
4373 },
4374 ],
4375 },
4376 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
4377 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors
4378 },
4379 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
4380 },
4381 },
4382 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.
4383 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
4384 { # The transformation to apply to the field.
4385 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.
4386 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
4387 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
4388 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
4389 &quot;conditions&quot;: [ # A collection of conditions.
4390 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
4391 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
4392 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4393 },
4394 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
4395 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
4396 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4397 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4398 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4399 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4400 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4401 },
4402 &quot;stringValue&quot;: &quot;A String&quot;, # string
4403 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4404 &quot;floatValue&quot;: 3.14, # float
4405 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4406 &quot;booleanValue&quot;: True or False, # boolean
4407 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4408 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4409 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4410 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4411 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4412 },
4413 },
4414 },
4415 ],
4416 },
4417 },
4418 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004419 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
4420 { # General identifier of a data field in a storage service.
4421 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004422 },
4423 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004424 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
4425 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
4426 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
4427 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4428 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4429 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4430 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4431 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4432 },
4433 &quot;stringValue&quot;: &quot;A String&quot;, # string
4434 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4435 &quot;floatValue&quot;: 3.14, # float
4436 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4437 &quot;booleanValue&quot;: True or False, # boolean
4438 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4439 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4440 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4441 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4442 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4443 },
4444 },
4445 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
4446 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4447 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4448 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4449 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4450 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4451 },
4452 &quot;stringValue&quot;: &quot;A String&quot;, # string
4453 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4454 &quot;floatValue&quot;: 3.14, # float
4455 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4456 &quot;booleanValue&quot;: True or False, # boolean
4457 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4458 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4459 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4460 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4461 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4462 },
4463 },
4464 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
4465 },
4466 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
4467 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
4468 },
4469 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
4470 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
4471 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4472 },
4473 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
4474 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4475 },
4476 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
4477 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4478 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4479 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4480 },
4481 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4482 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4483 },
4484 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4485 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4486 },
4487 },
4488 },
4489 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
4490 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
4491 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4492 },
4493 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
4494 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
4495 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
4496 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
4497 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4498 },
4499 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
4500 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4501 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4502 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4503 },
4504 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4505 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4506 },
4507 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4508 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4509 },
4510 },
4511 },
4512 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
4513 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
4514 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
4515 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
4516 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
4517 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
4518 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
4519 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
4520 },
4521 ],
4522 },
4523 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
4524 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
4525 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4526 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4527 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4528 },
4529 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4530 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4531 },
4532 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4533 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4534 },
4535 },
4536 },
4537 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
4538 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
4539 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4540 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4541 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4542 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4543 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4544 },
4545 &quot;stringValue&quot;: &quot;A String&quot;, # string
4546 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4547 &quot;floatValue&quot;: 3.14, # float
4548 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4549 &quot;booleanValue&quot;: True or False, # boolean
4550 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4551 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4552 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4553 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4554 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4555 },
4556 },
4557 },
4558 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
4559 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
4560 { # Bucket is represented as a range, along with replacement values.
4561 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
4562 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4563 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4564 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4565 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4566 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4567 },
4568 &quot;stringValue&quot;: &quot;A String&quot;, # string
4569 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4570 &quot;floatValue&quot;: 3.14, # float
4571 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4572 &quot;booleanValue&quot;: True or False, # boolean
4573 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4574 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4575 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4576 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4577 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4578 },
4579 },
4580 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
4581 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4582 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4583 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4584 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4585 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4586 },
4587 &quot;stringValue&quot;: &quot;A String&quot;, # string
4588 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4589 &quot;floatValue&quot;: 3.14, # float
4590 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4591 &quot;booleanValue&quot;: True or False, # boolean
4592 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4593 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4594 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4595 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4596 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4597 },
4598 },
4599 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
4600 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4601 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4602 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4603 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4604 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4605 },
4606 &quot;stringValue&quot;: &quot;A String&quot;, # string
4607 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4608 &quot;floatValue&quot;: 3.14, # float
4609 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4610 &quot;booleanValue&quot;: True or False, # boolean
4611 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4612 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4613 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4614 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4615 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4616 },
4617 },
4618 },
4619 ],
4620 },
4621 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
4622 },
4623 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
4624 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
4625 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4626 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
4627 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4628 },
4629 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
4630 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4631 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4632 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4633 },
4634 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4635 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4636 },
4637 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4638 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4639 },
4640 },
4641 },
4642 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
4643 },
4644 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004645 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.
4646 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType.
4647 { # A transformation to apply to text that is identified as a specific info_type.
4648 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004649 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with &quot;10-20&quot;. This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004650 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value &quot;-10&quot;.
4651 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004652 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4653 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004654 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004655 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004656 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004657 &quot;stringValue&quot;: &quot;A String&quot;, # string
4658 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4659 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004660 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4661 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004662 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004663 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004664 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4665 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4666 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004667 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004668 },
4669 &quot;upperBound&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value &quot;89+&quot;.
