blob: ef68831ab57f3e18510f1f7a8f1717d4cdf090db [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.deidentifyTemplates.html">deidentifyTemplates</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070078 <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070079<p class="firstline">Creates a DeidentifyTemplate for re-using frequently used configuration</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes a DeidentifyTemplate.</p>
83<p class="toc_element">
84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
85<p class="firstline">Gets a DeidentifyTemplate.</p>
86<p class="toc_element">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070087 <code><a href="#list">list(parent, orderBy=None, pageToken=None, locationId=None, pageSize=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070088<p class="firstline">Lists DeidentifyTemplates.</p>
89<p class="toc_element">
90 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
91<p class="firstline">Retrieves the next page of results.</p>
92<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070093 <code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070094<p class="firstline">Updates the DeidentifyTemplate.</p>
95<h3>Method Details</h3>
96<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -070097 <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070098 <pre>Creates a DeidentifyTemplate for re-using frequently used configuration
99for de-identifying content, images, and storage.
100See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
101more.
102
103Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700104 parent: string, Required. The parent resource name, for example projects/my-project-id or
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700105organizations/my-org-id. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700106 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700107 The object takes the form of:
108
109{ # Request message for CreateDeidentifyTemplate.
Bu Sun Kim65020912020-05-20 12:08:20 -0700110 &quot;templateId&quot;: &quot;A String&quot;, # The template id can contain uppercase and lowercase letters,
111 # numbers, and hyphens; that is, it must match the regular
112 # expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
113 # characters. Can be empty to allow the system to generate one.
114 &quot;deidentifyTemplate&quot;: { # DeidentifyTemplates contains instructions on how to de-identify content. # Required. The DeidentifyTemplate to create.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700115 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -0700116 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
117 #
118 # The template will have one of the following formats:
119 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
120 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
121 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
122 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
123 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
124 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
125 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700126 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
127 # transformation everywhere.
128 # apply various `PrimitiveTransformation`s to each finding, where the
129 # transformation is applied to only values that were identified as a specific
130 # info_type.
131 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
132 # for a given infoType.
133 { # A transformation to apply to text that is identified as a specific
134 # info_type.
135 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
136 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
137 # portion of the value.
138 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
139 },
140 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
141 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
142 # to learn more.
143 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
144 # If set, must also set cryptoKey. If set, shift will be consistent for the
145 # given context.
146 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
147 },
148 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
149 # range (inclusive ends). Negative means shift to earlier in time. Must not
150 # be more than 365250 days (1000 years) each direction.
151 #
152 # For example, 3 means shift date to at most 3 days into the future.
153 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
154 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
155 # results in the same shift for the same context and crypto_key. If
156 # set, must also set context. Can only be applied to table items.
157 # a key encryption key (KEK) stored by KMS).
158 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
159 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
160 # unwrap the data crypto key.
161 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
162 # leaking the key. Choose another type of key if possible.
163 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
164 },
165 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
166 # It will be discarded after the request finishes.
167 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
168 # This is an arbitrary string used to differentiate different keys.
169 # A unique key is generated per name: two separate `TransientCryptoKey`
170 # protos share the same generated key if their names are the same.
171 # When the data crypto key is generated, this name is not used in any way
172 # (repeating the api call will result in a different key being generated).
173 },
174 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
175 # The wrapped key must be a 128/192/256 bit key.
176 # Authorization requires the following IAM permissions when sending a request
177 # to perform a crypto transformation using a kms-wrapped crypto key:
178 # dlp.kms.encrypt
179 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
180 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
181 },
182 },
183 },
184 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
185 },
186 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
187 # Uses SHA-256.
188 # The key size must be either 32 or 64 bytes.
189 # Outputs a base64 encoded representation of the hashed output
190 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
191 # Currently, only string and integer values can be hashed.
192 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
193 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
194 # a key encryption key (KEK) stored by KMS).
195 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
196 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
197 # unwrap the data crypto key.
198 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
199 # leaking the key. Choose another type of key if possible.
200 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
201 },
202 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
203 # It will be discarded after the request finishes.
204 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
205 # This is an arbitrary string used to differentiate different keys.
206 # A unique key is generated per name: two separate `TransientCryptoKey`
207 # protos share the same generated key if their names are the same.
208 # When the data crypto key is generated, this name is not used in any way
209 # (repeating the api call will result in a different key being generated).
210 },
211 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
212 # The wrapped key must be a 128/192/256 bit key.
213 # Authorization requires the following IAM permissions when sending a request
214 # to perform a crypto transformation using a kms-wrapped crypto key:
215 # dlp.kms.encrypt
216 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
217 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
218 },
219 },
220 },
221 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
222 # (FPE) with the FFX mode of operation; however when used in the
223 # `ReidentifyContent` API method, it serves the opposite function by reversing
224 # the surrogate back into the original identifier. The identifier must be
225 # encoded as ASCII. For a given crypto key and context, the same identifier
226 # will be replaced with the same surrogate. Identifiers must be at least two
227 # characters long. In the case that the identifier is the empty string, it will
228 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
229 # more.
230 #
231 # Note: We recommend using CryptoDeterministicConfig for all use cases which
232 # do not require preserving the input alphabet space and size, plus warrant
233 # referential integrity.
234 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
235 # This annotation will be applied to the surrogate by prefixing it with
236 # the name of the custom infoType followed by the number of
237 # characters comprising the surrogate. The following scheme defines the
238 # format: info_type_name(surrogate_character_count):surrogate
239 #
240 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
241 # the surrogate is &#x27;abc&#x27;, the full replacement value
242 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
243 #
244 # This annotation identifies the surrogate when inspecting content using the
245 # custom infoType
246 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
247 # This facilitates reversal of the surrogate when it occurs in free text.
248 #
249 # In order for inspection to work properly, the name of this infoType must
250 # not occur naturally anywhere in your data; otherwise, inspection may
251 # find a surrogate that does not correspond to an actual identifier.
252 # Therefore, choose your custom infoType name carefully after considering
253 # what your data looks like. One way to select a name that has a high chance
254 # of yielding reliable detection is to include one or more unicode characters
255 # that are highly improbable to exist in your data.
256 # For example, assuming your data is entered from a regular ASCII keyboard,
257 # the symbol with the hex code point 29DD might be used like so:
258 # ⧝MY_TOKEN_TYPE
259 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
260 # creating a CustomInfoType, or one of the names listed
261 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
262 # a built-in type. InfoType names should conform to the pattern
263 # `[a-zA-Z0-9_]{1,64}`.
264 },
265 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
266 # identifier in two different contexts won&#x27;t be given the same surrogate. If
267 # the context is not set, a default tweak will be used.
