| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1 | <html><body> |
| 2 | <style> |
| 3 | |
| 4 | body, h1, h2, h3, div, span, p, pre, a { |
| 5 | margin: 0; |
| 6 | padding: 0; |
| 7 | border: 0; |
| 8 | font-weight: inherit; |
| 9 | font-style: inherit; |
| 10 | font-size: 100%; |
| 11 | font-family: inherit; |
| 12 | vertical-align: baseline; |
| 13 | } |
| 14 | |
| 15 | body { |
| 16 | font-size: 13px; |
| 17 | padding: 1em; |
| 18 | } |
| 19 | |
| 20 | h1 { |
| 21 | font-size: 26px; |
| 22 | margin-bottom: 1em; |
| 23 | } |
| 24 | |
| 25 | h2 { |
| 26 | font-size: 24px; |
| 27 | margin-bottom: 1em; |
| 28 | } |
| 29 | |
| 30 | h3 { |
| 31 | font-size: 20px; |
| 32 | margin-bottom: 1em; |
| 33 | margin-top: 1em; |
| 34 | } |
| 35 | |
| 36 | pre, code { |
| 37 | line-height: 1.5; |
| 38 | font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| 39 | } |
| 40 | |
| 41 | pre { |
| 42 | margin-top: 0.5em; |
| 43 | } |
| 44 | |
| 45 | h1, h2, h3, p { |
| 46 | font-family: Arial, sans serif; |
| 47 | } |
| 48 | |
| 49 | h1, h2, h3 { |
| 50 | border-bottom: solid #CCC 1px; |
| 51 | } |
| 52 | |
| 53 | .toc_element { |
| 54 | margin-top: 0.5em; |
| 55 | } |
| 56 | |
| 57 | .firstline { |
| 58 | margin-left: 2 em; |
| 59 | } |
| 60 | |
| 61 | .method { |
| 62 | margin-top: 1em; |
| 63 | border: solid 1px #CCC; |
| 64 | padding: 1em; |
| 65 | background: #EEE; |
| 66 | } |
| 67 | |
| 68 | .details { |
| 69 | font-weight: bold; |
| 70 | font-size: 14px; |
| 71 | } |
| 72 | |
| 73 | </style> |
| 74 | |
| 75 | <h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.locations.html">locations</a> . <a href="dlp_v2.projects.locations.deidentifyTemplates.html">deidentifyTemplates</a></h1> |
| 76 | <h2>Instance Methods</h2> |
| 77 | <p class="toc_element"> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 78 | <code><a href="#close">close()</a></code></p> |
| 79 | <p class="firstline">Close httplib2 connections.</p> |
| 80 | <p class="toc_element"> |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 81 | <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 82 | <p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 83 | <p class="toc_element"> |
| 84 | <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 85 | <p class="firstline">Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 86 | <p class="toc_element"> |
| 87 | <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 88 | <p class="firstline">Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 89 | <p class="toc_element"> |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 90 | <code><a href="#list">list(parent, locationId=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 91 | <p class="firstline">Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 92 | <p class="toc_element"> |
| 93 | <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| 94 | <p class="firstline">Retrieves the next page of results.</p> |
| 95 | <p class="toc_element"> |
| 96 | <code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 97 | <p class="firstline">Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.</p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 98 | <h3>Method Details</h3> |
| 99 | <div class="method"> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 100 | <code class="details" id="close">close()</code> |
| 101 | <pre>Close httplib2 connections.</pre> |
| 102 | </div> |
| 103 | |
| 104 | <div class="method"> |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 105 | <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 106 | <pre>Creates a DeidentifyTemplate for re-using frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 107 | |
| 108 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 109 | parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required) |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 110 | body: object, The request body. |
| 111 | The object takes the form of: |
| 112 | |
| 113 | { # Request message for CreateDeidentifyTemplate. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 114 | "locationId": "A String", # Deprecated. This field has no effect. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 115 | "deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # Required. The DeidentifyTemplate to create. |
| 116 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 117 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 118 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 119 | }, |
| 120 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 121 | }, |
| 122 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 123 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 124 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 125 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 126 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 127 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 128 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 129 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 130 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 131 | }, |
| 132 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 133 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 134 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 135 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 136 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 137 | "key": "A String", # Required. A 128/192/256 bit key. |
| 138 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 139 | }, |
| 140 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 141 | "name": "A String", # Name describing the field. |
| 142 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 143 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 144 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 145 | }, |
| 146 | }, |
| 147 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 148 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 149 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 150 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 151 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 152 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 153 | ], |
| 154 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 155 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 156 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 157 | }, |
| 158 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 159 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 160 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 161 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 162 | }, |
| 163 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 164 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 165 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 166 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 167 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 168 | "key": "A String", # Required. A 128/192/256 bit key. |
| 169 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 170 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 171 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 172 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 173 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 174 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 175 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 176 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 177 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 178 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 179 | }, |
| 180 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 181 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 182 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 183 | }, |
| 184 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 185 | "key": "A String", # Required. A 128/192/256 bit key. |
| 186 | }, |
| 187 | }, |
| 188 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 189 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 190 | }, |
| 191 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 192 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 193 | { # Bucket is represented as a range, along with replacement values. |
| 194 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 195 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 196 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 197 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 198 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 199 | }, |
| 200 | "dayOfWeekValue": "A String", # day of week |
| 201 | "integerValue": "A String", # integer |
| 202 | "booleanValue": True or False, # boolean |
| 203 | "stringValue": "A String", # string |
| 204 | "floatValue": 3.14, # float |
| 205 | "timestampValue": "A String", # timestamp |
| 206 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 207 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 208 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 209 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 210 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 211 | }, |
| 212 | }, |
| 213 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 214 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 215 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 216 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 217 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 218 | }, |
| 219 | "dayOfWeekValue": "A String", # day of week |
| 220 | "integerValue": "A String", # integer |
| 221 | "booleanValue": True or False, # boolean |
| 222 | "stringValue": "A String", # string |
| 223 | "floatValue": 3.14, # float |
| 224 | "timestampValue": "A String", # timestamp |
| 225 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 226 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 227 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 228 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 229 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 230 | }, |
| 231 | }, |
| 232 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 233 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 234 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 235 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 236 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 237 | }, |
| 238 | "dayOfWeekValue": "A String", # day of week |
| 239 | "integerValue": "A String", # integer |
| 240 | "booleanValue": True or False, # boolean |
| 241 | "stringValue": "A String", # string |
| 242 | "floatValue": 3.14, # float |
| 243 | "timestampValue": "A String", # timestamp |
| 244 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 245 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 246 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 247 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 248 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 249 | }, |
| 250 | }, |
| 251 | }, |
| 252 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 253 | }, |
| 254 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 255 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 256 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 257 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 258 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 259 | }, |
| 260 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 261 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 262 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 263 | }, |
| 264 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 265 | "key": "A String", # Required. A 128/192/256 bit key. |
| 266 | }, |
| 267 | }, |
| 268 | "commonAlphabet": "A String", # Common alphabets. |
| 269 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 270 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 271 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 272 | }, |
| 273 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 274 | "name": "A String", # Name describing the field. |
| 275 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 276 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 277 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 278 | "partToExtract": "A String", # The part of the time to keep. |
| 279 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 280 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 281 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 282 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 283 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 284 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 285 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 286 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 287 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 288 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 289 | }, |
| 290 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 291 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 292 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 293 | "stringValue": "A String", # string |
| 294 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 295 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 296 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 297 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 298 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 299 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 300 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 301 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 302 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 303 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 304 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 305 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 306 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 307 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 308 | }, |
| 309 | "dayOfWeekValue": "A String", # day of week |
| 310 | "integerValue": "A String", # integer |
| 311 | "booleanValue": True or False, # boolean |
| 312 | "stringValue": "A String", # string |
| 313 | "floatValue": 3.14, # float |
| 314 | "timestampValue": "A String", # timestamp |
| 315 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 316 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 317 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 318 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 319 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 320 | }, |
| 321 | }, |
| 322 | }, |
| 323 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 324 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 325 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 326 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 327 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 328 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 329 | }, |
| 330 | "dayOfWeekValue": "A String", # day of week |
| 331 | "integerValue": "A String", # integer |
| 332 | "booleanValue": True or False, # boolean |
| 333 | "stringValue": "A String", # string |
| 334 | "floatValue": 3.14, # float |
| 335 | "timestampValue": "A String", # timestamp |
| 336 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 337 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 338 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 339 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 340 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 341 | }, |
| 342 | }, |
| 343 | }, |
| 344 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 345 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 346 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 347 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 348 | { # Type of information detected by the API. |
| 349 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 350 | }, |
| 351 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 352 | }, |
| 353 | ], |
| 354 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 355 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 356 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 357 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 358 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 359 | { # General identifier of a data field in a storage service. |
| 360 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 361 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 362 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 363 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 364 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 365 | { # A transformation to apply to text that is identified as a specific info_type. |
| 366 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 367 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 368 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 369 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 370 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 371 | }, |
| 372 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 373 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 374 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 375 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 376 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 377 | "key": "A String", # Required. A 128/192/256 bit key. |
| 378 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 379 | }, |
| 380 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 381 | "name": "A String", # Name describing the field. |
| 382 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 383 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 384 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 385 | }, |
| 386 | }, |
| 387 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 388 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 389 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 390 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 391 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 392 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 393 | ], |
| 394 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 395 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 396 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 397 | }, |
| 398 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 399 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 400 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 401 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 402 | }, |
| 403 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 404 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 405 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 406 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 407 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 408 | "key": "A String", # Required. A 128/192/256 bit key. |
| 409 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 410 | }, |
| 411 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 412 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 413 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 414 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 415 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 416 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 417 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 418 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 419 | }, |
| 420 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 421 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 422 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 423 | }, |
| 424 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 425 | "key": "A String", # Required. A 128/192/256 bit key. |
| 426 | }, |
| 427 | }, |
| 428 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 429 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 430 | }, |
| 431 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 432 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 433 | { # Bucket is represented as a range, along with replacement values. |
| 434 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 435 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 436 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 437 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 438 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 439 | }, |
| 440 | "dayOfWeekValue": "A String", # day of week |
| 441 | "integerValue": "A String", # integer |
| 442 | "booleanValue": True or False, # boolean |
| 443 | "stringValue": "A String", # string |
| 444 | "floatValue": 3.14, # float |
| 445 | "timestampValue": "A String", # timestamp |
| 446 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 447 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 448 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 449 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 450 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 451 | }, |
| 452 | }, |
| 453 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 454 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 455 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 456 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 457 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 458 | }, |
| 459 | "dayOfWeekValue": "A String", # day of week |
| 460 | "integerValue": "A String", # integer |
| 461 | "booleanValue": True or False, # boolean |
| 462 | "stringValue": "A String", # string |
| 463 | "floatValue": 3.14, # float |
| 464 | "timestampValue": "A String", # timestamp |
| 465 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 466 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 467 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 468 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 469 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 470 | }, |
| 471 | }, |
| 472 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 473 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 474 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 475 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 476 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 477 | }, |
| 478 | "dayOfWeekValue": "A String", # day of week |
| 479 | "integerValue": "A String", # integer |
| 480 | "booleanValue": True or False, # boolean |
| 481 | "stringValue": "A String", # string |
| 482 | "floatValue": 3.14, # float |
| 483 | "timestampValue": "A String", # timestamp |
| 484 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 485 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 486 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 487 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 488 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 489 | }, |
| 490 | }, |
| 491 | }, |
| 492 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 493 | }, |
| 494 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 495 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 496 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 497 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 498 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 499 | }, |
| 500 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 501 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 502 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 503 | }, |
| 504 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 505 | "key": "A String", # Required. A 128/192/256 bit key. |
| 506 | }, |
| 507 | }, |
| 508 | "commonAlphabet": "A String", # Common alphabets. |
| 509 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 510 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 511 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 512 | }, |
| 513 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 514 | "name": "A String", # Name describing the field. |
| 515 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 516 | }, |
| 517 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 518 | "partToExtract": "A String", # The part of the time to keep. |
| 519 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 520 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 521 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 522 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 523 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 524 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 525 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 526 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 527 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 528 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 529 | }, |
| 530 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 531 | "integerValue": "A String", # integer |
| 532 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 533 | "stringValue": "A String", # string |
| 534 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 535 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 536 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 537 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 538 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 539 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 540 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 541 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 542 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 543 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 544 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 545 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 546 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 547 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 548 | }, |
| 549 | "dayOfWeekValue": "A String", # day of week |
| 550 | "integerValue": "A String", # integer |
| 551 | "booleanValue": True or False, # boolean |
| 552 | "stringValue": "A String", # string |
| 553 | "floatValue": 3.14, # float |
| 554 | "timestampValue": "A String", # timestamp |
| 555 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 556 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 557 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 558 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 559 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 560 | }, |
| 561 | }, |
| 562 | }, |
| 563 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 564 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 565 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 566 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 567 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 568 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 569 | }, |
| 570 | "dayOfWeekValue": "A String", # day of week |
| 571 | "integerValue": "A String", # integer |
| 572 | "booleanValue": True or False, # boolean |
| 573 | "stringValue": "A String", # string |
| 574 | "floatValue": 3.14, # float |
| 575 | "timestampValue": "A String", # timestamp |
| 576 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 577 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 578 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 579 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 580 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 581 | }, |
| 582 | }, |
| 583 | }, |
| 584 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 585 | }, |
| 586 | }, |
| 587 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 588 | { # Type of information detected by the API. |
| 589 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 590 | }, |
| 591 | ], |
| 592 | }, |
| 593 | ], |
| 594 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 595 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 596 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 597 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 598 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 599 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 600 | }, |
| 601 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 602 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 603 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 604 | }, |
| 605 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 606 | "key": "A String", # Required. A 128/192/256 bit key. |
| 607 | }, |
| 608 | }, |
| 609 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 610 | "name": "A String", # Name describing the field. |
| 611 | }, |
| 612 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 613 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 614 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 615 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 616 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 617 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 618 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 619 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 620 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 621 | }, |
| 622 | ], |
| 623 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 624 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 625 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 626 | }, |
| 627 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 628 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 629 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 630 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 631 | }, |
| 632 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 633 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 634 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 635 | }, |
| 636 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 637 | "key": "A String", # Required. A 128/192/256 bit key. |
| 638 | }, |
| 639 | }, |
| 640 | }, |