4670 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4671 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4672 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4673 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4674 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4675 },
4676 &quot;stringValue&quot;: &quot;A String&quot;, # string
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004677 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004678 &quot;floatValue&quot;: 3.14, # float
4679 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4680 &quot;booleanValue&quot;: True or False, # boolean
4681 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4682 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4683 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4684 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4685 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4686 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004687 },
4688 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
4689 },
4690 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction
4691 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
4692 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004693 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004694 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.
4695 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4696 },
4697 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
4698 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4699 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004700 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
4701 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4702 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4703 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4704 },
4705 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4706 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4707 },
4708 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4709 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4710 },
4711 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004712 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004713 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe
4714 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same identifier in two different contexts won&#x27;t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2
4715 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4716 },
4717 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
4718 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
4719 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&amp;*()_-+={[}]|\:;&quot;&#x27;&lt;,&gt;.?/
4720 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and the surrogate is &#x27;abc&#x27;, the full replacement value will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27; This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
4721 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4722 },
4723 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm.
4724 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4725 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4726 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4727 },
4728 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4729 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4730 },
4731 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4732 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4733 },
4734 },
4735 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004736 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004737 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004738 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004739 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004740 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.
4741 { # Characters to skip when doing deidentification of a value. These will be left alone and skipped.
4742 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing punctuation.
4743 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004744 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004745 ],
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004746 },
4747 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto
4748 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004749 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4750 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4751 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4752 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004753 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4754 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4755 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004756 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4757 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4758 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004759 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004760 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004761 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
4762 &quot;newValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with.
4763 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004764 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4765 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004766 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004767 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004768 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004769 &quot;stringValue&quot;: &quot;A String&quot;, # string
4770 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4771 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004772 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4773 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004774 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004775 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004776 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4777 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4778 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004779 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004780 },
4781 },
4782 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing
4783 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
4784 { # Bucket is represented as a range, along with replacement values.
4785 &quot;max&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min.
4786 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4787 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4788 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4789 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4790 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4791 },
4792 &quot;stringValue&quot;: &quot;A String&quot;, # string
4793 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4794 &quot;floatValue&quot;: 3.14, # float
4795 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4796 &quot;booleanValue&quot;: True or False, # boolean
4797 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4798 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4799 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4800 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4801 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4802 },
4803 },
4804 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket.
4805 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4806 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4807 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4808 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4809 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4810 },
4811 &quot;stringValue&quot;: &quot;A String&quot;, # string
4812 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4813 &quot;floatValue&quot;: 3.14, # float
4814 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4815 &quot;booleanValue&quot;: True or False, # boolean
4816 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4817 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4818 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4819 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4820 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4821 },
4822 },
4823 &quot;min&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used.
4824 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4825 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4826 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
4827 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
4828 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
4829 },
4830 &quot;stringValue&quot;: &quot;A String&quot;, # string
4831 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4832 &quot;floatValue&quot;: 3.14, # float
4833 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4834 &quot;booleanValue&quot;: True or False, # boolean
4835 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
4836 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4837 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4838 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4839 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4840 },
4841 },
4842 },
4843 ],
4844 },
4845 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
4846 },
4847 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift
4848 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.
4849 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4850 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.
4851 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4852 },
4853 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.
4854 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
4855 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4856 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4857 },
4858 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key
4859 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4860 },
4861 &quot;transient&quot;: { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key
4862 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).
4863 },
Yoshi Automation Botc2228be2020-11-24 15:48:03 -08004864 },
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004865 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004866 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the output would be &#x27;My phone number is &#x27;. # Redact
Bu Sun Kim673ec5c2020-11-16 11:05:03 -07004867 },
Dmitry Frenkel3e17f892020-10-06 16:46:05 -07004868 },
4869 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.
4870 { # Type of information detected by the API.
4871 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
4872 },
4873 ],
4874 },
4875 ],
4876 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004877 },
4878 ],
4879 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.
4880 { # Configuration to suppress records whose suppression conditions evaluate to true.
4881 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.
4882 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004883 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently only supported value is `AND`.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004884 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
4885 &quot;conditions&quot;: [ # A collection of conditions.
4886 { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of &#x27;HH:mm:ss&#x27;. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004887 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
4888 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4889 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004890 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004891 &quot;value&quot;: { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a &#x27;Value&#x27; is based on its representation as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
4892 &quot;integerValue&quot;: &quot;A String&quot;, # integer
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004893 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date
4894 &quot;month&quot;: 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004895 &quot;day&quot;: 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn&#x27;t significant.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004896 &quot;year&quot;: 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004897 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004898 &quot;stringValue&quot;: &quot;A String&quot;, # string
4899 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4900 &quot;floatValue&quot;: 3.14, # float
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004901 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4902 &quot;booleanValue&quot;: True or False, # boolean
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004903 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004904 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -08004905 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4906 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
4907 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004908 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004909 },
4910 },
4911 ],
4912 },
Yoshi Automation Bot0d561ef2020-11-25 07:50:41 -08004913 },
4914 },
4915 },
4916 ],
4917 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004918 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004919 }</pre>
4920</div>
4921
4922</body></html>