268 #
269 # If the context is set but:
270 #
271 # 1. there is no record present when transforming a given value or
272 # 1. the field is not present when transforming a given value,
273 #
274 # a default tweak will be used.
275 #
276 # Note that case (1) is expected when an `InfoTypeTransformation` is
277 # applied to both structured and non-structured `ContentItem`s.
278 # Currently, the referenced field may be of value type integer or string.
279 #
280 # The tweak is constructed as a sequence of bytes in big endian byte order
281 # such that:
282 #
283 # - a 64 bit integer is encoded followed by a single byte of value 1
284 # - a string is encoded in UTF-8 format followed by a single byte of value 2
285 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
286 },
287 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
288 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
289 # a key encryption key (KEK) stored by KMS).
290 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
291 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
292 # unwrap the data crypto key.
293 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
294 # leaking the key. Choose another type of key if possible.
295 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
296 },
297 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
298 # It will be discarded after the request finishes.
299 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
300 # This is an arbitrary string used to differentiate different keys.
301 # A unique key is generated per name: two separate `TransientCryptoKey`
302 # protos share the same generated key if their names are the same.
303 # When the data crypto key is generated, this name is not used in any way
304 # (repeating the api call will result in a different key being generated).
305 },
306 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
307 # The wrapped key must be a 128/192/256 bit key.
308 # Authorization requires the following IAM permissions when sending a request
309 # to perform a crypto transformation using a kms-wrapped crypto key:
310 # dlp.kms.encrypt
311 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
312 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
313 },
314 },
315 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
316 # that the FFX mode natively supports. This happens before/after
317 # encryption/decryption.
318 # Each character listed must appear only once.
319 # Number of characters must be in the range [2, 95].
320 # This must be encoded as ASCII.
321 # The order of characters does not matter.
322 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
323 },
324 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
325 # input. Outputs a base64 encoded representation of the encrypted output.
326 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
327 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
328 # This annotation will be applied to the surrogate by prefixing it with
329 # the name of the custom info type followed by the number of
330 # characters comprising the surrogate. The following scheme defines the
331 # format: {info type name}({surrogate character count}):{surrogate}
332 #
333 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
334 # the surrogate is &#x27;abc&#x27;, the full replacement value
335 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
336 #
337 # This annotation identifies the surrogate when inspecting content using the
338 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
339 # surrogate when it occurs in free text.
340 #
341 # Note: For record transformations where the entire cell in a table is being
342 # transformed, surrogates are not mandatory. Surrogates are used to denote
343 # the location of the token and are necessary for re-identification in free
344 # form text.
345 #
346 # In order for inspection to work properly, the name of this info type must
347 # not occur naturally anywhere in your data; otherwise, inspection may either
348 #
349 # - reverse a surrogate that does not correspond to an actual identifier
350 # - be unable to parse the surrogate and result in an error
351 #
352 # Therefore, choose your custom info type name carefully after considering
353 # what your data looks like. One way to select a name that has a high chance
354 # of yielding reliable detection is to include one or more unicode characters
355 # that are highly improbable to exist in your data.
356 # For example, assuming your data is entered from a regular ASCII keyboard,
357 # the symbol with the hex code point 29DD might be used like so:
358 # ⧝MY_TOKEN_TYPE.
359 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
360 # creating a CustomInfoType, or one of the names listed
361 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
362 # a built-in type. InfoType names should conform to the pattern
363 # `[a-zA-Z0-9_]{1,64}`.
364 },
365 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
366 # referential integrity such that the same identifier in two different
367 # contexts will be given a distinct surrogate. The context is appended to
368 # plaintext value being encrypted. On decryption the provided context is
369 # validated against the value used during encryption. If a context was
370 # provided during encryption, same context must be provided during decryption
371 # as well.
372 #
373 # If the context is not set, plaintext would be used as is for encryption.
374 # If the context is set but:
375 #
376 # 1. there is no record present when transforming a given value or
377 # 2. the field is not present when transforming a given value,
378 #
379 # plaintext would be used as is for encryption.
380 #
381 # Note that case (1) is expected when an `InfoTypeTransformation` is
382 # applied to both structured and non-structured `ContentItem`s.
383 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
384 },
385 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
386 # a key encryption key (KEK) stored by KMS).
387 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
388 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
389 # unwrap the data crypto key.
390 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
391 # leaking the key. Choose another type of key if possible.
392 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
393 },
394 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
395 # It will be discarded after the request finishes.
396 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
397 # This is an arbitrary string used to differentiate different keys.
398 # A unique key is generated per name: two separate `TransientCryptoKey`
399 # protos share the same generated key if their names are the same.
400 # When the data crypto key is generated, this name is not used in any way
401 # (repeating the api call will result in a different key being generated).
402 },
403 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
404 # The wrapped key must be a 128/192/256 bit key.
405 # Authorization requires the following IAM permissions when sending a request
406 # to perform a crypto transformation using a kms-wrapped crypto key:
407 # dlp.kms.encrypt
408 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
409 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
410 },
411 },
412 },
413 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
414 # replacement values are dynamically provided by the user for custom behavior,
415 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
416 # This can be used on
417 # data of type: number, long, string, timestamp.
418 # If the bound `Value` type differs from the type of data being transformed, we
419 # will first attempt converting the type of the data to be transformed to match
420 # the type of the bound before comparing.
421 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
422 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
423 { # Bucket is represented as a range, along with replacement values.
424 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
425 # the default behavior will be to hyphenate the min-max range.
426 # Note that for the purposes of inspection or transformation, the number
427 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
428 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
429 # 123456789, the number of bytes would be counted as 9, even though an
430 # int64 only holds up to 8 bytes of data.
431 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
432 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
433 # and time zone are either specified elsewhere or are not significant. The date
434 # is relative to the Proleptic Gregorian Calendar. This can represent:
435 #
436 # * A full date, with non-zero year, month and day values
437 # * A month and day value, with a zero year, e.g. an anniversary
438 # * A year on its own, with zero month and day values
439 # * A year and month value, with a zero day, e.g. a credit card expiration date
440 #
441 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
442 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
443 # a year.
444 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
445 # month and day.
446 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
447 # if specifying a year by itself or a year and month where the day is not
448 # significant.
449 },
450 &quot;stringValue&quot;: &quot;A String&quot;, # string
451 &quot;integerValue&quot;: &quot;A String&quot;, # integer
452 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
453 # or are specified elsewhere. An API may choose to allow leap seconds. Related
454 # types are google.type.Date and `google.protobuf.Timestamp`.
455 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
456 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
457 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
458 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
459 # allow the value 60 if it allows leap-seconds.
460 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
461 },
462 &quot;booleanValue&quot;: True or False, # boolean
463 &quot;floatValue&quot;: 3.14, # float
464 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
465 },
466 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
467 # used.