| 641 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 642 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 643 | "name": "A String", # Name describing the field. |
| 644 | }, |
| 645 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 646 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 647 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 648 | }, |
| 649 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 650 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 651 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 652 | }, |
| 653 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 654 | "key": "A String", # Required. A 128/192/256 bit key. |
| 655 | }, |
| 656 | }, |
| 657 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 658 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 659 | }, |
| 660 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 661 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 662 | { # Bucket is represented as a range, along with replacement values. |
| 663 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 664 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 665 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 666 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 667 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 668 | }, |
| 669 | "dayOfWeekValue": "A String", # day of week |
| 670 | "integerValue": "A String", # integer |
| 671 | "booleanValue": True or False, # boolean |
| 672 | "stringValue": "A String", # string |
| 673 | "floatValue": 3.14, # float |
| 674 | "timestampValue": "A String", # timestamp |
| 675 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 676 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 677 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 678 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 679 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 680 | }, |
| 681 | }, |
| 682 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 683 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 684 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 685 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 686 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 687 | }, |
| 688 | "dayOfWeekValue": "A String", # day of week |
| 689 | "integerValue": "A String", # integer |
| 690 | "booleanValue": True or False, # boolean |
| 691 | "stringValue": "A String", # string |
| 692 | "floatValue": 3.14, # float |
| 693 | "timestampValue": "A String", # timestamp |
| 694 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 695 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 696 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 697 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 698 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 699 | }, |
| 700 | }, |
| 701 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 702 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 703 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 704 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 705 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 706 | }, |
| 707 | "dayOfWeekValue": "A String", # day of week |
| 708 | "integerValue": "A String", # integer |
| 709 | "booleanValue": True or False, # boolean |
| 710 | "stringValue": "A String", # string |
| 711 | "floatValue": 3.14, # float |
| 712 | "timestampValue": "A String", # timestamp |
| 713 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 714 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 715 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 716 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 717 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 718 | }, |
| 719 | }, |
| 720 | }, |
| 721 | ], |
| 722 | }, |
| 723 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 724 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 725 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 726 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 727 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 728 | }, |
| 729 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 730 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 731 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 732 | }, |
| 733 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 734 | "key": "A String", # Required. A 128/192/256 bit key. |
| 735 | }, |
| 736 | }, |
| 737 | "commonAlphabet": "A String", # Common alphabets. |
| 738 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 739 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 740 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 741 | }, |
| 742 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 743 | "name": "A String", # Name describing the field. |
| 744 | }, |
| 745 | }, |
| 746 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 747 | "partToExtract": "A String", # The part of the time to keep. |
| 748 | }, |
| 749 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 750 | }, |
| 751 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 752 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 753 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 754 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 755 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 756 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 757 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 758 | }, |
| 759 | "dayOfWeekValue": "A String", # day of week |
| 760 | "integerValue": "A String", # integer |
| 761 | "booleanValue": True or False, # boolean |
| 762 | "stringValue": "A String", # string |
| 763 | "floatValue": 3.14, # float |
| 764 | "timestampValue": "A String", # timestamp |
| 765 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 766 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 767 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 768 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 769 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 770 | }, |
| 771 | }, |
| 772 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 773 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 774 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 775 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 776 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 777 | }, |
| 778 | "dayOfWeekValue": "A String", # day of week |
| 779 | "integerValue": "A String", # integer |
| 780 | "booleanValue": True or False, # boolean |
| 781 | "stringValue": "A String", # string |
| 782 | "floatValue": 3.14, # float |
| 783 | "timestampValue": "A String", # timestamp |
| 784 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 785 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 786 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 787 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 788 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 789 | }, |
| 790 | }, |
| 791 | }, |
| 792 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 793 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 794 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 795 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 796 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 797 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 798 | }, |
| 799 | "dayOfWeekValue": "A String", # day of week |
| 800 | "integerValue": "A String", # integer |
| 801 | "booleanValue": True or False, # boolean |
| 802 | "stringValue": "A String", # string |
| 803 | "floatValue": 3.14, # float |
| 804 | "timestampValue": "A String", # timestamp |
| 805 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 806 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 807 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 808 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 809 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 810 | }, |
| 811 | }, |
| 812 | }, |
| 813 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 814 | }, |
| 815 | }, |
| 816 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 817 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 818 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 819 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 820 | "conditions": [ # A collection of conditions. |
| 821 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 822 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 823 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 824 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 825 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 826 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 827 | }, |
| 828 | "dayOfWeekValue": "A String", # day of week |
| 829 | "integerValue": "A String", # integer |
| 830 | "booleanValue": True or False, # boolean |
| 831 | "stringValue": "A String", # string |
| 832 | "floatValue": 3.14, # float |
| 833 | "timestampValue": "A String", # timestamp |
| 834 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 835 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 836 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 837 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 838 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 839 | }, |
| 840 | }, |
| 841 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 842 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 843 | "name": "A String", # Name describing the field. |
| 844 | }, |
| 845 | }, |
| 846 | ], |
| 847 | }, |
| 848 | }, |
| 849 | }, |
| 850 | }, |
| 851 | ], |
| 852 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 853 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 854 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 855 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 856 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 857 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 858 | "conditions": [ # A collection of conditions. |
| 859 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 860 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 861 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 862 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 863 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 864 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 865 | }, |
| 866 | "dayOfWeekValue": "A String", # day of week |
| 867 | "integerValue": "A String", # integer |
| 868 | "booleanValue": True or False, # boolean |
| 869 | "stringValue": "A String", # string |
| 870 | "floatValue": 3.14, # float |
| 871 | "timestampValue": "A String", # timestamp |
| 872 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 873 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 874 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 875 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 876 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 877 | }, |
| 878 | }, |
| 879 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 880 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 881 | "name": "A String", # Name describing the field. |
| 882 | }, |
| 883 | }, |
| 884 | ], |
| 885 | }, |
| 886 | }, |
| 887 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 888 | }, |
| 889 | ], |
| 890 | }, |
| 891 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 892 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 893 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 894 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 895 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 896 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 897 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 898 | "templateId": "A String", # The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 899 | } |
| 900 | |
| 901 | x__xgafv: string, V1 error format. |
| 902 | Allowed values |
| 903 | 1 - v1 error format |
| 904 | 2 - v2 error format |
| 905 | |
| 906 | Returns: |
| 907 | An object of the form: |
| 908 | |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 909 | { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. |
| 910 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 911 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 912 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 913 | }, |
| 914 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 915 | }, |
| 916 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 917 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 918 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 919 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 920 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 921 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 922 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 923 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 924 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 925 | }, |
| 926 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 927 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 928 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 929 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 930 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 931 | "key": "A String", # Required. A 128/192/256 bit key. |
| 932 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 933 | }, |
| 934 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 935 | "name": "A String", # Name describing the field. |
| 936 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 937 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 938 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 939 | }, |
| 940 | }, |
| 941 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 942 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 943 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 944 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 945 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 946 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 947 | ], |
| 948 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 949 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 950 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 951 | }, |
| 952 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 953 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 954 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 955 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 956 | }, |
| 957 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 958 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 959 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 960 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 961 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 962 | "key": "A String", # Required. A 128/192/256 bit key. |
| 963 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 964 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 965 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 966 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 967 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 968 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 969 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 970 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 971 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 972 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 973 | }, |
| 974 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 975 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 976 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 977 | }, |
| 978 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 979 | "key": "A String", # Required. A 128/192/256 bit key. |
| 980 | }, |
| 981 | }, |
| 982 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 983 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 984 | }, |
| 985 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 986 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 987 | { # Bucket is represented as a range, along with replacement values. |
| 988 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 989 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 990 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 991 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 992 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 993 | }, |
| 994 | "dayOfWeekValue": "A String", # day of week |
| 995 | "integerValue": "A String", # integer |
| 996 | "booleanValue": True or False, # boolean |
| 997 | "stringValue": "A String", # string |
| 998 | "floatValue": 3.14, # float |
| 999 | "timestampValue": "A String", # timestamp |
| 1000 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1001 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1002 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1003 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1004 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1005 | }, |
| 1006 | }, |
| 1007 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 1008 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1009 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1010 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1011 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1012 | }, |
| 1013 | "dayOfWeekValue": "A String", # day of week |
| 1014 | "integerValue": "A String", # integer |
| 1015 | "booleanValue": True or False, # boolean |
| 1016 | "stringValue": "A String", # string |
| 1017 | "floatValue": 3.14, # float |
| 1018 | "timestampValue": "A String", # timestamp |
| 1019 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1020 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1021 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1022 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1023 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1024 | }, |
| 1025 | }, |
| 1026 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 1027 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1028 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1029 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1030 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1031 | }, |
| 1032 | "dayOfWeekValue": "A String", # day of week |
| 1033 | "integerValue": "A String", # integer |
| 1034 | "booleanValue": True or False, # boolean |
| 1035 | "stringValue": "A String", # string |
| 1036 | "floatValue": 3.14, # float |
| 1037 | "timestampValue": "A String", # timestamp |
| 1038 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1039 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1040 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1041 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1042 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1043 | }, |
| 1044 | }, |
| 1045 | }, |
| 1046 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1047 | }, |
| 1048 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1049 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 1050 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 1051 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1052 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1053 | }, |
| 1054 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1055 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1056 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1057 | }, |
| 1058 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1059 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1060 | }, |
| 1061 | }, |
| 1062 | "commonAlphabet": "A String", # Common alphabets. |
| 1063 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1064 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 1065 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1066 | }, |
| 1067 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 1068 | "name": "A String", # Name describing the field. |
| 1069 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1070 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1071 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 1072 | "partToExtract": "A String", # The part of the time to keep. |
| 1073 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1074 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 1075 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1076 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 1077 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1078 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1079 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1080 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1081 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1082 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1083 | }, |
| 1084 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1085 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1086 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1087 | "stringValue": "A String", # string |
| 1088 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1089 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1090 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1091 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1092 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1093 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1094 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1095 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1096 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1097 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 1098 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1099 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1100 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1101 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1102 | }, |
| 1103 | "dayOfWeekValue": "A String", # day of week |
| 1104 | "integerValue": "A String", # integer |
| 1105 | "booleanValue": True or False, # boolean |
| 1106 | "stringValue": "A String", # string |
| 1107 | "floatValue": 3.14, # float |
| 1108 | "timestampValue": "A String", # timestamp |
| 1109 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1110 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1111 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1112 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1113 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1114 | }, |
| 1115 | }, |
| 1116 | }, |
| 1117 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 1118 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 1119 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1120 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1121 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1122 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1123 | }, |
| 1124 | "dayOfWeekValue": "A String", # day of week |
| 1125 | "integerValue": "A String", # integer |
| 1126 | "booleanValue": True or False, # boolean |
| 1127 | "stringValue": "A String", # string |
| 1128 | "floatValue": 3.14, # float |
| 1129 | "timestampValue": "A String", # timestamp |
| 1130 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1131 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1132 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1133 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1134 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1135 | }, |
| 1136 | }, |
| 1137 | }, |
| 1138 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1139 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1140 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1141 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 1142 | { # Type of information detected by the API. |
| 1143 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1144 | }, |
| 1145 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1146 | }, |
| 1147 | ], |
| 1148 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1149 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1150 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 1151 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1152 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 1153 | { # General identifier of a data field in a storage service. |
| 1154 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1155 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1156 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1157 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 1158 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 1159 | { # A transformation to apply to text that is identified as a specific info_type. |
| 1160 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1161 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 1162 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1163 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1164 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1165 | }, |
| 1166 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1167 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1168 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1169 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1170 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1171 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1172 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1173 | }, |
| 1174 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 1175 | "name": "A String", # Name describing the field. |
| 1176 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1177 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 1178 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1179 | }, |
| 1180 | }, |
| 1181 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 1182 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 1183 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 1184 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 1185 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1186 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1187 | ], |
| 1188 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 1189 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 1190 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 1191 | }, |
| 1192 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 1193 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1194 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1195 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1196 | }, |
| 1197 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1198 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1199 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1200 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1201 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1202 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1203 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1204 | }, |
| 1205 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1206 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 1207 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 1208 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1209 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1210 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 1211 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1212 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1213 | }, |
| 1214 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1215 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1216 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1217 | }, |
| 1218 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1219 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1220 | }, |
| 1221 | }, |
| 1222 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 1223 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 1224 | }, |
| 1225 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 1226 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 1227 | { # Bucket is represented as a range, along with replacement values. |
| 1228 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 1229 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1230 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1231 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1232 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1233 | }, |
| 1234 | "dayOfWeekValue": "A String", # day of week |
| 1235 | "integerValue": "A String", # integer |
| 1236 | "booleanValue": True or False, # boolean |
| 1237 | "stringValue": "A String", # string |
| 1238 | "floatValue": 3.14, # float |
| 1239 | "timestampValue": "A String", # timestamp |
| 1240 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1241 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1242 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1243 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1244 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1245 | }, |
| 1246 | }, |
| 1247 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 1248 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1249 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1250 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1251 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1252 | }, |
| 1253 | "dayOfWeekValue": "A String", # day of week |
| 1254 | "integerValue": "A String", # integer |
| 1255 | "booleanValue": True or False, # boolean |
| 1256 | "stringValue": "A String", # string |
| 1257 | "floatValue": 3.14, # float |
| 1258 | "timestampValue": "A String", # timestamp |
| 1259 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1260 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1261 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1262 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1263 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1264 | }, |
| 1265 | }, |