468 # Note that for the purposes of inspection or transformation, the number
469 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
470 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
471 # 123456789, the number of bytes would be counted as 9, even though an
472 # int64 only holds up to 8 bytes of data.
473 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
474 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
475 # and time zone are either specified elsewhere or are not significant. The date
476 # is relative to the Proleptic Gregorian Calendar. This can represent:
477 #
478 # * A full date, with non-zero year, month and day values
479 # * A month and day value, with a zero year, e.g. an anniversary
480 # * A year on its own, with zero month and day values
481 # * A year and month value, with a zero day, e.g. a credit card expiration date
482 #
483 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
484 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
485 # a year.
486 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
487 # month and day.
488 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
489 # if specifying a year by itself or a year and month where the day is not
490 # significant.
491 },
492 &quot;stringValue&quot;: &quot;A String&quot;, # string
493 &quot;integerValue&quot;: &quot;A String&quot;, # integer
494 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
495 # or are specified elsewhere. An API may choose to allow leap seconds. Related
496 # types are google.type.Date and `google.protobuf.Timestamp`.
497 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
498 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
499 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
500 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
501 # allow the value 60 if it allows leap-seconds.
502 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
503 },
504 &quot;booleanValue&quot;: True or False, # boolean
505 &quot;floatValue&quot;: 3.14, # float
506 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
507 },
508 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
509 # Note that for the purposes of inspection or transformation, the number
510 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
511 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
512 # 123456789, the number of bytes would be counted as 9, even though an
513 # int64 only holds up to 8 bytes of data.
514 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
515 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
516 # and time zone are either specified elsewhere or are not significant. The date
517 # is relative to the Proleptic Gregorian Calendar. This can represent:
518 #
519 # * A full date, with non-zero year, month and day values
520 # * A month and day value, with a zero year, e.g. an anniversary
521 # * A year on its own, with zero month and day values
522 # * A year and month value, with a zero day, e.g. a credit card expiration date
523 #
524 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
525 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
526 # a year.
527 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
528 # month and day.
529 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
530 # if specifying a year by itself or a year and month where the day is not
531 # significant.
532 },
533 &quot;stringValue&quot;: &quot;A String&quot;, # string
534 &quot;integerValue&quot;: &quot;A String&quot;, # integer
535 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
536 # or are specified elsewhere. An API may choose to allow leap seconds. Related
537 # types are google.type.Date and `google.protobuf.Timestamp`.
538 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
539 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
540 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
541 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
542 # allow the value 60 if it allows leap-seconds.
543 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
544 },
545 &quot;booleanValue&quot;: True or False, # boolean
546 &quot;floatValue&quot;: 3.14, # float
547 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
548 },
549 },
550 ],
551 },
552 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
553 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
554 # output would be &#x27;My phone number is &#x27;.
555 },
556 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
557 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
558 # Note that for the purposes of inspection or transformation, the number
559 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
560 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
561 # 123456789, the number of bytes would be counted as 9, even though an
562 # int64 only holds up to 8 bytes of data.
563 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
564 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
565 # and time zone are either specified elsewhere or are not significant. The date
566 # is relative to the Proleptic Gregorian Calendar. This can represent:
567 #
568 # * A full date, with non-zero year, month and day values
569 # * A month and day value, with a zero year, e.g. an anniversary
570 # * A year on its own, with zero month and day values
571 # * A year and month value, with a zero day, e.g. a credit card expiration date
572 #
573 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
574 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
575 # a year.
576 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
577 # month and day.
578 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
579 # if specifying a year by itself or a year and month where the day is not
580 # significant.
581 },
582 &quot;stringValue&quot;: &quot;A String&quot;, # string
583 &quot;integerValue&quot;: &quot;A String&quot;, # integer
584 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
585 # or are specified elsewhere. An API may choose to allow leap seconds. Related
586 # types are google.type.Date and `google.protobuf.Timestamp`.
587 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
588 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
589 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
590 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
591 # allow the value 60 if it allows leap-seconds.
592 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
593 },
594 &quot;booleanValue&quot;: True or False, # boolean
595 &quot;floatValue&quot;: 3.14, # float
596 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
597 },
598 },
599 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
600 # Bucketing transformation can provide all of this functionality,
601 # but requires more configuration. This message is provided as a convenience to
602 # the user for simple bucketing strategies.
603 #
604 # The transformed value will be a hyphenated string of
605 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
606 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
607 #
608 # This can be used on data of type: double, long.
609 #
610 # If the bound Value type differs from the type of data
611 # being transformed, we will first attempt converting the type of the data to
612 # be transformed to match the type of the bound before comparing.
613 #
614 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
615 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
616 # grouped together into a single bucket; for example if `upper_bound` = 89,
617 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
618 # Note that for the purposes of inspection or transformation, the number
619 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
620 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
621 # 123456789, the number of bytes would be counted as 9, even though an
622 # int64 only holds up to 8 bytes of data.
623 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
624 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
625 # and time zone are either specified elsewhere or are not significant. The date
626 # is relative to the Proleptic Gregorian Calendar. This can represent:
627 #
628 # * A full date, with non-zero year, month and day values
629 # * A month and day value, with a zero year, e.g. an anniversary
630 # * A year on its own, with zero month and day values
631 # * A year and month value, with a zero day, e.g. a credit card expiration date
632 #
633 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
634 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
635 # a year.
636 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
637 # month and day.
638 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
639 # if specifying a year by itself or a year and month where the day is not
640 # significant.
641 },
642 &quot;stringValue&quot;: &quot;A String&quot;, # string
643 &quot;integerValue&quot;: &quot;A String&quot;, # integer
644 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
645 # or are specified elsewhere. An API may choose to allow leap seconds. Related
646 # types are google.type.Date and `google.protobuf.Timestamp`.
647 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
648 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
649 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
650 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
651 # allow the value 60 if it allows leap-seconds.
652 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
653 },
654 &quot;booleanValue&quot;: True or False, # boolean
655 &quot;floatValue&quot;: 3.14, # float
656 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
657 },
658 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
659 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
660 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
661 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
662 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
663 # grouped together into a single bucket; for example if `lower_bound` = 10,
664 # then all values less than 10 are replaced with the value &quot;-10&quot;.
665 # Note that for the purposes of inspection or transformation, the number
666 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
667 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
668 # 123456789, the number of bytes would be counted as 9, even though an
669 # int64 only holds up to 8 bytes of data.