| 1266 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 1267 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1268 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1269 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1270 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1271 | }, |
| 1272 | "dayOfWeekValue": "A String", # day of week |
| 1273 | "integerValue": "A String", # integer |
| 1274 | "booleanValue": True or False, # boolean |
| 1275 | "stringValue": "A String", # string |
| 1276 | "floatValue": 3.14, # float |
| 1277 | "timestampValue": "A String", # timestamp |
| 1278 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1279 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1280 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1281 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1282 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1283 | }, |
| 1284 | }, |
| 1285 | }, |
| 1286 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1287 | }, |
| 1288 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1289 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 1290 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 1291 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1292 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1293 | }, |
| 1294 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1295 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1296 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1297 | }, |
| 1298 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1299 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1300 | }, |
| 1301 | }, |
| 1302 | "commonAlphabet": "A String", # Common alphabets. |
| 1303 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1304 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 1305 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1306 | }, |
| 1307 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 1308 | "name": "A String", # Name describing the field. |
| 1309 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1310 | }, |
| 1311 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 1312 | "partToExtract": "A String", # The part of the time to keep. |
| 1313 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1314 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 1315 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1316 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 1317 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1318 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1319 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1320 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1321 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1322 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1323 | }, |
| 1324 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1325 | "integerValue": "A String", # integer |
| 1326 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1327 | "stringValue": "A String", # string |
| 1328 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1329 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1330 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1331 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1332 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1333 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1334 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1335 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1336 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1337 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 1338 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1339 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1340 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1341 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1342 | }, |
| 1343 | "dayOfWeekValue": "A String", # day of week |
| 1344 | "integerValue": "A String", # integer |
| 1345 | "booleanValue": True or False, # boolean |
| 1346 | "stringValue": "A String", # string |
| 1347 | "floatValue": 3.14, # float |
| 1348 | "timestampValue": "A String", # timestamp |
| 1349 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1350 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1351 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1352 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1353 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1354 | }, |
| 1355 | }, |
| 1356 | }, |
| 1357 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 1358 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 1359 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1360 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1361 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1362 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1363 | }, |
| 1364 | "dayOfWeekValue": "A String", # day of week |
| 1365 | "integerValue": "A String", # integer |
| 1366 | "booleanValue": True or False, # boolean |
| 1367 | "stringValue": "A String", # string |
| 1368 | "floatValue": 3.14, # float |
| 1369 | "timestampValue": "A String", # timestamp |
| 1370 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1371 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1372 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1373 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1374 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1375 | }, |
| 1376 | }, |
| 1377 | }, |
| 1378 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1379 | }, |
| 1380 | }, |
| 1381 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 1382 | { # Type of information detected by the API. |
| 1383 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1384 | }, |
| 1385 | ], |
| 1386 | }, |
| 1387 | ], |
| 1388 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1389 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 1390 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 1391 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 1392 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1393 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1394 | }, |
| 1395 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1396 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1397 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1398 | }, |
| 1399 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1400 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1401 | }, |
| 1402 | }, |
| 1403 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 1404 | "name": "A String", # Name describing the field. |
| 1405 | }, |
| 1406 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 1407 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1408 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1409 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1410 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 1411 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 1412 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 1413 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 1414 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 1415 | }, |
| 1416 | ], |
| 1417 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 1418 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 1419 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 1420 | }, |
| 1421 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 1422 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 1423 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1424 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1425 | }, |
| 1426 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1427 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1428 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1429 | }, |
| 1430 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1431 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1432 | }, |
| 1433 | }, |
| 1434 | }, |
| 1435 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 1436 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 1437 | "name": "A String", # Name describing the field. |
| 1438 | }, |
| 1439 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 1440 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1441 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1442 | }, |
| 1443 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1444 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1445 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1446 | }, |
| 1447 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1448 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1449 | }, |
| 1450 | }, |
| 1451 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 1452 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 1453 | }, |
| 1454 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 1455 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 1456 | { # Bucket is represented as a range, along with replacement values. |
| 1457 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 1458 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1459 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1460 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1461 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1462 | }, |
| 1463 | "dayOfWeekValue": "A String", # day of week |
| 1464 | "integerValue": "A String", # integer |
| 1465 | "booleanValue": True or False, # boolean |
| 1466 | "stringValue": "A String", # string |
| 1467 | "floatValue": 3.14, # float |
| 1468 | "timestampValue": "A String", # timestamp |
| 1469 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1470 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1471 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1472 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1473 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1474 | }, |
| 1475 | }, |
| 1476 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 1477 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1478 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1479 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1480 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1481 | }, |
| 1482 | "dayOfWeekValue": "A String", # day of week |
| 1483 | "integerValue": "A String", # integer |
| 1484 | "booleanValue": True or False, # boolean |
| 1485 | "stringValue": "A String", # string |
| 1486 | "floatValue": 3.14, # float |
| 1487 | "timestampValue": "A String", # timestamp |
| 1488 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1489 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1490 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1491 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1492 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1493 | }, |
| 1494 | }, |
| 1495 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 1496 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1497 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1498 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1499 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1500 | }, |
| 1501 | "dayOfWeekValue": "A String", # day of week |
| 1502 | "integerValue": "A String", # integer |
| 1503 | "booleanValue": True or False, # boolean |
| 1504 | "stringValue": "A String", # string |
| 1505 | "floatValue": 3.14, # float |
| 1506 | "timestampValue": "A String", # timestamp |
| 1507 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1508 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1509 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1510 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1511 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1512 | }, |
| 1513 | }, |
| 1514 | }, |
| 1515 | ], |
| 1516 | }, |
| 1517 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 1518 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 1519 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 1520 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1521 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1522 | }, |
| 1523 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1524 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1525 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1526 | }, |
| 1527 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1528 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1529 | }, |
| 1530 | }, |
| 1531 | "commonAlphabet": "A String", # Common alphabets. |
| 1532 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 1533 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 1534 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1535 | }, |
| 1536 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 1537 | "name": "A String", # Name describing the field. |
| 1538 | }, |
| 1539 | }, |
| 1540 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 1541 | "partToExtract": "A String", # The part of the time to keep. |
| 1542 | }, |
| 1543 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 1544 | }, |
| 1545 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 1546 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 1547 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 1548 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1549 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1550 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1551 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1552 | }, |
| 1553 | "dayOfWeekValue": "A String", # day of week |
| 1554 | "integerValue": "A String", # integer |
| 1555 | "booleanValue": True or False, # boolean |
| 1556 | "stringValue": "A String", # string |
| 1557 | "floatValue": 3.14, # float |
| 1558 | "timestampValue": "A String", # timestamp |
| 1559 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1560 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1561 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1562 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1563 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1564 | }, |
| 1565 | }, |
| 1566 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 1567 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1568 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1569 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1570 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1571 | }, |
| 1572 | "dayOfWeekValue": "A String", # day of week |
| 1573 | "integerValue": "A String", # integer |
| 1574 | "booleanValue": True or False, # boolean |
| 1575 | "stringValue": "A String", # string |
| 1576 | "floatValue": 3.14, # float |
| 1577 | "timestampValue": "A String", # timestamp |
| 1578 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1579 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1580 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1581 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1582 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1583 | }, |
| 1584 | }, |
| 1585 | }, |
| 1586 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 1587 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 1588 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1589 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1590 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1591 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1592 | }, |
| 1593 | "dayOfWeekValue": "A String", # day of week |
| 1594 | "integerValue": "A String", # integer |
| 1595 | "booleanValue": True or False, # boolean |
| 1596 | "stringValue": "A String", # string |
| 1597 | "floatValue": 3.14, # float |
| 1598 | "timestampValue": "A String", # timestamp |
| 1599 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1600 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1601 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1602 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1603 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1604 | }, |
| 1605 | }, |
| 1606 | }, |
| 1607 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 1608 | }, |
| 1609 | }, |
| 1610 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 1611 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 1612 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 1613 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 1614 | "conditions": [ # A collection of conditions. |
| 1615 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 1616 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 1617 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1618 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1619 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1620 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1621 | }, |
| 1622 | "dayOfWeekValue": "A String", # day of week |
| 1623 | "integerValue": "A String", # integer |
| 1624 | "booleanValue": True or False, # boolean |
| 1625 | "stringValue": "A String", # string |
| 1626 | "floatValue": 3.14, # float |
| 1627 | "timestampValue": "A String", # timestamp |
| 1628 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1629 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1630 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1631 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1632 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1633 | }, |
| 1634 | }, |
| 1635 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 1636 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 1637 | "name": "A String", # Name describing the field. |
| 1638 | }, |
| 1639 | }, |
| 1640 | ], |
| 1641 | }, |
| 1642 | }, |
| 1643 | }, |
| 1644 | }, |
| 1645 | ], |
| 1646 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 1647 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 1648 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 1649 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 1650 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 1651 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 1652 | "conditions": [ # A collection of conditions. |
| 1653 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 1654 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 1655 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1656 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1657 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1658 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1659 | }, |
| 1660 | "dayOfWeekValue": "A String", # day of week |
| 1661 | "integerValue": "A String", # integer |
| 1662 | "booleanValue": True or False, # boolean |
| 1663 | "stringValue": "A String", # string |
| 1664 | "floatValue": 3.14, # float |
| 1665 | "timestampValue": "A String", # timestamp |
| 1666 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1667 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1668 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1669 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1670 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1671 | }, |
| 1672 | }, |
| 1673 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 1674 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 1675 | "name": "A String", # Name describing the field. |
| 1676 | }, |
| 1677 | }, |
| 1678 | ], |
| 1679 | }, |
| 1680 | }, |
| 1681 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1682 | }, |
| 1683 | ], |
| 1684 | }, |
| 1685 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1686 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1687 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1688 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1689 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 1690 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1691 | }</pre> |
| 1692 | </div> |
| 1693 | |
| 1694 | <div class="method"> |
| 1695 | <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1696 | <pre>Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1697 | |
| 1698 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1699 | name: string, Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required) |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1700 | x__xgafv: string, V1 error format. |
| 1701 | Allowed values |
| 1702 | 1 - v1 error format |
| 1703 | 2 - v2 error format |
| 1704 | |
| 1705 | Returns: |
| 1706 | An object of the form: |
| 1707 | |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1708 | { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1709 | }</pre> |
| 1710 | </div> |
| 1711 | |
| 1712 | <div class="method"> |
| 1713 | <code class="details" id="get">get(name, x__xgafv=None)</code> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1714 | <pre>Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1715 | |
| 1716 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1717 | name: string, Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required) |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1718 | x__xgafv: string, V1 error format. |
| 1719 | Allowed values |
| 1720 | 1 - v1 error format |
| 1721 | 2 - v2 error format |
| 1722 | |
| 1723 | Returns: |
| 1724 | An object of the form: |
| 1725 | |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1726 | { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. |
| 1727 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1728 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 1729 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 1730 | }, |
| 1731 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 1732 | }, |
| 1733 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1734 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 1735 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 1736 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1737 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1738 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 1739 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1740 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1741 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1742 | }, |
| 1743 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1744 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1745 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1746 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1747 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1748 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1749 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1750 | }, |
| 1751 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 1752 | "name": "A String", # Name describing the field. |
| 1753 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1754 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 1755 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1756 | }, |
| 1757 | }, |
| 1758 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 1759 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 1760 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 1761 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 1762 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1763 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1764 | ], |
| 1765 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 1766 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 1767 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 1768 | }, |
| 1769 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 1770 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1771 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1772 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1773 | }, |
| 1774 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1775 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1776 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1777 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1778 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1779 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1780 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1781 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1782 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1783 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 1784 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 1785 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1786 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1787 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 1788 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1789 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1790 | }, |
| 1791 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1792 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1793 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1794 | }, |
| 1795 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1796 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1797 | }, |
| 1798 | }, |
| 1799 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 1800 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 1801 | }, |
| 1802 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 1803 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 1804 | { # Bucket is represented as a range, along with replacement values. |
| 1805 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 1806 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1807 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1808 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1809 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1810 | }, |
| 1811 | "dayOfWeekValue": "A String", # day of week |
| 1812 | "integerValue": "A String", # integer |
| 1813 | "booleanValue": True or False, # boolean |
| 1814 | "stringValue": "A String", # string |
| 1815 | "floatValue": 3.14, # float |
| 1816 | "timestampValue": "A String", # timestamp |
| 1817 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1818 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1819 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1820 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1821 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1822 | }, |
| 1823 | }, |
| 1824 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 1825 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1826 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1827 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1828 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1829 | }, |
| 1830 | "dayOfWeekValue": "A String", # day of week |
| 1831 | "integerValue": "A String", # integer |
| 1832 | "booleanValue": True or False, # boolean |
| 1833 | "stringValue": "A String", # string |
| 1834 | "floatValue": 3.14, # float |
| 1835 | "timestampValue": "A String", # timestamp |
| 1836 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1837 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1838 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1839 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1840 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1841 | }, |
| 1842 | }, |
| 1843 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 1844 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1845 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1846 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1847 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1848 | }, |
| 1849 | "dayOfWeekValue": "A String", # day of week |
| 1850 | "integerValue": "A String", # integer |
| 1851 | "booleanValue": True or False, # boolean |
| 1852 | "stringValue": "A String", # string |
| 1853 | "floatValue": 3.14, # float |
| 1854 | "timestampValue": "A String", # timestamp |
| 1855 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1856 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1857 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1858 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1859 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1860 | }, |
| 1861 | }, |
| 1862 | }, |
| 1863 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1864 | }, |
| 1865 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1866 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 1867 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 1868 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1869 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1870 | }, |
| 1871 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1872 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1873 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1874 | }, |
| 1875 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1876 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1877 | }, |
| 1878 | }, |
| 1879 | "commonAlphabet": "A String", # Common alphabets. |
| 1880 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1881 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 1882 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1883 | }, |
| 1884 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 1885 | "name": "A String", # Name describing the field. |
| 1886 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1887 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1888 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 1889 | "partToExtract": "A String", # The part of the time to keep. |
| 1890 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1891 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 1892 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1893 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 1894 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1895 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1896 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1897 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1898 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1899 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1900 | }, |