670 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
671 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
672 # and time zone are either specified elsewhere or are not significant. The date
673 # is relative to the Proleptic Gregorian Calendar. This can represent:
674 #
675 # * A full date, with non-zero year, month and day values
676 # * A month and day value, with a zero year, e.g. an anniversary
677 # * A year on its own, with zero month and day values
678 # * A year and month value, with a zero day, e.g. a credit card expiration date
679 #
680 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
681 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
682 # a year.
683 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
684 # month and day.
685 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
686 # if specifying a year by itself or a year and month where the day is not
687 # significant.
688 },
689 &quot;stringValue&quot;: &quot;A String&quot;, # string
690 &quot;integerValue&quot;: &quot;A String&quot;, # integer
691 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
692 # or are specified elsewhere. An API may choose to allow leap seconds. Related
693 # types are google.type.Date and `google.protobuf.Timestamp`.
694 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
695 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
696 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
697 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
698 # allow the value 60 if it allows leap-seconds.
699 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
700 },
701 &quot;booleanValue&quot;: True or False, # boolean
702 &quot;floatValue&quot;: 3.14, # float
703 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
704 },
705 },
706 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
707 # fixed character. Masking can start from the beginning or end of the string.
708 # This can be used on data of any type (numbers, longs, and so on) and when
709 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
710 # type. (This allows you to take a long like 123 and modify it to a string like
711 # **3.
712 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
713 # characters. For example, if the input string is `555-555-5555` and you
714 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
715 # returns `***-**5-5555`.
716 { # Characters to skip when doing deidentification of a value. These will be left
717 # alone and skipped.
718 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
719 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
720 # punctuation.
721 },
722 ],
723 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
724 # masked. Skipped characters do not count towards this tally.
725 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
726 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
727 # code or credit card number. This string must have a length of 1. If not
728 # supplied, this value defaults to `*` for strings, and `0` for digits.
729 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
730 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
731 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
732 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
733 # is `true`, then the string `12345` is masked as `12***`.
734 },
735 },
736 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
737 # this transformation to apply to all findings that correspond to
738 # infoTypes that were requested in `InspectConfig`.
739 { # Type of information detected by the API.
740 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
741 # creating a CustomInfoType, or one of the names listed
742 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
743 # a built-in type. InfoType names should conform to the pattern
744 # `[a-zA-Z0-9_]{1,64}`.
745 },
746 ],
747 },
748 ],
749 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700750 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
751 # mode is `TransformationErrorHandling.ThrowError`.
752 # transformation error occurs when the requested transformation is incompatible
753 # with the data. For example, trying to de-identify an IP address using a
754 # `DateShift` transformation would result in a transformation error, since date
755 # info cannot be extracted from an IP address.
756 # Information about any incompatible transformations, and how they were
757 # handled, is returned in the response as part of the
758 # `TransformationOverviews`.
759 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
760 },
761 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
762 # cause an error. For example, if a `DateShift` transformation were applied
763 # an an IP address, this mode would leave the IP address unchanged in the
764 # response.
765 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700766 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700767 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700768 # specific locations within structured datasets, such as transforming
769 # a column within a table.
770 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -0700771 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700772 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -0700773 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -0700774 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -0700775 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -0700776 },
777 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700778 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700779 # transform content that matches an `InfoType`.
780 # apply various `PrimitiveTransformation`s to each finding, where the
781 # transformation is applied to only values that were identified as a specific
782 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700783 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -0700784 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700785 { # A transformation to apply to text that is identified as a specific
786 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700787 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
788 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
789 # portion of the value.
790 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
791 },
792 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
793 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
794 # to learn more.
795 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
796 # If set, must also set cryptoKey. If set, shift will be consistent for the
797 # given context.
798 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
799 },
800 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
801 # range (inclusive ends). Negative means shift to earlier in time. Must not
802 # be more than 365250 days (1000 years) each direction.
803 #
804 # For example, 3 means shift date to at most 3 days into the future.
805 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
806 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
807 # results in the same shift for the same context and crypto_key. If
808 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700809 # a key encryption key (KEK) stored by KMS).
810 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
811 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
812 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -0700813 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700814 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -0700815 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700816 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700817 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700818 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -0700819 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700820 # This is an arbitrary string used to differentiate different keys.
821 # A unique key is generated per name: two separate `TransientCryptoKey`
822 # protos share the same generated key if their names are the same.
823 # When the data crypto key is generated, this name is not used in any way
824 # (repeating the api call will result in a different key being generated).
825 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700826 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
827 # The wrapped key must be a 128/192/256 bit key.
828 # Authorization requires the following IAM permissions when sending a request
829 # to perform a crypto transformation using a kms-wrapped crypto key:
830 # dlp.kms.encrypt
831 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
832 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
833 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700834 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700835 },
836 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
837 },
838 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
839 # Uses SHA-256.
840 # The key size must be either 32 or 64 bytes.
841 # Outputs a base64 encoded representation of the hashed output
842 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
843 # Currently, only string and integer values can be hashed.
844 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
845 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
846 # a key encryption key (KEK) stored by KMS).
847 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
848 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
849 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -0700850 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
851 # leaking the key. Choose another type of key if possible.
852 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
853 },
854 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
855 # It will be discarded after the request finishes.
856 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
857 # This is an arbitrary string used to differentiate different keys.
858 # A unique key is generated per name: two separate `TransientCryptoKey`
859 # protos share the same generated key if their names are the same.
860 # When the data crypto key is generated, this name is not used in any way
861 # (repeating the api call will result in a different key being generated).
862 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700863 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
864 # The wrapped key must be a 128/192/256 bit key.
865 # Authorization requires the following IAM permissions when sending a request
866 # to perform a crypto transformation using a kms-wrapped crypto key:
867 # dlp.kms.encrypt
868 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
869 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
870 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700871 },
872 },
873 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
874 # (FPE) with the FFX mode of operation; however when used in the
875 # `ReidentifyContent` API method, it serves the opposite function by reversing
876 # the surrogate back into the original identifier. The identifier must be
877 # encoded as ASCII. For a given crypto key and context, the same identifier
878 # will be replaced with the same surrogate. Identifiers must be at least two
879 # characters long. In the case that the identifier is the empty string, it will
880 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
881 # more.
882 #
883 # Note: We recommend using CryptoDeterministicConfig for all use cases which
884 # do not require preserving the input alphabet space and size, plus warrant
885 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -0700886 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
887 # This annotation will be applied to the surrogate by prefixing it with
888 # the name of the custom infoType followed by the number of
889 # characters comprising the surrogate. The following scheme defines the
890 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700891 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700892 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
893 # the surrogate is &#x27;abc&#x27;, the full replacement value
894 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
895 #
896 # This annotation identifies the surrogate when inspecting content using the
897 # custom infoType
898 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
899 # This facilitates reversal of the surrogate when it occurs in free text.
900 #
901 # In order for inspection to work properly, the name of this infoType must
902 # not occur naturally anywhere in your data; otherwise, inspection may
903 # find a surrogate that does not correspond to an actual identifier.
904 # Therefore, choose your custom infoType name carefully after considering
905 # what your data looks like. One way to select a name that has a high chance
906 # of yielding reliable detection is to include one or more unicode characters
907 # that are highly improbable to exist in your data.
908 # For example, assuming your data is entered from a regular ASCII keyboard,
909 # the symbol with the hex code point 29DD might be used like so:
910 # ⧝MY_TOKEN_TYPE
911 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
912 # creating a CustomInfoType, or one of the names listed
913 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
914 # a built-in type. InfoType names should conform to the pattern
915 # `[a-zA-Z0-9_]{1,64}`.
916 },
917 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
918 # identifier in two different contexts won&#x27;t be given the same surrogate. If
919 # the context is not set, a default tweak will be used.
920 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700921 # If the context is set but:
922 #
923 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -0700924 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700925 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700926 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700927 #
928 # Note that case (1) is expected when an `InfoTypeTransformation` is
929 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -0700930 # Currently, the referenced field may be of value type integer or string.
931 #
932 # The tweak is constructed as a sequence of bytes in big endian byte order
933 # such that:
934 #
935 # - a 64 bit integer is encoded followed by a single byte of value 1
936 # - a string is encoded in UTF-8 format followed by a single byte of value 2
937 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700938 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700939 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
940 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
941 # a key encryption key (KEK) stored by KMS).
942 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
943 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
944 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -0700945 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
946 # leaking the key. Choose another type of key if possible.
947 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
948 },
949 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
950 # It will be discarded after the request finishes.
951 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
952 # This is an arbitrary string used to differentiate different keys.
953 # A unique key is generated per name: two separate `TransientCryptoKey`
954 # protos share the same generated key if their names are the same.
955 # When the data crypto key is generated, this name is not used in any way
956 # (repeating the api call will result in a different key being generated).
957 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700958 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
959 # The wrapped key must be a 128/192/256 bit key.
960 # Authorization requires the following IAM permissions when sending a request
961 # to perform a crypto transformation using a kms-wrapped crypto key:
962 # dlp.kms.encrypt
963 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
964 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
965 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700966 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700967 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
968 # that the FFX mode natively supports. This happens before/after
969 # encryption/decryption.
970 # Each character listed must appear only once.
971 # Number of characters must be in the range [2, 95].
972 # This must be encoded as ASCII.
973 # The order of characters does not matter.
974 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -0700975 },
976 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
977 # input. Outputs a base64 encoded representation of the encrypted output.
978 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
979 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700980 # This annotation will be applied to the surrogate by prefixing it with
981 # the name of the custom info type followed by the number of
982 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -0700983 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700984 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700985 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
986 # the surrogate is &#x27;abc&#x27;, the full replacement value
987 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700988 #
989 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -0700990 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700991 # surrogate when it occurs in free text.
992 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700993 # Note: For record transformations where the entire cell in a table is being
994 # transformed, surrogates are not mandatory. Surrogates are used to denote
995 # the location of the token and are necessary for re-identification in free
996 # form text.
997 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700998 # In order for inspection to work properly, the name of this info type must
999 # not occur naturally anywhere in your data; otherwise, inspection may either
1000 #
1001 # - reverse a surrogate that does not correspond to an actual identifier
1002 # - be unable to parse the surrogate and result in an error
1003 #
1004 # Therefore, choose your custom info type name carefully after considering
1005 # what your data looks like. One way to select a name that has a high chance
1006 # of yielding reliable detection is to include one or more unicode characters
1007 # that are highly improbable to exist in your data.
1008 # For example, assuming your data is entered from a regular ASCII keyboard,
1009 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -07001010 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -07001011 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001012 # creating a CustomInfoType, or one of the names listed
1013 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1014 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -07001015 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001016 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001017 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
1018 # referential integrity such that the same identifier in two different
1019 # contexts will be given a distinct surrogate. The context is appended to
1020 # plaintext value being encrypted. On decryption the provided context is
1021 # validated against the value used during encryption. If a context was
1022 # provided during encryption, same context must be provided during decryption
1023 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001024 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001025 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001026 # If the context is set but:
1027 #
1028 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07001029 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001030 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001031 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001032 #
1033 # Note that case (1) is expected when an `InfoTypeTransformation` is
1034 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07001035 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001036 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001037 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
1038 # a key encryption key (KEK) stored by KMS).
1039 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1040 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1041 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07001042 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
1043 # leaking the key. Choose another type of key if possible.
1044 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1045 },
1046 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
1047 # It will be discarded after the request finishes.
1048 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
1049 # This is an arbitrary string used to differentiate different keys.
1050 # A unique key is generated per name: two separate `TransientCryptoKey`
1051 # protos share the same generated key if their names are the same.
1052 # When the data crypto key is generated, this name is not used in any way
1053 # (repeating the api call will result in a different key being generated).
1054 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001055 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
1056 # The wrapped key must be a 128/192/256 bit key.
1057 # Authorization requires the following IAM permissions when sending a request
1058 # to perform a crypto transformation using a kms-wrapped crypto key:
1059 # dlp.kms.encrypt
1060 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1061 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1062 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001063 },
1064 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001065 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -07001066 # replacement values are dynamically provided by the user for custom behavior,
1067 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
1068 # This can be used on
1069 # data of type: number, long, string, timestamp.
1070 # If the bound `Value` type differs from the type of data being transformed, we
1071 # will first attempt converting the type of the data to be transformed to match
1072 # the type of the bound before comparing.
1073 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07001074 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -07001075 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07001076 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
1077 # the default behavior will be to hyphenate the min-max range.
1078 # Note that for the purposes of inspection or transformation, the number
1079 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1080 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1081 # 123456789, the number of bytes would be counted as 9, even though an
1082 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001083 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1084 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1085 # and time zone are either specified elsewhere or are not significant. The date
1086 # is relative to the Proleptic Gregorian Calendar. This can represent:
1087 #
1088 # * A full date, with non-zero year, month and day values
1089 # * A month and day value, with a zero year, e.g. an anniversary
1090 # * A year on its own, with zero month and day values
1091 # * A year and month value, with a zero day, e.g. a credit card expiration date
1092 #
1093 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1094 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1095 # a year.
1096 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1097 # month and day.
1098 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1099 # if specifying a year by itself or a year and month where the day is not
1100 # significant.
1101 },
1102 &quot;stringValue&quot;: &quot;A String&quot;, # string
1103 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1104 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1105 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1106 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001107 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1108 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1109 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001110 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1111 # allow the value 60 if it allows leap-seconds.