| 1901 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1902 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 1903 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1904 | "stringValue": "A String", # string |
| 1905 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1906 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1907 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1908 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1909 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1910 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1911 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1912 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1913 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1914 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 1915 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1916 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1917 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1918 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1919 | }, |
| 1920 | "dayOfWeekValue": "A String", # day of week |
| 1921 | "integerValue": "A String", # integer |
| 1922 | "booleanValue": True or False, # boolean |
| 1923 | "stringValue": "A String", # string |
| 1924 | "floatValue": 3.14, # float |
| 1925 | "timestampValue": "A String", # timestamp |
| 1926 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1927 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1928 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1929 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1930 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1931 | }, |
| 1932 | }, |
| 1933 | }, |
| 1934 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 1935 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 1936 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 1937 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 1938 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 1939 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 1940 | }, |
| 1941 | "dayOfWeekValue": "A String", # day of week |
| 1942 | "integerValue": "A String", # integer |
| 1943 | "booleanValue": True or False, # boolean |
| 1944 | "stringValue": "A String", # string |
| 1945 | "floatValue": 3.14, # float |
| 1946 | "timestampValue": "A String", # timestamp |
| 1947 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 1948 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 1949 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 1950 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 1951 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 1952 | }, |
| 1953 | }, |
| 1954 | }, |
| 1955 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1956 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1957 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1958 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 1959 | { # Type of information detected by the API. |
| 1960 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1961 | }, |
| 1962 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 1963 | }, |
| 1964 | ], |
| 1965 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1966 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1967 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 1968 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1969 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 1970 | { # General identifier of a data field in a storage service. |
| 1971 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1972 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1973 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1974 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 1975 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 1976 | { # A transformation to apply to text that is identified as a specific info_type. |
| 1977 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1978 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 1979 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1980 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 1981 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 1982 | }, |
| 1983 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 1984 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 1985 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 1986 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1987 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 1988 | "key": "A String", # Required. A 128/192/256 bit key. |
| 1989 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 1990 | }, |
| 1991 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 1992 | "name": "A String", # Name describing the field. |
| 1993 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 1994 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 1995 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 1996 | }, |
| 1997 | }, |
| 1998 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 1999 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 2000 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 2001 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 2002 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2003 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2004 | ], |
| 2005 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 2006 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 2007 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 2008 | }, |
| 2009 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 2010 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2011 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2012 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2013 | }, |
| 2014 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2015 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2016 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2017 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2018 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2019 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2020 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2021 | }, |
| 2022 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2023 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 2024 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 2025 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2026 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2027 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 2028 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2029 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2030 | }, |
| 2031 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2032 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2033 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2034 | }, |
| 2035 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2036 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2037 | }, |
| 2038 | }, |
| 2039 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 2040 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 2041 | }, |
| 2042 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 2043 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 2044 | { # Bucket is represented as a range, along with replacement values. |
| 2045 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 2046 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2047 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2048 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2049 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2050 | }, |
| 2051 | "dayOfWeekValue": "A String", # day of week |
| 2052 | "integerValue": "A String", # integer |
| 2053 | "booleanValue": True or False, # boolean |
| 2054 | "stringValue": "A String", # string |
| 2055 | "floatValue": 3.14, # float |
| 2056 | "timestampValue": "A String", # timestamp |
| 2057 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2058 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2059 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2060 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2061 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2062 | }, |
| 2063 | }, |
| 2064 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 2065 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2066 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2067 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2068 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2069 | }, |
| 2070 | "dayOfWeekValue": "A String", # day of week |
| 2071 | "integerValue": "A String", # integer |
| 2072 | "booleanValue": True or False, # boolean |
| 2073 | "stringValue": "A String", # string |
| 2074 | "floatValue": 3.14, # float |
| 2075 | "timestampValue": "A String", # timestamp |
| 2076 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2077 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2078 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2079 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2080 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2081 | }, |
| 2082 | }, |
| 2083 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 2084 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2085 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2086 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2087 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2088 | }, |
| 2089 | "dayOfWeekValue": "A String", # day of week |
| 2090 | "integerValue": "A String", # integer |
| 2091 | "booleanValue": True or False, # boolean |
| 2092 | "stringValue": "A String", # string |
| 2093 | "floatValue": 3.14, # float |
| 2094 | "timestampValue": "A String", # timestamp |
| 2095 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2096 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2097 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2098 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2099 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2100 | }, |
| 2101 | }, |
| 2102 | }, |
| 2103 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2104 | }, |
| 2105 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2106 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 2107 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 2108 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2109 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2110 | }, |
| 2111 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2112 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2113 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2114 | }, |
| 2115 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2116 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2117 | }, |
| 2118 | }, |
| 2119 | "commonAlphabet": "A String", # Common alphabets. |
| 2120 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2121 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 2122 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2123 | }, |
| 2124 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 2125 | "name": "A String", # Name describing the field. |
| 2126 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2127 | }, |
| 2128 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 2129 | "partToExtract": "A String", # The part of the time to keep. |
| 2130 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2131 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 2132 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2133 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 2134 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2135 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2136 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2137 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2138 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2139 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2140 | }, |
| 2141 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2142 | "integerValue": "A String", # integer |
| 2143 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2144 | "stringValue": "A String", # string |
| 2145 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2146 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2147 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2148 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2149 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2150 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2151 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2152 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2153 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2154 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 2155 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2156 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2157 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2158 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2159 | }, |
| 2160 | "dayOfWeekValue": "A String", # day of week |
| 2161 | "integerValue": "A String", # integer |
| 2162 | "booleanValue": True or False, # boolean |
| 2163 | "stringValue": "A String", # string |
| 2164 | "floatValue": 3.14, # float |
| 2165 | "timestampValue": "A String", # timestamp |
| 2166 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2167 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2168 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2169 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2170 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2171 | }, |
| 2172 | }, |
| 2173 | }, |
| 2174 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 2175 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 2176 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2177 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2178 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2179 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2180 | }, |
| 2181 | "dayOfWeekValue": "A String", # day of week |
| 2182 | "integerValue": "A String", # integer |
| 2183 | "booleanValue": True or False, # boolean |
| 2184 | "stringValue": "A String", # string |
| 2185 | "floatValue": 3.14, # float |
| 2186 | "timestampValue": "A String", # timestamp |
| 2187 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2188 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2189 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2190 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2191 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2192 | }, |
| 2193 | }, |
| 2194 | }, |
| 2195 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2196 | }, |
| 2197 | }, |
| 2198 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 2199 | { # Type of information detected by the API. |
| 2200 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2201 | }, |
| 2202 | ], |
| 2203 | }, |
| 2204 | ], |
| 2205 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2206 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 2207 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 2208 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 2209 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2210 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2211 | }, |
| 2212 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2213 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2214 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2215 | }, |
| 2216 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2217 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2218 | }, |
| 2219 | }, |
| 2220 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 2221 | "name": "A String", # Name describing the field. |
| 2222 | }, |
| 2223 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 2224 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2225 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2226 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2227 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 2228 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 2229 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 2230 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 2231 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 2232 | }, |
| 2233 | ], |
| 2234 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 2235 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 2236 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 2237 | }, |
| 2238 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 2239 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 2240 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2241 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2242 | }, |
| 2243 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2244 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2245 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2246 | }, |
| 2247 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2248 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2249 | }, |
| 2250 | }, |
| 2251 | }, |
| 2252 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 2253 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 2254 | "name": "A String", # Name describing the field. |
| 2255 | }, |
| 2256 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 2257 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2258 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2259 | }, |
| 2260 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2261 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2262 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2263 | }, |
| 2264 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2265 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2266 | }, |
| 2267 | }, |
| 2268 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 2269 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 2270 | }, |
| 2271 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 2272 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 2273 | { # Bucket is represented as a range, along with replacement values. |
| 2274 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 2275 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2276 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2277 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2278 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2279 | }, |
| 2280 | "dayOfWeekValue": "A String", # day of week |
| 2281 | "integerValue": "A String", # integer |
| 2282 | "booleanValue": True or False, # boolean |
| 2283 | "stringValue": "A String", # string |
| 2284 | "floatValue": 3.14, # float |
| 2285 | "timestampValue": "A String", # timestamp |
| 2286 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2287 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2288 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2289 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2290 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2291 | }, |
| 2292 | }, |
| 2293 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 2294 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2295 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2296 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2297 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2298 | }, |
| 2299 | "dayOfWeekValue": "A String", # day of week |
| 2300 | "integerValue": "A String", # integer |
| 2301 | "booleanValue": True or False, # boolean |
| 2302 | "stringValue": "A String", # string |
| 2303 | "floatValue": 3.14, # float |
| 2304 | "timestampValue": "A String", # timestamp |
| 2305 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2306 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2307 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2308 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2309 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2310 | }, |
| 2311 | }, |
| 2312 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 2313 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2314 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2315 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2316 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2317 | }, |
| 2318 | "dayOfWeekValue": "A String", # day of week |
| 2319 | "integerValue": "A String", # integer |
| 2320 | "booleanValue": True or False, # boolean |
| 2321 | "stringValue": "A String", # string |
| 2322 | "floatValue": 3.14, # float |
| 2323 | "timestampValue": "A String", # timestamp |
| 2324 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2325 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2326 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2327 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2328 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2329 | }, |
| 2330 | }, |
| 2331 | }, |
| 2332 | ], |
| 2333 | }, |
| 2334 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 2335 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 2336 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 2337 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2338 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2339 | }, |
| 2340 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2341 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2342 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2343 | }, |
| 2344 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2345 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2346 | }, |
| 2347 | }, |
| 2348 | "commonAlphabet": "A String", # Common alphabets. |
| 2349 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 2350 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 2351 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2352 | }, |
| 2353 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 2354 | "name": "A String", # Name describing the field. |
| 2355 | }, |
| 2356 | }, |
| 2357 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 2358 | "partToExtract": "A String", # The part of the time to keep. |
| 2359 | }, |
| 2360 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 2361 | }, |
| 2362 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 2363 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 2364 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 2365 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2366 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2367 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2368 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2369 | }, |
| 2370 | "dayOfWeekValue": "A String", # day of week |
| 2371 | "integerValue": "A String", # integer |
| 2372 | "booleanValue": True or False, # boolean |
| 2373 | "stringValue": "A String", # string |
| 2374 | "floatValue": 3.14, # float |
| 2375 | "timestampValue": "A String", # timestamp |
| 2376 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2377 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2378 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2379 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2380 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2381 | }, |
| 2382 | }, |
| 2383 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 2384 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2385 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2386 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2387 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2388 | }, |
| 2389 | "dayOfWeekValue": "A String", # day of week |
| 2390 | "integerValue": "A String", # integer |
| 2391 | "booleanValue": True or False, # boolean |
| 2392 | "stringValue": "A String", # string |
| 2393 | "floatValue": 3.14, # float |
| 2394 | "timestampValue": "A String", # timestamp |
| 2395 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2396 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2397 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2398 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2399 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2400 | }, |
| 2401 | }, |
| 2402 | }, |
| 2403 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 2404 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 2405 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2406 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2407 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2408 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2409 | }, |
| 2410 | "dayOfWeekValue": "A String", # day of week |
| 2411 | "integerValue": "A String", # integer |
| 2412 | "booleanValue": True or False, # boolean |
| 2413 | "stringValue": "A String", # string |
| 2414 | "floatValue": 3.14, # float |
| 2415 | "timestampValue": "A String", # timestamp |
| 2416 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2417 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2418 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2419 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2420 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2421 | }, |
| 2422 | }, |
| 2423 | }, |
| 2424 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 2425 | }, |
| 2426 | }, |
| 2427 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 2428 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 2429 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 2430 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 2431 | "conditions": [ # A collection of conditions. |
| 2432 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 2433 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 2434 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2435 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2436 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2437 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2438 | }, |
| 2439 | "dayOfWeekValue": "A String", # day of week |
| 2440 | "integerValue": "A String", # integer |
| 2441 | "booleanValue": True or False, # boolean |
| 2442 | "stringValue": "A String", # string |
| 2443 | "floatValue": 3.14, # float |
| 2444 | "timestampValue": "A String", # timestamp |
| 2445 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2446 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2447 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2448 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2449 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2450 | }, |
| 2451 | }, |
| 2452 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 2453 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 2454 | "name": "A String", # Name describing the field. |
| 2455 | }, |
| 2456 | }, |
| 2457 | ], |
| 2458 | }, |
| 2459 | }, |
| 2460 | }, |
| 2461 | }, |
| 2462 | ], |
| 2463 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 2464 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 2465 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 2466 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 2467 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 2468 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 2469 | "conditions": [ # A collection of conditions. |
| 2470 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 2471 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 2472 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2473 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2474 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2475 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2476 | }, |
| 2477 | "dayOfWeekValue": "A String", # day of week |
| 2478 | "integerValue": "A String", # integer |
| 2479 | "booleanValue": True or False, # boolean |
| 2480 | "stringValue": "A String", # string |
| 2481 | "floatValue": 3.14, # float |
| 2482 | "timestampValue": "A String", # timestamp |
| 2483 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2484 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2485 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2486 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2487 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2488 | }, |
| 2489 | }, |
| 2490 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 2491 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 2492 | "name": "A String", # Name describing the field. |
| 2493 | }, |
| 2494 | }, |
| 2495 | ], |
| 2496 | }, |
| 2497 | }, |
| 2498 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2499 | }, |
| 2500 | ], |
| 2501 | }, |
| 2502 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2503 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2504 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2505 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2506 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 2507 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2508 | }</pre> |
| 2509 | </div> |
| 2510 | |
| 2511 | <div class="method"> |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2512 | <code class="details" id="list">list(parent, locationId=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2513 | <pre>Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2514 | |
| 2515 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2516 | parent: string, Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/dlp/docs/specifying-location): + Projects scope, location specified: `projects/`PROJECT_ID`/locations/`LOCATION_ID + Projects scope, no location specified (defaults to global): `projects/`PROJECT_ID + Organizations scope, location specified: `organizations/`ORG_ID`/locations/`LOCATION_ID + Organizations scope, no location specified (defaults to global): `organizations/`ORG_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required) |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2517 | locationId: string, Deprecated. This field has no effect. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2518 | orderBy: string, Comma separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to time the template was created. - `update_time`: corresponds to time the template was last updated. - `name`: corresponds to template's name. - `display_name`: corresponds to template's display name. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2519 | pageSize: integer, Size of the page, can be limited by server. If zero server returns a page of max size 100. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2520 | pageToken: string, Page token to continue retrieval. Comes from previous call to `ListDeidentifyTemplates`. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2521 | x__xgafv: string, V1 error format. |