1112 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07001113 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001114 &quot;booleanValue&quot;: True or False, # boolean
1115 &quot;floatValue&quot;: 3.14, # float
1116 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1117 },
1118 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
1119 # used.
1120 # Note that for the purposes of inspection or transformation, the number
1121 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1122 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1123 # 123456789, the number of bytes would be counted as 9, even though an
1124 # int64 only holds up to 8 bytes of data.
1125 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1126 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1127 # and time zone are either specified elsewhere or are not significant. The date
1128 # is relative to the Proleptic Gregorian Calendar. This can represent:
1129 #
1130 # * A full date, with non-zero year, month and day values
1131 # * A month and day value, with a zero year, e.g. an anniversary
1132 # * A year on its own, with zero month and day values
1133 # * A year and month value, with a zero day, e.g. a credit card expiration date
1134 #
1135 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1136 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1137 # a year.
1138 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1139 # month and day.
1140 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1141 # if specifying a year by itself or a year and month where the day is not
1142 # significant.
1143 },
1144 &quot;stringValue&quot;: &quot;A String&quot;, # string
1145 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1146 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1147 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1148 # types are google.type.Date and `google.protobuf.Timestamp`.
1149 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1150 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1151 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1152 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1153 # allow the value 60 if it allows leap-seconds.
1154 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1155 },
1156 &quot;booleanValue&quot;: True or False, # boolean
1157 &quot;floatValue&quot;: 3.14, # float
1158 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1159 },
1160 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
1161 # Note that for the purposes of inspection or transformation, the number
1162 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1163 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1164 # 123456789, the number of bytes would be counted as 9, even though an
1165 # int64 only holds up to 8 bytes of data.
1166 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1167 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1168 # and time zone are either specified elsewhere or are not significant. The date
1169 # is relative to the Proleptic Gregorian Calendar. This can represent:
1170 #
1171 # * A full date, with non-zero year, month and day values
1172 # * A month and day value, with a zero year, e.g. an anniversary
1173 # * A year on its own, with zero month and day values
1174 # * A year and month value, with a zero day, e.g. a credit card expiration date
1175 #
1176 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1177 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1178 # a year.
1179 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1180 # month and day.
1181 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1182 # if specifying a year by itself or a year and month where the day is not
1183 # significant.
1184 },
1185 &quot;stringValue&quot;: &quot;A String&quot;, # string
1186 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1187 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1188 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1189 # types are google.type.Date and `google.protobuf.Timestamp`.
1190 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1191 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1192 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1193 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1194 # allow the value 60 if it allows leap-seconds.
1195 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1196 },
1197 &quot;booleanValue&quot;: True or False, # boolean
1198 &quot;floatValue&quot;: 3.14, # float
1199 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -07001200 },
1201 },
1202 ],
1203 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001204 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
1205 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
1206 # output would be &#x27;My phone number is &#x27;.
1207 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001208 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1209 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001210 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -07001211 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1212 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001213 # 123456789, the number of bytes would be counted as 9, even though an
1214 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001215 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1216 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001217 # and time zone are either specified elsewhere or are not significant. The date
1218 # is relative to the Proleptic Gregorian Calendar. This can represent:
1219 #
1220 # * A full date, with non-zero year, month and day values
1221 # * A month and day value, with a zero year, e.g. an anniversary
1222 # * A year on its own, with zero month and day values
1223 # * A year and month value, with a zero day, e.g. a credit card expiration date
1224 #
1225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001226 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1227 # a year.
1228 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -07001229 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -07001230 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001231 # if specifying a year by itself or a year and month where the day is not
1232 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001233 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001234 &quot;stringValue&quot;: &quot;A String&quot;, # string
1235 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1236 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1237 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1238 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001239 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1240 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1241 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001242 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1243 # allow the value 60 if it allows leap-seconds.
1244 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07001245 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001246 &quot;booleanValue&quot;: True or False, # boolean
1247 &quot;floatValue&quot;: 3.14, # float
1248 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07001249 },
1250 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001251 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
1252 # Bucketing transformation can provide all of this functionality,
1253 # but requires more configuration. This message is provided as a convenience to
1254 # the user for simple bucketing strategies.
1255 #
1256 # The transformed value will be a hyphenated string of
1257 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
1258 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
1259 #
1260 # This can be used on data of type: double, long.
1261 #
1262 # If the bound Value type differs from the type of data
1263 # being transformed, we will first attempt converting the type of the data to
1264 # be transformed to match the type of the bound before comparing.
1265 #
1266 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07001267 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
1268 # grouped together into a single bucket; for example if `upper_bound` = 89,
1269 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
1270 # Note that for the purposes of inspection or transformation, the number
1271 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1272 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1273 # 123456789, the number of bytes would be counted as 9, even though an
1274 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001275 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1276 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1277 # and time zone are either specified elsewhere or are not significant. The date
1278 # is relative to the Proleptic Gregorian Calendar. This can represent:
1279 #
1280 # * A full date, with non-zero year, month and day values
1281 # * A month and day value, with a zero year, e.g. an anniversary
1282 # * A year on its own, with zero month and day values
1283 # * A year and month value, with a zero day, e.g. a credit card expiration date
1284 #
1285 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1286 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1287 # a year.
1288 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1289 # month and day.
1290 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1291 # if specifying a year by itself or a year and month where the day is not
1292 # significant.
1293 },
1294 &quot;stringValue&quot;: &quot;A String&quot;, # string
1295 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1296 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1297 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1298 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001299 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1300 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1301 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001302 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1303 # allow the value 60 if it allows leap-seconds.
1304 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07001305 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001306 &quot;booleanValue&quot;: True or False, # boolean
1307 &quot;floatValue&quot;: 3.14, # float
1308 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07001309 },
1310 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
1311 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
1312 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
1313 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001314 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
1315 # grouped together into a single bucket; for example if `lower_bound` = 10,
1316 # then all values less than 10 are replaced with the value &quot;-10&quot;.
1317 # Note that for the purposes of inspection or transformation, the number
1318 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1319 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1320 # 123456789, the number of bytes would be counted as 9, even though an
1321 # int64 only holds up to 8 bytes of data.
1322 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1323 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1324 # and time zone are either specified elsewhere or are not significant. The date
1325 # is relative to the Proleptic Gregorian Calendar. This can represent:
1326 #
1327 # * A full date, with non-zero year, month and day values
1328 # * A month and day value, with a zero year, e.g. an anniversary
1329 # * A year on its own, with zero month and day values
1330 # * A year and month value, with a zero day, e.g. a credit card expiration date
1331 #
1332 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1333 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1334 # a year.
1335 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1336 # month and day.
1337 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1338 # if specifying a year by itself or a year and month where the day is not
1339 # significant.
1340 },
1341 &quot;stringValue&quot;: &quot;A String&quot;, # string
1342 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1343 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1344 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1345 # types are google.type.Date and `google.protobuf.Timestamp`.
1346 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1347 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1348 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1349 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1350 # allow the value 60 if it allows leap-seconds.
1351 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1352 },
1353 &quot;booleanValue&quot;: True or False, # boolean
1354 &quot;floatValue&quot;: 3.14, # float
1355 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1356 },
1357 },
1358 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
1359 # fixed character. Masking can start from the beginning or end of the string.
1360 # This can be used on data of any type (numbers, longs, and so on) and when
1361 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
1362 # type. (This allows you to take a long like 123 and modify it to a string like
1363 # **3.
1364 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
1365 # characters. For example, if the input string is `555-555-5555` and you
1366 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
1367 # returns `***-**5-5555`.
1368 { # Characters to skip when doing deidentification of a value. These will be left
1369 # alone and skipped.
1370 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
1371 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
1372 # punctuation.
1373 },
1374 ],
1375 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
1376 # masked. Skipped characters do not count towards this tally.
1377 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
1378 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
1379 # code or credit card number. This string must have a length of 1. If not
1380 # supplied, this value defaults to `*` for strings, and `0` for digits.
1381 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
1382 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
1383 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
1384 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
1385 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001386 },
1387 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001388 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
1389 # this transformation to apply to all findings that correspond to
1390 # infoTypes that were requested in `InspectConfig`.
1391 { # Type of information detected by the API.
1392 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
1393 # creating a CustomInfoType, or one of the names listed
1394 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1395 # a built-in type. InfoType names should conform to the pattern
1396 # `[a-zA-Z0-9_]{1,64}`.
1397 },
1398 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001399 },
1400 ],
1401 },
1402 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
1403 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
1404 # portion of the value.
1405 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
1406 },
1407 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
1408 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
1409 # to learn more.
1410 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
1411 # If set, must also set cryptoKey. If set, shift will be consistent for the
1412 # given context.
1413 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1414 },
1415 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
1416 # range (inclusive ends). Negative means shift to earlier in time. Must not
1417 # be more than 365250 days (1000 years) each direction.
1418 #
1419 # For example, 3 means shift date to at most 3 days into the future.
1420 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
1421 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
1422 # results in the same shift for the same context and crypto_key. If
1423 # set, must also set context. Can only be applied to table items.
1424 # a key encryption key (KEK) stored by KMS).
1425 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1426 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1427 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07001428 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
1429 # leaking the key. Choose another type of key if possible.
1430 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1431 },
1432 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
1433 # It will be discarded after the request finishes.
1434 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
1435 # This is an arbitrary string used to differentiate different keys.
1436 # A unique key is generated per name: two separate `TransientCryptoKey`
1437 # protos share the same generated key if their names are the same.
1438 # When the data crypto key is generated, this name is not used in any way
1439 # (repeating the api call will result in a different key being generated).
1440 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001441 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
1442 # The wrapped key must be a 128/192/256 bit key.
1443 # Authorization requires the following IAM permissions when sending a request
1444 # to perform a crypto transformation using a kms-wrapped crypto key:
1445 # dlp.kms.encrypt
1446 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1447 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1448 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001449 },
1450 },
1451 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
1452 },
1453 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
1454 # Uses SHA-256.
1455 # The key size must be either 32 or 64 bytes.
1456 # Outputs a base64 encoded representation of the hashed output
1457 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
1458 # Currently, only string and integer values can be hashed.
1459 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
1460 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
1461 # a key encryption key (KEK) stored by KMS).
1462 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1463 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1464 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07001465 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
1466 # leaking the key. Choose another type of key if possible.
1467 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1468 },
1469 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
1470 # It will be discarded after the request finishes.
1471 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
1472 # This is an arbitrary string used to differentiate different keys.
1473 # A unique key is generated per name: two separate `TransientCryptoKey`
1474 # protos share the same generated key if their names are the same.
1475 # When the data crypto key is generated, this name is not used in any way
1476 # (repeating the api call will result in a different key being generated).
1477 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001478 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
1479 # The wrapped key must be a 128/192/256 bit key.
1480 # Authorization requires the following IAM permissions when sending a request
1481 # to perform a crypto transformation using a kms-wrapped crypto key:
1482 # dlp.kms.encrypt
1483 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1484 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1485 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001486 },
1487 },
1488 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
1489 # (FPE) with the FFX mode of operation; however when used in the
1490 # `ReidentifyContent` API method, it serves the opposite function by reversing
1491 # the surrogate back into the original identifier. The identifier must be
1492 # encoded as ASCII. For a given crypto key and context, the same identifier
1493 # will be replaced with the same surrogate. Identifiers must be at least two
1494 # characters long. In the case that the identifier is the empty string, it will
1495 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
1496 # more.
1497 #
1498 # Note: We recommend using CryptoDeterministicConfig for all use cases which
1499 # do not require preserving the input alphabet space and size, plus warrant
1500 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07001501 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
1502 # This annotation will be applied to the surrogate by prefixing it with
1503 # the name of the custom infoType followed by the number of
1504 # characters comprising the surrogate. The following scheme defines the
1505 # format: info_type_name(surrogate_character_count):surrogate
1506 #
1507 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
1508 # the surrogate is &#x27;abc&#x27;, the full replacement value
1509 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
1510 #
1511 # This annotation identifies the surrogate when inspecting content using the
1512 # custom infoType
1513 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
1514 # This facilitates reversal of the surrogate when it occurs in free text.
1515 #
1516 # In order for inspection to work properly, the name of this infoType must
1517 # not occur naturally anywhere in your data; otherwise, inspection may
1518 # find a surrogate that does not correspond to an actual identifier.
1519 # Therefore, choose your custom infoType name carefully after considering
1520 # what your data looks like. One way to select a name that has a high chance
1521 # of yielding reliable detection is to include one or more unicode characters
1522 # that are highly improbable to exist in your data.
1523 # For example, assuming your data is entered from a regular ASCII keyboard,
1524 # the symbol with the hex code point 29DD might be used like so:
1525 # ⧝MY_TOKEN_TYPE
1526 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
1527 # creating a CustomInfoType, or one of the names listed
1528 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1529 # a built-in type. InfoType names should conform to the pattern
1530 # `[a-zA-Z0-9_]{1,64}`.
1531 },
1532 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
1533 # identifier in two different contexts won&#x27;t be given the same surrogate. If
1534 # the context is not set, a default tweak will be used.