| 2522 | Allowed values |
| 2523 | 1 - v1 error format |
| 2524 | 2 - v2 error format |
| 2525 | |
| 2526 | Returns: |
| 2527 | An object of the form: |
| 2528 | |
| 2529 | { # Response message for ListDeidentifyTemplates. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2530 | "nextPageToken": "A String", # If the next page is available then the next page token to be used in following ListDeidentifyTemplates request. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2531 | "deidentifyTemplates": [ # List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest. |
| 2532 | { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. |
| 2533 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2534 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 2535 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 2536 | }, |
| 2537 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 2538 | }, |
| 2539 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2540 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 2541 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 2542 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2543 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2544 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 2545 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2546 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2547 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2548 | }, |
| 2549 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2550 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2551 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2552 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2553 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2554 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2555 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2556 | }, |
| 2557 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 2558 | "name": "A String", # Name describing the field. |
| 2559 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2560 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 2561 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2562 | }, |
| 2563 | }, |
| 2564 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 2565 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 2566 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 2567 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 2568 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2569 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2570 | ], |
| 2571 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 2572 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 2573 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 2574 | }, |
| 2575 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 2576 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2577 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2578 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2579 | }, |
| 2580 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2581 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2582 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2583 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2584 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2585 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2586 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2587 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2588 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2589 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 2590 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 2591 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2592 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2593 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 2594 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2595 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2596 | }, |
| 2597 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2598 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2599 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2600 | }, |
| 2601 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2602 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2603 | }, |
| 2604 | }, |
| 2605 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 2606 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 2607 | }, |
| 2608 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 2609 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 2610 | { # Bucket is represented as a range, along with replacement values. |
| 2611 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 2612 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2613 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2614 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2615 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2616 | }, |
| 2617 | "dayOfWeekValue": "A String", # day of week |
| 2618 | "integerValue": "A String", # integer |
| 2619 | "booleanValue": True or False, # boolean |
| 2620 | "stringValue": "A String", # string |
| 2621 | "floatValue": 3.14, # float |
| 2622 | "timestampValue": "A String", # timestamp |
| 2623 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2624 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2625 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2626 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2627 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2628 | }, |
| 2629 | }, |
| 2630 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 2631 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2632 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2633 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2634 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2635 | }, |
| 2636 | "dayOfWeekValue": "A String", # day of week |
| 2637 | "integerValue": "A String", # integer |
| 2638 | "booleanValue": True or False, # boolean |
| 2639 | "stringValue": "A String", # string |
| 2640 | "floatValue": 3.14, # float |
| 2641 | "timestampValue": "A String", # timestamp |
| 2642 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2643 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2644 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2645 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2646 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2647 | }, |
| 2648 | }, |
| 2649 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 2650 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2651 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2652 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2653 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2654 | }, |
| 2655 | "dayOfWeekValue": "A String", # day of week |
| 2656 | "integerValue": "A String", # integer |
| 2657 | "booleanValue": True or False, # boolean |
| 2658 | "stringValue": "A String", # string |
| 2659 | "floatValue": 3.14, # float |
| 2660 | "timestampValue": "A String", # timestamp |
| 2661 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2662 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2663 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2664 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2665 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2666 | }, |
| 2667 | }, |
| 2668 | }, |
| 2669 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2670 | }, |
| 2671 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2672 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 2673 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 2674 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2675 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2676 | }, |
| 2677 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2678 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2679 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2680 | }, |
| 2681 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2682 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2683 | }, |
| 2684 | }, |
| 2685 | "commonAlphabet": "A String", # Common alphabets. |
| 2686 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2687 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 2688 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2689 | }, |
| 2690 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 2691 | "name": "A String", # Name describing the field. |
| 2692 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2693 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2694 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 2695 | "partToExtract": "A String", # The part of the time to keep. |
| 2696 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2697 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 2698 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2699 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 2700 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2701 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2702 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2703 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2704 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2705 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2706 | }, |
| 2707 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2708 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 2709 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2710 | "stringValue": "A String", # string |
| 2711 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2712 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2713 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2714 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2715 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2716 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2717 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2718 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2719 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2720 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 2721 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2722 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2723 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2724 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2725 | }, |
| 2726 | "dayOfWeekValue": "A String", # day of week |
| 2727 | "integerValue": "A String", # integer |
| 2728 | "booleanValue": True or False, # boolean |
| 2729 | "stringValue": "A String", # string |
| 2730 | "floatValue": 3.14, # float |
| 2731 | "timestampValue": "A String", # timestamp |
| 2732 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2733 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2734 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2735 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2736 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2737 | }, |
| 2738 | }, |
| 2739 | }, |
| 2740 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 2741 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 2742 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2743 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2744 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2745 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2746 | }, |
| 2747 | "dayOfWeekValue": "A String", # day of week |
| 2748 | "integerValue": "A String", # integer |
| 2749 | "booleanValue": True or False, # boolean |
| 2750 | "stringValue": "A String", # string |
| 2751 | "floatValue": 3.14, # float |
| 2752 | "timestampValue": "A String", # timestamp |
| 2753 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2754 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2755 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2756 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2757 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2758 | }, |
| 2759 | }, |
| 2760 | }, |
| 2761 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2762 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2763 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2764 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 2765 | { # Type of information detected by the API. |
| 2766 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2767 | }, |
| 2768 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 2769 | }, |
| 2770 | ], |
| 2771 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2772 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 2773 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 2774 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2775 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 2776 | { # General identifier of a data field in a storage service. |
| 2777 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2778 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2779 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2780 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 2781 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 2782 | { # A transformation to apply to text that is identified as a specific info_type. |
| 2783 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2784 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 2785 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2786 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2787 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2788 | }, |
| 2789 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2790 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2791 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2792 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2793 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2794 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2795 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2796 | }, |
| 2797 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 2798 | "name": "A String", # Name describing the field. |
| 2799 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2800 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 2801 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2802 | }, |
| 2803 | }, |
| 2804 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 2805 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 2806 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 2807 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 2808 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2809 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2810 | ], |
| 2811 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 2812 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 2813 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 2814 | }, |
| 2815 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 2816 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2817 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2818 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2819 | }, |
| 2820 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2821 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2822 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2823 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2824 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2825 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2826 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2827 | }, |
| 2828 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2829 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 2830 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 2831 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2832 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2833 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 2834 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2835 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2836 | }, |
| 2837 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2838 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2839 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2840 | }, |
| 2841 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2842 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2843 | }, |
| 2844 | }, |
| 2845 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 2846 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 2847 | }, |
| 2848 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 2849 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 2850 | { # Bucket is represented as a range, along with replacement values. |
| 2851 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 2852 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2853 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2854 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2855 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2856 | }, |
| 2857 | "dayOfWeekValue": "A String", # day of week |
| 2858 | "integerValue": "A String", # integer |
| 2859 | "booleanValue": True or False, # boolean |
| 2860 | "stringValue": "A String", # string |
| 2861 | "floatValue": 3.14, # float |
| 2862 | "timestampValue": "A String", # timestamp |
| 2863 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2864 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2865 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2866 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2867 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2868 | }, |
| 2869 | }, |
| 2870 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 2871 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2872 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2873 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2874 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2875 | }, |
| 2876 | "dayOfWeekValue": "A String", # day of week |
| 2877 | "integerValue": "A String", # integer |
| 2878 | "booleanValue": True or False, # boolean |
| 2879 | "stringValue": "A String", # string |
| 2880 | "floatValue": 3.14, # float |
| 2881 | "timestampValue": "A String", # timestamp |
| 2882 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2883 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2884 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2885 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2886 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2887 | }, |
| 2888 | }, |
| 2889 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 2890 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2891 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2892 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2893 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2894 | }, |
| 2895 | "dayOfWeekValue": "A String", # day of week |
| 2896 | "integerValue": "A String", # integer |
| 2897 | "booleanValue": True or False, # boolean |
| 2898 | "stringValue": "A String", # string |
| 2899 | "floatValue": 3.14, # float |
| 2900 | "timestampValue": "A String", # timestamp |
| 2901 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2902 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2903 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2904 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2905 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2906 | }, |
| 2907 | }, |
| 2908 | }, |
| 2909 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2910 | }, |
| 2911 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2912 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 2913 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 2914 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 2915 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 2916 | }, |
| 2917 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 2918 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 2919 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 2920 | }, |
| 2921 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 2922 | "key": "A String", # Required. A 128/192/256 bit key. |
| 2923 | }, |
| 2924 | }, |
| 2925 | "commonAlphabet": "A String", # Common alphabets. |
| 2926 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2927 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 2928 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 2929 | }, |
| 2930 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 2931 | "name": "A String", # Name describing the field. |
| 2932 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2933 | }, |
| 2934 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 2935 | "partToExtract": "A String", # The part of the time to keep. |
| 2936 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2937 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 2938 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2939 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 2940 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2941 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2942 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2943 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2944 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2945 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2946 | }, |
| 2947 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2948 | "integerValue": "A String", # integer |
| 2949 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2950 | "stringValue": "A String", # string |
| 2951 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2952 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2953 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2954 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2955 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2956 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2957 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2958 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 2959 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 2960 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 2961 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2962 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2963 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2964 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2965 | }, |
| 2966 | "dayOfWeekValue": "A String", # day of week |
| 2967 | "integerValue": "A String", # integer |
| 2968 | "booleanValue": True or False, # boolean |
| 2969 | "stringValue": "A String", # string |
| 2970 | "floatValue": 3.14, # float |
| 2971 | "timestampValue": "A String", # timestamp |
| 2972 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2973 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2974 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2975 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2976 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2977 | }, |
| 2978 | }, |
| 2979 | }, |
| 2980 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 2981 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 2982 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 2983 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 2984 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 2985 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 2986 | }, |
| 2987 | "dayOfWeekValue": "A String", # day of week |
| 2988 | "integerValue": "A String", # integer |
| 2989 | "booleanValue": True or False, # boolean |
| 2990 | "stringValue": "A String", # string |
| 2991 | "floatValue": 3.14, # float |
| 2992 | "timestampValue": "A String", # timestamp |
| 2993 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 2994 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 2995 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 2996 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 2997 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 2998 | }, |
| 2999 | }, |
| 3000 | }, |
| 3001 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3002 | }, |
| 3003 | }, |
| 3004 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 3005 | { # Type of information detected by the API. |
| 3006 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3007 | }, |
| 3008 | ], |
| 3009 | }, |
| 3010 | ], |
| 3011 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3012 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 3013 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 3014 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 3015 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3016 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3017 | }, |
| 3018 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3019 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3020 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3021 | }, |
| 3022 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3023 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3024 | }, |
| 3025 | }, |
| 3026 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 3027 | "name": "A String", # Name describing the field. |
| 3028 | }, |
| 3029 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 3030 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3031 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3032 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3033 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 3034 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 3035 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 3036 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 3037 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 3038 | }, |
| 3039 | ], |
| 3040 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 3041 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 3042 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 3043 | }, |
| 3044 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 3045 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 3046 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3047 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3048 | }, |
| 3049 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3050 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3051 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3052 | }, |
| 3053 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3054 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3055 | }, |
| 3056 | }, |
| 3057 | }, |
| 3058 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 3059 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 3060 | "name": "A String", # Name describing the field. |
| 3061 | }, |
| 3062 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 3063 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3064 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3065 | }, |
| 3066 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3067 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3068 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3069 | }, |
| 3070 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3071 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3072 | }, |
| 3073 | }, |
| 3074 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 3075 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 3076 | }, |
| 3077 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 3078 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 3079 | { # Bucket is represented as a range, along with replacement values. |
| 3080 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 3081 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3082 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3083 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3084 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3085 | }, |
| 3086 | "dayOfWeekValue": "A String", # day of week |
| 3087 | "integerValue": "A String", # integer |
| 3088 | "booleanValue": True or False, # boolean |
| 3089 | "stringValue": "A String", # string |
| 3090 | "floatValue": 3.14, # float |
| 3091 | "timestampValue": "A String", # timestamp |
| 3092 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3093 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3094 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3095 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3096 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3097 | }, |
| 3098 | }, |
| 3099 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 3100 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3101 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3102 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3103 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3104 | }, |
| 3105 | "dayOfWeekValue": "A String", # day of week |
| 3106 | "integerValue": "A String", # integer |
| 3107 | "booleanValue": True or False, # boolean |
| 3108 | "stringValue": "A String", # string |
| 3109 | "floatValue": 3.14, # float |
| 3110 | "timestampValue": "A String", # timestamp |
| 3111 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3112 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3113 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3114 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3115 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3116 | }, |
| 3117 | }, |
| 3118 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 3119 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3120 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3121 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3122 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3123 | }, |
| 3124 | "dayOfWeekValue": "A String", # day of week |
| 3125 | "integerValue": "A String", # integer |
| 3126 | "booleanValue": True or False, # boolean |
| 3127 | "stringValue": "A String", # string |
| 3128 | "floatValue": 3.14, # float |
| 3129 | "timestampValue": "A String", # timestamp |
| 3130 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3131 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3132 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3133 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3134 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3135 | }, |
| 3136 | }, |
| 3137 | }, |
| 3138 | ], |
| 3139 | }, |
| 3140 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 3141 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 3142 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 3143 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3144 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3145 | }, |
| 3146 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3147 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3148 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3149 | }, |
| 3150 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3151 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3152 | }, |
| 3153 | }, |
| 3154 | "commonAlphabet": "A String", # Common alphabets. |
| 3155 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 3156 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 3157 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3158 | }, |
| 3159 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 3160 | "name": "A String", # Name describing the field. |
| 3161 | }, |
| 3162 | }, |
| 3163 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 3164 | "partToExtract": "A String", # The part of the time to keep. |
| 3165 | }, |
| 3166 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 3167 | }, |
| 3168 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 3169 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 3170 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 3171 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3172 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3173 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3174 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3175 | }, |
| 3176 | "dayOfWeekValue": "A String", # day of week |
| 3177 | "integerValue": "A String", # integer |
| 3178 | "booleanValue": True or False, # boolean |
| 3179 | "stringValue": "A String", # string |
| 3180 | "floatValue": 3.14, # float |
| 3181 | "timestampValue": "A String", # timestamp |
| 3182 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3183 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3184 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3185 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3186 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3187 | }, |
| 3188 | }, |
| 3189 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 3190 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3191 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3192 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3193 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3194 | }, |
| 3195 | "dayOfWeekValue": "A String", # day of week |
| 3196 | "integerValue": "A String", # integer |
| 3197 | "booleanValue": True or False, # boolean |
| 3198 | "stringValue": "A String", # string |
| 3199 | "floatValue": 3.14, # float |
| 3200 | "timestampValue": "A String", # timestamp |
| 3201 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3202 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3203 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3204 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3205 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3206 | }, |
| 3207 | }, |
| 3208 | }, |
| 3209 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 3210 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 3211 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3212 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3213 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3214 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3215 | }, |
| 3216 | "dayOfWeekValue": "A String", # day of week |
| 3217 | "integerValue": "A String", # integer |
| 3218 | "booleanValue": True or False, # boolean |
| 3219 | "stringValue": "A String", # string |
| 3220 | "floatValue": 3.14, # float |
| 3221 | "timestampValue": "A String", # timestamp |
| 3222 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3223 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3224 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3225 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3226 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3227 | }, |
| 3228 | }, |
| 3229 | }, |
| 3230 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 3231 | }, |
| 3232 | }, |
| 3233 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 3234 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 3235 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 3236 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 3237 | "conditions": [ # A collection of conditions. |
| 3238 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 3239 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 3240 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3241 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3242 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3243 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3244 | }, |
| 3245 | "dayOfWeekValue": "A String", # day of week |
| 3246 | "integerValue": "A String", # integer |
| 3247 | "booleanValue": True or False, # boolean |
| 3248 | "stringValue": "A String", # string |
| 3249 | "floatValue": 3.14, # float |
| 3250 | "timestampValue": "A String", # timestamp |
| 3251 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3252 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3253 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3254 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3255 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3256 | }, |
| 3257 | }, |
| 3258 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 3259 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 3260 | "name": "A String", # Name describing the field. |
| 3261 | }, |
| 3262 | }, |
| 3263 | ], |
| 3264 | }, |
| 3265 | }, |
| 3266 | }, |
| 3267 | }, |
| 3268 | ], |
| 3269 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 3270 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 3271 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 3272 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 3273 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 3274 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 3275 | "conditions": [ # A collection of conditions. |
| 3276 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 3277 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 3278 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3279 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3280 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3281 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3282 | }, |
| 3283 | "dayOfWeekValue": "A String", # day of week |
| 3284 | "integerValue": "A String", # integer |
| 3285 | "booleanValue": True or False, # boolean |
| 3286 | "stringValue": "A String", # string |
| 3287 | "floatValue": 3.14, # float |
| 3288 | "timestampValue": "A String", # timestamp |
| 3289 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3290 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3291 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3292 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3293 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3294 | }, |
| 3295 | }, |
| 3296 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 3297 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 3298 | "name": "A String", # Name describing the field. |
| 3299 | }, |
| 3300 | }, |
| 3301 | ], |
| 3302 | }, |
| 3303 | }, |
| 3304 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3305 | }, |
| 3306 | ], |
| 3307 | }, |
| 3308 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3309 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3310 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3311 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3312 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 3313 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3314 | }, |
| 3315 | ], |
| 3316 | }</pre> |
| 3317 | </div> |
| 3318 | |
| 3319 | <div class="method"> |
| 3320 | <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| 3321 | <pre>Retrieves the next page of results. |
| 3322 | |
| 3323 | Args: |
| 3324 | previous_request: The request for the previous page. (required) |
| 3325 | previous_response: The response from the request for the previous page. (required) |
| 3326 | |
| 3327 | Returns: |
| 3328 | A request object that you can call 'execute()' on to request the next |
| 3329 | page. Returns None if there are no more items in the collection. |
| 3330 | </pre> |
| 3331 | </div> |
| 3332 | |
| 3333 | <div class="method"> |
| 3334 | <code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3335 | <pre>Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3336 | |
| 3337 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3338 | name: string, Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342. (required) |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3339 | body: object, The request body. |
| 3340 | The object takes the form of: |
| 3341 | |
| 3342 | { # Request message for UpdateDeidentifyTemplate. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3343 | "updateMask": "A String", # Mask to control which fields get updated. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3344 | "deidentifyTemplate": { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. # New DeidentifyTemplate value. |
| 3345 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3346 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 3347 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 3348 | }, |
| 3349 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 3350 | }, |
| 3351 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3352 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 3353 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 3354 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3355 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3356 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 3357 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3358 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3359 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3360 | }, |
| 3361 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3362 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3363 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3364 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3365 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3366 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3367 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3368 | }, |
| 3369 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 3370 | "name": "A String", # Name describing the field. |
| 3371 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3372 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 3373 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3374 | }, |
| 3375 | }, |
| 3376 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 3377 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 3378 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 3379 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 3380 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3381 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3382 | ], |
| 3383 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 3384 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 3385 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 3386 | }, |
| 3387 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 3388 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3389 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3390 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3391 | }, |
| 3392 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3393 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3394 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3395 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3396 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3397 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3398 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3399 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3400 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3401 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 3402 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 3403 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3404 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3405 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 3406 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3407 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3408 | }, |
| 3409 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3410 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3411 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3412 | }, |
| 3413 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3414 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3415 | }, |
| 3416 | }, |
| 3417 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 3418 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 3419 | }, |
| 3420 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 3421 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 3422 | { # Bucket is represented as a range, along with replacement values. |
| 3423 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 3424 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3425 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3426 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3427 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3428 | }, |
| 3429 | "dayOfWeekValue": "A String", # day of week |
| 3430 | "integerValue": "A String", # integer |
| 3431 | "booleanValue": True or False, # boolean |
| 3432 | "stringValue": "A String", # string |
| 3433 | "floatValue": 3.14, # float |
| 3434 | "timestampValue": "A String", # timestamp |
| 3435 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3436 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3437 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3438 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3439 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3440 | }, |
| 3441 | }, |
| 3442 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 3443 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3444 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3445 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3446 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3447 | }, |
| 3448 | "dayOfWeekValue": "A String", # day of week |
| 3449 | "integerValue": "A String", # integer |
| 3450 | "booleanValue": True or False, # boolean |
| 3451 | "stringValue": "A String", # string |
| 3452 | "floatValue": 3.14, # float |
| 3453 | "timestampValue": "A String", # timestamp |
| 3454 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3455 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3456 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3457 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3458 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3459 | }, |
| 3460 | }, |
| 3461 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 3462 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3463 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3464 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3465 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3466 | }, |
| 3467 | "dayOfWeekValue": "A String", # day of week |
| 3468 | "integerValue": "A String", # integer |
| 3469 | "booleanValue": True or False, # boolean |
| 3470 | "stringValue": "A String", # string |
| 3471 | "floatValue": 3.14, # float |
| 3472 | "timestampValue": "A String", # timestamp |
| 3473 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3474 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3475 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3476 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3477 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3478 | }, |
| 3479 | }, |
| 3480 | }, |
| 3481 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3482 | }, |
| 3483 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3484 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 3485 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 3486 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3487 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3488 | }, |
| 3489 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3490 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3491 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3492 | }, |
| 3493 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3494 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3495 | }, |
| 3496 | }, |
| 3497 | "commonAlphabet": "A String", # Common alphabets. |
| 3498 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3499 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 3500 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3501 | }, |
| 3502 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 3503 | "name": "A String", # Name describing the field. |
| 3504 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3505 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3506 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 3507 | "partToExtract": "A String", # The part of the time to keep. |
| 3508 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3509 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 3510 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3511 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 3512 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3513 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3514 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3515 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3516 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3517 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3518 | }, |
| 3519 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3520 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3521 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3522 | "stringValue": "A String", # string |
| 3523 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3524 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3525 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3526 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3527 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3528 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3529 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3530 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3531 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3532 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 3533 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3534 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3535 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3536 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3537 | }, |
| 3538 | "dayOfWeekValue": "A String", # day of week |
| 3539 | "integerValue": "A String", # integer |
| 3540 | "booleanValue": True or False, # boolean |
| 3541 | "stringValue": "A String", # string |
| 3542 | "floatValue": 3.14, # float |
| 3543 | "timestampValue": "A String", # timestamp |
| 3544 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3545 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3546 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3547 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3548 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3549 | }, |
| 3550 | }, |
| 3551 | }, |
| 3552 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 3553 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 3554 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3555 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3556 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3557 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3558 | }, |
| 3559 | "dayOfWeekValue": "A String", # day of week |
| 3560 | "integerValue": "A String", # integer |
| 3561 | "booleanValue": True or False, # boolean |
| 3562 | "stringValue": "A String", # string |
| 3563 | "floatValue": 3.14, # float |
| 3564 | "timestampValue": "A String", # timestamp |
| 3565 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3566 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3567 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3568 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3569 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3570 | }, |
| 3571 | }, |
| 3572 | }, |
| 3573 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3574 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3575 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3576 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 3577 | { # Type of information detected by the API. |
| 3578 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3579 | }, |
| 3580 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 3581 | }, |
| 3582 | ], |
| 3583 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3584 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 3585 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 3586 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3587 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 3588 | { # General identifier of a data field in a storage service. |
| 3589 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3590 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3591 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3592 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 3593 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 3594 | { # A transformation to apply to text that is identified as a specific info_type. |
| 3595 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3596 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 3597 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3598 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3599 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3600 | }, |
| 3601 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3602 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3603 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3604 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3605 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3606 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3607 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3608 | }, |
| 3609 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 3610 | "name": "A String", # Name describing the field. |
| 3611 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3612 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 3613 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3614 | }, |
| 3615 | }, |
| 3616 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 3617 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 3618 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 3619 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 3620 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3621 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3622 | ], |
| 3623 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 3624 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 3625 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 3626 | }, |
| 3627 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 3628 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3629 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3630 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3631 | }, |
| 3632 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3633 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3634 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3635 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3636 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3637 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3638 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3639 | }, |
| 3640 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3641 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 3642 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 3643 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3644 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3645 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 3646 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3647 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3648 | }, |
| 3649 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3650 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3651 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3652 | }, |
| 3653 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3654 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3655 | }, |
| 3656 | }, |
| 3657 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 3658 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 3659 | }, |
| 3660 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 3661 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 3662 | { # Bucket is represented as a range, along with replacement values. |
| 3663 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 3664 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3665 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3666 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3667 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3668 | }, |
| 3669 | "dayOfWeekValue": "A String", # day of week |
| 3670 | "integerValue": "A String", # integer |
| 3671 | "booleanValue": True or False, # boolean |
| 3672 | "stringValue": "A String", # string |
| 3673 | "floatValue": 3.14, # float |
| 3674 | "timestampValue": "A String", # timestamp |
| 3675 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3676 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3677 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3678 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3679 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3680 | }, |
| 3681 | }, |
| 3682 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 3683 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3684 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3685 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3686 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3687 | }, |
| 3688 | "dayOfWeekValue": "A String", # day of week |
| 3689 | "integerValue": "A String", # integer |
| 3690 | "booleanValue": True or False, # boolean |
| 3691 | "stringValue": "A String", # string |
| 3692 | "floatValue": 3.14, # float |
| 3693 | "timestampValue": "A String", # timestamp |
| 3694 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3695 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3696 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3697 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3698 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3699 | }, |
| 3700 | }, |
| 3701 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 3702 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3703 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3704 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3705 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3706 | }, |
| 3707 | "dayOfWeekValue": "A String", # day of week |
| 3708 | "integerValue": "A String", # integer |
| 3709 | "booleanValue": True or False, # boolean |
| 3710 | "stringValue": "A String", # string |
| 3711 | "floatValue": 3.14, # float |
| 3712 | "timestampValue": "A String", # timestamp |
| 3713 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3714 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3715 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3716 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3717 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3718 | }, |
| 3719 | }, |
| 3720 | }, |
| 3721 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3722 | }, |
| 3723 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3724 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 3725 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 3726 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3727 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3728 | }, |
| 3729 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3730 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3731 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3732 | }, |
| 3733 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3734 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3735 | }, |
| 3736 | }, |
| 3737 | "commonAlphabet": "A String", # Common alphabets. |
| 3738 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3739 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 3740 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3741 | }, |
| 3742 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 3743 | "name": "A String", # Name describing the field. |
| 3744 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3745 | }, |
| 3746 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 3747 | "partToExtract": "A String", # The part of the time to keep. |
| 3748 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3749 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 3750 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3751 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 3752 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3753 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3754 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3755 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3756 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3757 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3758 | }, |
| 3759 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3760 | "integerValue": "A String", # integer |
| 3761 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3762 | "stringValue": "A String", # string |
| 3763 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3764 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3765 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3766 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3767 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3768 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3769 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3770 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3771 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3772 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 3773 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3774 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3775 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3776 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3777 | }, |
| 3778 | "dayOfWeekValue": "A String", # day of week |
| 3779 | "integerValue": "A String", # integer |
| 3780 | "booleanValue": True or False, # boolean |
| 3781 | "stringValue": "A String", # string |
| 3782 | "floatValue": 3.14, # float |
| 3783 | "timestampValue": "A String", # timestamp |
| 3784 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3785 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3786 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3787 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3788 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3789 | }, |
| 3790 | }, |
| 3791 | }, |
| 3792 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 3793 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 3794 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3795 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3796 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3797 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3798 | }, |
| 3799 | "dayOfWeekValue": "A String", # day of week |
| 3800 | "integerValue": "A String", # integer |
| 3801 | "booleanValue": True or False, # boolean |
| 3802 | "stringValue": "A String", # string |
| 3803 | "floatValue": 3.14, # float |
| 3804 | "timestampValue": "A String", # timestamp |
| 3805 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3806 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3807 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3808 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3809 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3810 | }, |
| 3811 | }, |
| 3812 | }, |
| 3813 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 3814 | }, |
| 3815 | }, |
| 3816 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 3817 | { # Type of information detected by the API. |
| 3818 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3819 | }, |
| 3820 | ], |
| 3821 | }, |
| 3822 | ], |
| 3823 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3824 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 3825 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 3826 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 3827 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3828 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3829 | }, |
| 3830 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3831 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3832 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3833 | }, |
| 3834 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3835 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3836 | }, |
| 3837 | }, |
| 3838 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 3839 | "name": "A String", # Name describing the field. |
| 3840 | }, |
| 3841 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 3842 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3843 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 3844 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 3845 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 3846 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 3847 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 3848 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 3849 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 3850 | }, |
| 3851 | ], |
| 3852 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 3853 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 3854 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 3855 | }, |
| 3856 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 3857 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 3858 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3859 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3860 | }, |
| 3861 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3862 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3863 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3864 | }, |
| 3865 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3866 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3867 | }, |
| 3868 | }, |
| 3869 | }, |
| 3870 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 3871 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 3872 | "name": "A String", # Name describing the field. |
| 3873 | }, |
| 3874 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 3875 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3876 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3877 | }, |
| 3878 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3879 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3880 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3881 | }, |
| 3882 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3883 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3884 | }, |
| 3885 | }, |
| 3886 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 3887 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 3888 | }, |
| 3889 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 3890 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 3891 | { # Bucket is represented as a range, along with replacement values. |
| 3892 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 3893 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3894 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3895 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3896 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3897 | }, |
| 3898 | "dayOfWeekValue": "A String", # day of week |
| 3899 | "integerValue": "A String", # integer |
| 3900 | "booleanValue": True or False, # boolean |
| 3901 | "stringValue": "A String", # string |
| 3902 | "floatValue": 3.14, # float |
| 3903 | "timestampValue": "A String", # timestamp |
| 3904 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3905 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3906 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3907 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3908 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3909 | }, |
| 3910 | }, |
| 3911 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 3912 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3913 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3914 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3915 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3916 | }, |
| 3917 | "dayOfWeekValue": "A String", # day of week |
| 3918 | "integerValue": "A String", # integer |
| 3919 | "booleanValue": True or False, # boolean |
| 3920 | "stringValue": "A String", # string |
| 3921 | "floatValue": 3.14, # float |
| 3922 | "timestampValue": "A String", # timestamp |
| 3923 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3924 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3925 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3926 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3927 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3928 | }, |
| 3929 | }, |
| 3930 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 3931 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3932 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3933 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3934 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3935 | }, |
| 3936 | "dayOfWeekValue": "A String", # day of week |
| 3937 | "integerValue": "A String", # integer |
| 3938 | "booleanValue": True or False, # boolean |
| 3939 | "stringValue": "A String", # string |
| 3940 | "floatValue": 3.14, # float |
| 3941 | "timestampValue": "A String", # timestamp |
| 3942 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3943 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3944 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3945 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3946 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3947 | }, |
| 3948 | }, |
| 3949 | }, |
| 3950 | ], |
| 3951 | }, |
| 3952 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 3953 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 3954 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 3955 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 3956 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 3957 | }, |
| 3958 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 3959 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 3960 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 3961 | }, |
| 3962 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 3963 | "key": "A String", # Required. A 128/192/256 bit key. |
| 3964 | }, |
| 3965 | }, |
| 3966 | "commonAlphabet": "A String", # Common alphabets. |
| 3967 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 3968 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 3969 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 3970 | }, |
| 3971 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 3972 | "name": "A String", # Name describing the field. |
| 3973 | }, |
| 3974 | }, |
| 3975 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 3976 | "partToExtract": "A String", # The part of the time to keep. |
| 3977 | }, |
| 3978 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 3979 | }, |
| 3980 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 3981 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 3982 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 3983 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 3984 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 3985 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 3986 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 3987 | }, |
| 3988 | "dayOfWeekValue": "A String", # day of week |
| 3989 | "integerValue": "A String", # integer |
| 3990 | "booleanValue": True or False, # boolean |
| 3991 | "stringValue": "A String", # string |
| 3992 | "floatValue": 3.14, # float |
| 3993 | "timestampValue": "A String", # timestamp |
| 3994 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 3995 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 3996 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 3997 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 3998 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 3999 | }, |
| 4000 | }, |
| 4001 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 4002 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4003 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4004 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4005 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4006 | }, |
| 4007 | "dayOfWeekValue": "A String", # day of week |
| 4008 | "integerValue": "A String", # integer |
| 4009 | "booleanValue": True or False, # boolean |
| 4010 | "stringValue": "A String", # string |
| 4011 | "floatValue": 3.14, # float |
| 4012 | "timestampValue": "A String", # timestamp |
| 4013 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4014 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4015 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4016 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4017 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4018 | }, |
| 4019 | }, |
| 4020 | }, |
| 4021 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 4022 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 4023 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4024 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4025 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4026 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4027 | }, |
| 4028 | "dayOfWeekValue": "A String", # day of week |
| 4029 | "integerValue": "A String", # integer |
| 4030 | "booleanValue": True or False, # boolean |
| 4031 | "stringValue": "A String", # string |
| 4032 | "floatValue": 3.14, # float |
| 4033 | "timestampValue": "A String", # timestamp |
| 4034 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4035 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4036 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4037 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4038 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4039 | }, |
| 4040 | }, |
| 4041 | }, |
| 4042 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 4043 | }, |
| 4044 | }, |
| 4045 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 4046 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 4047 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 4048 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 4049 | "conditions": [ # A collection of conditions. |
| 4050 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 4051 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 4052 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4053 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4054 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4055 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4056 | }, |
| 4057 | "dayOfWeekValue": "A String", # day of week |
| 4058 | "integerValue": "A String", # integer |
| 4059 | "booleanValue": True or False, # boolean |
| 4060 | "stringValue": "A String", # string |
| 4061 | "floatValue": 3.14, # float |
| 4062 | "timestampValue": "A String", # timestamp |
| 4063 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4064 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4065 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4066 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4067 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4068 | }, |
| 4069 | }, |
| 4070 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 4071 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 4072 | "name": "A String", # Name describing the field. |
| 4073 | }, |
| 4074 | }, |
| 4075 | ], |
| 4076 | }, |
| 4077 | }, |
| 4078 | }, |
| 4079 | }, |
| 4080 | ], |
| 4081 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 4082 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 4083 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 4084 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 4085 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 4086 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 4087 | "conditions": [ # A collection of conditions. |
| 4088 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 4089 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 4090 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4091 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4092 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4093 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4094 | }, |
| 4095 | "dayOfWeekValue": "A String", # day of week |
| 4096 | "integerValue": "A String", # integer |
| 4097 | "booleanValue": True or False, # boolean |
| 4098 | "stringValue": "A String", # string |
| 4099 | "floatValue": 3.14, # float |
| 4100 | "timestampValue": "A String", # timestamp |
| 4101 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4102 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4103 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4104 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4105 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4106 | }, |
| 4107 | }, |
| 4108 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 4109 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 4110 | "name": "A String", # Name describing the field. |
| 4111 | }, |
| 4112 | }, |
| 4113 | ], |
| 4114 | }, |
| 4115 | }, |
| 4116 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4117 | }, |
| 4118 | ], |
| 4119 | }, |
| 4120 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4121 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4122 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4123 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4124 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 4125 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4126 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4127 | } |
| 4128 | |
| 4129 | x__xgafv: string, V1 error format. |
| 4130 | Allowed values |
| 4131 | 1 - v1 error format |
| 4132 | 2 - v2 error format |
| 4133 | |
| 4134 | Returns: |
| 4135 | An object of the form: |
| 4136 | |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4137 | { # DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. |
| 4138 | "deidentifyConfig": { # The configuration that controls how the data will change. # ///////////// // The core content of the template // /////////////// |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4139 | "transformationErrorHandling": { # How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`. # Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`. |
| 4140 | "leaveUntransformed": { # Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response. # Ignore errors |
| 4141 | }, |
| 4142 | "throwError": { # Throw an error and fail the request when a transformation error occurs. # Throw an error |
| 4143 | }, |
| 4144 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4145 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the dataset as free-form text and apply the same free text transformation everywhere. |
| 4146 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 4147 | { # A transformation to apply to text that is identified as a specific info_type. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4148 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4149 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 4150 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4151 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4152 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4153 | }, |
| 4154 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4155 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4156 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4157 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4158 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4159 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4160 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4161 | }, |
| 4162 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 4163 | "name": "A String", # Name describing the field. |
| 4164 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4165 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 4166 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4167 | }, |
| 4168 | }, |
| 4169 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 4170 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 4171 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 4172 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 4173 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4174 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4175 | ], |
| 4176 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 4177 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 4178 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 4179 | }, |
| 4180 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 4181 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4182 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4183 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4184 | }, |
| 4185 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4186 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4187 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4188 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4189 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4190 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4191 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4192 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4193 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4194 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 4195 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 4196 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4197 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4198 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 4199 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4200 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4201 | }, |
| 4202 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4203 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4204 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4205 | }, |
| 4206 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4207 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4208 | }, |
| 4209 | }, |
| 4210 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 4211 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 4212 | }, |
| 4213 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 4214 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 4215 | { # Bucket is represented as a range, along with replacement values. |
| 4216 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 4217 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4218 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4219 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4220 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4221 | }, |
| 4222 | "dayOfWeekValue": "A String", # day of week |
| 4223 | "integerValue": "A String", # integer |
| 4224 | "booleanValue": True or False, # boolean |
| 4225 | "stringValue": "A String", # string |
| 4226 | "floatValue": 3.14, # float |
| 4227 | "timestampValue": "A String", # timestamp |
| 4228 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4229 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4230 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4231 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4232 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4233 | }, |
| 4234 | }, |
| 4235 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 4236 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4237 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4238 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4239 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4240 | }, |
| 4241 | "dayOfWeekValue": "A String", # day of week |
| 4242 | "integerValue": "A String", # integer |
| 4243 | "booleanValue": True or False, # boolean |
| 4244 | "stringValue": "A String", # string |
| 4245 | "floatValue": 3.14, # float |
| 4246 | "timestampValue": "A String", # timestamp |
| 4247 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4248 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4249 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4250 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4251 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4252 | }, |
| 4253 | }, |
| 4254 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 4255 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4256 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4257 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4258 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4259 | }, |
| 4260 | "dayOfWeekValue": "A String", # day of week |
| 4261 | "integerValue": "A String", # integer |
| 4262 | "booleanValue": True or False, # boolean |
| 4263 | "stringValue": "A String", # string |
| 4264 | "floatValue": 3.14, # float |
| 4265 | "timestampValue": "A String", # timestamp |
| 4266 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4267 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4268 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4269 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4270 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4271 | }, |
| 4272 | }, |
| 4273 | }, |
| 4274 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4275 | }, |
| 4276 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4277 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 4278 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 4279 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4280 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4281 | }, |
| 4282 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4283 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4284 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4285 | }, |
| 4286 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4287 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4288 | }, |
| 4289 | }, |
| 4290 | "commonAlphabet": "A String", # Common alphabets. |
| 4291 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4292 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 4293 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4294 | }, |
| 4295 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 4296 | "name": "A String", # Name describing the field. |
| 4297 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4298 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4299 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 4300 | "partToExtract": "A String", # The part of the time to keep. |
| 4301 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4302 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 4303 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4304 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 4305 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4306 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4307 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4308 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4309 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4310 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4311 | }, |
| 4312 | "dayOfWeekValue": "A String", # day of week |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4313 | "integerValue": "A String", # integer |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4314 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4315 | "stringValue": "A String", # string |
| 4316 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4317 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4318 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4319 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4320 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4321 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4322 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4323 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4324 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4325 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 4326 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4327 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4328 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4329 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4330 | }, |
| 4331 | "dayOfWeekValue": "A String", # day of week |
| 4332 | "integerValue": "A String", # integer |
| 4333 | "booleanValue": True or False, # boolean |
| 4334 | "stringValue": "A String", # string |
| 4335 | "floatValue": 3.14, # float |
| 4336 | "timestampValue": "A String", # timestamp |
| 4337 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4338 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4339 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4340 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4341 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4342 | }, |
| 4343 | }, |
| 4344 | }, |
| 4345 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 4346 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 4347 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4348 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4349 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4350 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4351 | }, |
| 4352 | "dayOfWeekValue": "A String", # day of week |
| 4353 | "integerValue": "A String", # integer |
| 4354 | "booleanValue": True or False, # boolean |
| 4355 | "stringValue": "A String", # string |
| 4356 | "floatValue": 3.14, # float |
| 4357 | "timestampValue": "A String", # timestamp |
| 4358 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4359 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4360 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4361 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4362 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4363 | }, |
| 4364 | }, |
| 4365 | }, |
| 4366 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4367 | }, |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4368 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4369 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 4370 | { # Type of information detected by the API. |
| 4371 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4372 | }, |
| 4373 | ], |
| Bu Sun Kim | 4ed7d3f | 2020-05-27 12:20:54 -0700 | [diff] [blame] | 4374 | }, |
| 4375 | ], |
| 4376 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4377 | "recordTransformations": { # A type of transformation that is applied over structured data such as a table. # Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4378 | "fieldTransformations": [ # Transform the record by applying various field transformations. |
| 4379 | { # The transformation to apply to the field. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4380 | "fields": [ # Required. Input field(s) to apply the transformation to. |
| 4381 | { # General identifier of a data field in a storage service. |
| 4382 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4383 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4384 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4385 | "infoTypeTransformations": { # A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type. # Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`. |
| 4386 | "transformations": [ # Required. Transformation for each infoType. Cannot specify more than one for a given infoType. |
| 4387 | { # A transformation to apply to text that is identified as a specific info_type. |
| 4388 | "primitiveTransformation": { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4389 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 4390 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4391 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4392 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4393 | }, |
| 4394 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4395 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4396 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4397 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4398 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4399 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4400 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4401 | }, |
| 4402 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 4403 | "name": "A String", # Name describing the field. |
| 4404 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4405 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 4406 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4407 | }, |
| 4408 | }, |
| 4409 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 4410 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 4411 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 4412 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 4413 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4414 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4415 | ], |
| 4416 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 4417 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 4418 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 4419 | }, |
| 4420 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 4421 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4422 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4423 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4424 | }, |
| 4425 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4426 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4427 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4428 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4429 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4430 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4431 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4432 | }, |
| 4433 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4434 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 4435 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 4436 | "name": "A String", # Name describing the field. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4437 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4438 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 4439 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4440 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4441 | }, |
| 4442 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4443 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4444 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4445 | }, |
| 4446 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4447 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4448 | }, |
| 4449 | }, |
| 4450 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 4451 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 4452 | }, |
| 4453 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 4454 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 4455 | { # Bucket is represented as a range, along with replacement values. |
| 4456 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 4457 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4458 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4459 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4460 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4461 | }, |
| 4462 | "dayOfWeekValue": "A String", # day of week |
| 4463 | "integerValue": "A String", # integer |
| 4464 | "booleanValue": True or False, # boolean |
| 4465 | "stringValue": "A String", # string |
| 4466 | "floatValue": 3.14, # float |
| 4467 | "timestampValue": "A String", # timestamp |
| 4468 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4469 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4470 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4471 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4472 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4473 | }, |
| 4474 | }, |
| 4475 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 4476 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4477 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4478 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4479 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4480 | }, |
| 4481 | "dayOfWeekValue": "A String", # day of week |
| 4482 | "integerValue": "A String", # integer |
| 4483 | "booleanValue": True or False, # boolean |
| 4484 | "stringValue": "A String", # string |
| 4485 | "floatValue": 3.14, # float |
| 4486 | "timestampValue": "A String", # timestamp |
| 4487 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4488 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4489 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4490 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4491 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4492 | }, |
| 4493 | }, |
| 4494 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 4495 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4496 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4497 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4498 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4499 | }, |
| 4500 | "dayOfWeekValue": "A String", # day of week |
| 4501 | "integerValue": "A String", # integer |
| 4502 | "booleanValue": True or False, # boolean |
| 4503 | "stringValue": "A String", # string |
| 4504 | "floatValue": 3.14, # float |
| 4505 | "timestampValue": "A String", # timestamp |
| 4506 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4507 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4508 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4509 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4510 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4511 | }, |
| 4512 | }, |
| 4513 | }, |
| 4514 | ], |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4515 | }, |
| 4516 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4517 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 4518 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 4519 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4520 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4521 | }, |
| 4522 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4523 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4524 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4525 | }, |
| 4526 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4527 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4528 | }, |
| 4529 | }, |
| 4530 | "commonAlphabet": "A String", # Common alphabets. |
| 4531 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4532 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 4533 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4534 | }, |
| 4535 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 4536 | "name": "A String", # Name describing the field. |
| 4537 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4538 | }, |
| 4539 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 4540 | "partToExtract": "A String", # The part of the time to keep. |
| 4541 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4542 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 4543 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4544 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 4545 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4546 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4547 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4548 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4549 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4550 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4551 | }, |
| 4552 | "dayOfWeekValue": "A String", # day of week |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4553 | "integerValue": "A String", # integer |
| 4554 | "booleanValue": True or False, # boolean |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4555 | "stringValue": "A String", # string |
| 4556 | "floatValue": 3.14, # float |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4557 | "timestampValue": "A String", # timestamp |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4558 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4559 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4560 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4561 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4562 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4563 | }, |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4564 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4565 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 4566 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4567 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4568 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4569 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4570 | }, |
| 4571 | "dayOfWeekValue": "A String", # day of week |
| 4572 | "integerValue": "A String", # integer |
| 4573 | "booleanValue": True or False, # boolean |
| 4574 | "stringValue": "A String", # string |
| 4575 | "floatValue": 3.14, # float |
| 4576 | "timestampValue": "A String", # timestamp |
| 4577 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4578 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4579 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4580 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4581 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4582 | }, |
| 4583 | }, |
| 4584 | }, |
| 4585 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 4586 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 4587 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4588 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4589 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4590 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4591 | }, |
| 4592 | "dayOfWeekValue": "A String", # day of week |
| 4593 | "integerValue": "A String", # integer |
| 4594 | "booleanValue": True or False, # boolean |
| 4595 | "stringValue": "A String", # string |
| 4596 | "floatValue": 3.14, # float |
| 4597 | "timestampValue": "A String", # timestamp |
| 4598 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4599 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4600 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4601 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4602 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4603 | }, |
| 4604 | }, |
| 4605 | }, |
| 4606 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4607 | }, |
| 4608 | }, |
| 4609 | "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`. |
| 4610 | { # Type of information detected by the API. |
| 4611 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4612 | }, |
| 4613 | ], |
| 4614 | }, |
| 4615 | ], |
| 4616 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4617 | "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. |
| 4618 | "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. # Deterministic Crypto |
| 4619 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. |
| 4620 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4621 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4622 | }, |
| 4623 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4624 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4625 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4626 | }, |
| 4627 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4628 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4629 | }, |
| 4630 | }, |
| 4631 | "context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. |
| 4632 | "name": "A String", # Name describing the field. |
| 4633 | }, |
| 4634 | "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE. |
| 4635 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4636 | }, |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4637 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4638 | "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. # Mask |
| 4639 | "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. |
| 4640 | { # Characters to skip when doing deidentification of a value. These will be left alone and skipped. |
| 4641 | "commonCharactersToIgnore": "A String", # Common characters to not transform when masking. Useful to avoid removing punctuation. |
| 4642 | "charactersToSkip": "A String", # Characters to not transform when masking. |
| 4643 | }, |
| 4644 | ], |
| 4645 | "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. |
| 4646 | "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. |
| 4647 | "maskingCharacter": "A String", # Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. |
| 4648 | }, |
| 4649 | "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. # Crypto |
| 4650 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the hash function. |
| 4651 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4652 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4653 | }, |
| 4654 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4655 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4656 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4657 | }, |
| 4658 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4659 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4660 | }, |
| 4661 | }, |
| 4662 | }, |
| 4663 | "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. # Date Shift |
| 4664 | "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context. |
| 4665 | "name": "A String", # Name describing the field. |
| 4666 | }, |
| 4667 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items. |
| 4668 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4669 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4670 | }, |
| 4671 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4672 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4673 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4674 | }, |
| 4675 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4676 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4677 | }, |
| 4678 | }, |
| 4679 | "lowerBoundDays": 42, # Required. For example, -5 means shift date to at most 5 days back in the past. |
| 4680 | "upperBoundDays": 42, # Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. |
| 4681 | }, |
| 4682 | "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Bucketing |
| 4683 | "buckets": [ # Set of buckets. Ranges must be non-overlapping. |
| 4684 | { # Bucket is represented as a range, along with replacement values. |
| 4685 | "replacementValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Replacement value for this bucket. |
| 4686 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4687 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4688 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4689 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4690 | }, |
| 4691 | "dayOfWeekValue": "A String", # day of week |
| 4692 | "integerValue": "A String", # integer |
| 4693 | "booleanValue": True or False, # boolean |
| 4694 | "stringValue": "A String", # string |
| 4695 | "floatValue": 3.14, # float |
| 4696 | "timestampValue": "A String", # timestamp |
| 4697 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4698 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4699 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4700 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4701 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4702 | }, |
| 4703 | }, |
| 4704 | "min": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Lower bound of the range, inclusive. Type should be the same as max if used. |
| 4705 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4706 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4707 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4708 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4709 | }, |
| 4710 | "dayOfWeekValue": "A String", # day of week |
| 4711 | "integerValue": "A String", # integer |
| 4712 | "booleanValue": True or False, # boolean |
| 4713 | "stringValue": "A String", # string |
| 4714 | "floatValue": 3.14, # float |
| 4715 | "timestampValue": "A String", # timestamp |
| 4716 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4717 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4718 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4719 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4720 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4721 | }, |
| 4722 | }, |
| 4723 | "max": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Upper bound of the range, exclusive; type must match min. |
| 4724 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4725 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4726 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4727 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4728 | }, |
| 4729 | "dayOfWeekValue": "A String", # day of week |
| 4730 | "integerValue": "A String", # integer |
| 4731 | "booleanValue": True or False, # boolean |
| 4732 | "stringValue": "A String", # string |
| 4733 | "floatValue": 3.14, # float |
| 4734 | "timestampValue": "A String", # timestamp |
| 4735 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4736 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4737 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4738 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4739 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4740 | }, |
| 4741 | }, |
| 4742 | }, |
| 4743 | ], |
| 4744 | }, |
| 4745 | "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. # Ffx-Fpe |
| 4746 | "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ |
| 4747 | "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # Required. The key used by the encryption algorithm. |
| 4748 | "transient": { # Use this to have a random data crypto key generated. It will be discarded after the request finishes. # Transient crypto key |
| 4749 | "name": "A String", # Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). |
| 4750 | }, |
| 4751 | "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key |
| 4752 | "cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping. |
| 4753 | "wrappedKey": "A String", # Required. The wrapped data crypto key. |
| 4754 | }, |
| 4755 | "unwrapped": { # Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. # Unwrapped crypto key |
| 4756 | "key": "A String", # Required. A 128/192/256 bit key. |
| 4757 | }, |
| 4758 | }, |
| 4759 | "commonAlphabet": "A String", # Common alphabets. |
| 4760 | "radix": 42, # The native way to select the alphabet. Must be in the range [2, 95]. |
| 4761 | "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE |
| 4762 | "name": "A String", # Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
| 4763 | }, |
| 4764 | "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 |
| 4765 | "name": "A String", # Name describing the field. |
| 4766 | }, |
| 4767 | }, |
| 4768 | "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value. # Time extraction |
| 4769 | "partToExtract": "A String", # The part of the time to keep. |
| 4770 | }, |
| 4771 | "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. # Replace with infotype |
| 4772 | }, |
| 4773 | "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. # Fixed size bucketing |
| 4774 | "bucketSize": 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. |
| 4775 | "upperBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value "89+". |
| 4776 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4777 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4778 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4779 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4780 | }, |
| 4781 | "dayOfWeekValue": "A String", # day of week |
| 4782 | "integerValue": "A String", # integer |
| 4783 | "booleanValue": True or False, # boolean |
| 4784 | "stringValue": "A String", # string |
| 4785 | "floatValue": 3.14, # float |
| 4786 | "timestampValue": "A String", # timestamp |
| 4787 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4788 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4789 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4790 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4791 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4792 | }, |
| 4793 | }, |
| 4794 | "lowerBound": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value "-10". |
| 4795 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4796 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4797 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4798 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4799 | }, |
| 4800 | "dayOfWeekValue": "A String", # day of week |
| 4801 | "integerValue": "A String", # integer |
| 4802 | "booleanValue": True or False, # boolean |
| 4803 | "stringValue": "A String", # string |
| 4804 | "floatValue": 3.14, # float |
| 4805 | "timestampValue": "A String", # timestamp |
| 4806 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4807 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4808 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4809 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4810 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4811 | }, |
| 4812 | }, |
| 4813 | }, |
| 4814 | "replaceConfig": { # Replace each input value with a given `Value`. # Replace |
| 4815 | "newValue": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to replace it with. |
| 4816 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4817 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4818 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4819 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4820 | }, |
| 4821 | "dayOfWeekValue": "A String", # day of week |
| 4822 | "integerValue": "A String", # integer |
| 4823 | "booleanValue": True or False, # boolean |
| 4824 | "stringValue": "A String", # string |
| 4825 | "floatValue": 3.14, # float |
| 4826 | "timestampValue": "A String", # timestamp |
| 4827 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4828 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4829 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4830 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4831 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4832 | }, |
| 4833 | }, |
| 4834 | }, |
| 4835 | "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. # Redact |
| 4836 | }, |
| 4837 | }, |
| 4838 | "condition": { # A condition for determining whether a transformation should be applied to a field. # Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85. |
| 4839 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 4840 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 4841 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 4842 | "conditions": [ # A collection of conditions. |
| 4843 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 4844 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 4845 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4846 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4847 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4848 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4849 | }, |
| 4850 | "dayOfWeekValue": "A String", # day of week |
| 4851 | "integerValue": "A String", # integer |
| 4852 | "booleanValue": True or False, # boolean |
| 4853 | "stringValue": "A String", # string |
| 4854 | "floatValue": 3.14, # float |
| 4855 | "timestampValue": "A String", # timestamp |
| 4856 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4857 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4858 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4859 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4860 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4861 | }, |
| 4862 | }, |
| 4863 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 4864 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 4865 | "name": "A String", # Name describing the field. |
| 4866 | }, |
| 4867 | }, |
| 4868 | ], |
| 4869 | }, |
| 4870 | }, |
| 4871 | }, |
| 4872 | }, |
| 4873 | ], |
| 4874 | "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. |
| 4875 | { # Configuration to suppress records whose suppression conditions evaluate to true. |
| 4876 | "condition": { # A condition for determining whether a transformation should be applied to a field. # A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. |
| 4877 | "expressions": { # An expression, consisting or an operator and conditions. # An expression. |
| 4878 | "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently only supported value is `AND`. |
| 4879 | "conditions": { # A collection of conditions. # Conditions to apply to the expression. |
| 4880 | "conditions": [ # A collection of conditions. |
| 4881 | { # The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. |
| 4882 | "value": { # Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data. # Value to compare against. [Mandatory, except for `EXISTS` tests.] |
| 4883 | "dateValue": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # date |
| 4884 | "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
| 4885 | "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
| 4886 | "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
| 4887 | }, |
| 4888 | "dayOfWeekValue": "A String", # day of week |
| 4889 | "integerValue": "A String", # integer |
| 4890 | "booleanValue": True or False, # boolean |
| 4891 | "stringValue": "A String", # string |
| 4892 | "floatValue": 3.14, # float |
| 4893 | "timestampValue": "A String", # timestamp |
| 4894 | "timeValue": { # Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`. # time of day |
| 4895 | "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. |
| 4896 | "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. |
| 4897 | "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. |
| 4898 | "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. |
| 4899 | }, |
| 4900 | }, |
| 4901 | "operator": "A String", # Required. Operator used to compare the field or infoType to the value. |
| 4902 | "field": { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against. |
| 4903 | "name": "A String", # Name describing the field. |
| 4904 | }, |
| 4905 | }, |
| 4906 | ], |
| 4907 | }, |
| 4908 | }, |
| 4909 | }, |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4910 | }, |
| 4911 | ], |
| 4912 | }, |
| 4913 | }, |
| Bu Sun Kim | 673ec5c | 2020-11-16 11:05:03 -0700 | [diff] [blame] | 4914 | "displayName": "A String", # Display name (max 256 chars). |
| Bu Sun Kim | d059ad8 | 2020-07-22 17:02:09 -0700 | [diff] [blame] | 4915 | "description": "A String", # Short description (max 256 chars). |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4916 | "updateTime": "A String", # Output only. The last update timestamp of an inspectTemplate. |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 4917 | "createTime": "A String", # Output only. The creation timestamp of an inspectTemplate. |
| 4918 | "name": "A String", # Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 4919 | }</pre> |
| 4920 | </div> |
| 4921 | |
| 4922 | </body></html> |