1535 #
1536 # If the context is set but:
1537 #
1538 # 1. there is no record present when transforming a given value or
1539 # 1. the field is not present when transforming a given value,
1540 #
1541 # a default tweak will be used.
1542 #
1543 # Note that case (1) is expected when an `InfoTypeTransformation` is
1544 # applied to both structured and non-structured `ContentItem`s.
1545 # Currently, the referenced field may be of value type integer or string.
1546 #
1547 # The tweak is constructed as a sequence of bytes in big endian byte order
1548 # such that:
1549 #
1550 # - a 64 bit integer is encoded followed by a single byte of value 1
1551 # - a string is encoded in UTF-8 format followed by a single byte of value 2
1552 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1553 },
1554 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
1555 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
1556 # a key encryption key (KEK) stored by KMS).
1557 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1558 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1559 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07001560 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
1561 # leaking the key. Choose another type of key if possible.
1562 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1563 },
1564 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
1565 # It will be discarded after the request finishes.
1566 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
1567 # This is an arbitrary string used to differentiate different keys.
1568 # A unique key is generated per name: two separate `TransientCryptoKey`
1569 # protos share the same generated key if their names are the same.
1570 # When the data crypto key is generated, this name is not used in any way
1571 # (repeating the api call will result in a different key being generated).
1572 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001573 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
1574 # The wrapped key must be a 128/192/256 bit key.
1575 # Authorization requires the following IAM permissions when sending a request
1576 # to perform a crypto transformation using a kms-wrapped crypto key:
1577 # dlp.kms.encrypt
1578 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1579 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1580 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001581 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001582 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
1583 # that the FFX mode natively supports. This happens before/after
1584 # encryption/decryption.
1585 # Each character listed must appear only once.
1586 # Number of characters must be in the range [2, 95].
1587 # This must be encoded as ASCII.
1588 # The order of characters does not matter.
1589 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07001590 },
1591 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
1592 # input. Outputs a base64 encoded representation of the encrypted output.
1593 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
1594 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
1595 # This annotation will be applied to the surrogate by prefixing it with
1596 # the name of the custom info type followed by the number of
1597 # characters comprising the surrogate. The following scheme defines the
1598 # format: {info type name}({surrogate character count}):{surrogate}
1599 #
1600 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
1601 # the surrogate is &#x27;abc&#x27;, the full replacement value
1602 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
1603 #
1604 # This annotation identifies the surrogate when inspecting content using the
1605 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
1606 # surrogate when it occurs in free text.
1607 #
1608 # Note: For record transformations where the entire cell in a table is being
1609 # transformed, surrogates are not mandatory. Surrogates are used to denote
1610 # the location of the token and are necessary for re-identification in free
1611 # form text.
1612 #
1613 # In order for inspection to work properly, the name of this info type must
1614 # not occur naturally anywhere in your data; otherwise, inspection may either
1615 #
1616 # - reverse a surrogate that does not correspond to an actual identifier
1617 # - be unable to parse the surrogate and result in an error
1618 #
1619 # Therefore, choose your custom info type name carefully after considering
1620 # what your data looks like. One way to select a name that has a high chance
1621 # of yielding reliable detection is to include one or more unicode characters
1622 # that are highly improbable to exist in your data.
1623 # For example, assuming your data is entered from a regular ASCII keyboard,
1624 # the symbol with the hex code point 29DD might be used like so:
1625 # ⧝MY_TOKEN_TYPE.
1626 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
1627 # creating a CustomInfoType, or one of the names listed
1628 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
1629 # a built-in type. InfoType names should conform to the pattern
1630 # `[a-zA-Z0-9_]{1,64}`.
1631 },
1632 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
1633 # referential integrity such that the same identifier in two different
1634 # contexts will be given a distinct surrogate. The context is appended to
1635 # plaintext value being encrypted. On decryption the provided context is
1636 # validated against the value used during encryption. If a context was
1637 # provided during encryption, same context must be provided during decryption
1638 # as well.
1639 #
1640 # If the context is not set, plaintext would be used as is for encryption.
1641 # If the context is set but:
1642 #
1643 # 1. there is no record present when transforming a given value or
1644 # 2. the field is not present when transforming a given value,
1645 #
1646 # plaintext would be used as is for encryption.
1647 #
1648 # Note that case (1) is expected when an `InfoTypeTransformation` is
1649 # applied to both structured and non-structured `ContentItem`s.
1650 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
1651 },
1652 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
1653 # a key encryption key (KEK) stored by KMS).
1654 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
1655 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
1656 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07001657 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
1658 # leaking the key. Choose another type of key if possible.
1659 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
1660 },
1661 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
1662 # It will be discarded after the request finishes.
1663 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
1664 # This is an arbitrary string used to differentiate different keys.
1665 # A unique key is generated per name: two separate `TransientCryptoKey`
1666 # protos share the same generated key if their names are the same.
1667 # When the data crypto key is generated, this name is not used in any way
1668 # (repeating the api call will result in a different key being generated).
1669 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001670 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
1671 # The wrapped key must be a 128/192/256 bit key.
1672 # Authorization requires the following IAM permissions when sending a request
1673 # to perform a crypto transformation using a kms-wrapped crypto key:
1674 # dlp.kms.encrypt
1675 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
1676 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
1677 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001678 },
1679 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001680 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
1681 # replacement values are dynamically provided by the user for custom behavior,
1682 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
1683 # This can be used on
1684 # data of type: number, long, string, timestamp.
1685 # If the bound `Value` type differs from the type of data being transformed, we
1686 # will first attempt converting the type of the data to be transformed to match
1687 # the type of the bound before comparing.
1688 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
1689 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
1690 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07001691 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
1692 # the default behavior will be to hyphenate the min-max range.
1693 # Note that for the purposes of inspection or transformation, the number
1694 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1695 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1696 # 123456789, the number of bytes would be counted as 9, even though an
1697 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001698 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1699 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1700 # and time zone are either specified elsewhere or are not significant. The date
1701 # is relative to the Proleptic Gregorian Calendar. This can represent:
1702 #
1703 # * A full date, with non-zero year, month and day values
1704 # * A month and day value, with a zero year, e.g. an anniversary
1705 # * A year on its own, with zero month and day values
1706 # * A year and month value, with a zero day, e.g. a credit card expiration date
1707 #
1708 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1709 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1710 # a year.
1711 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1712 # month and day.
1713 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1714 # if specifying a year by itself or a year and month where the day is not
1715 # significant.
1716 },
1717 &quot;stringValue&quot;: &quot;A String&quot;, # string
1718 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1719 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1720 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1721 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001722 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1723 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1724 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001725 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1726 # allow the value 60 if it allows leap-seconds.
1727 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001728 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001729 &quot;booleanValue&quot;: True or False, # boolean
1730 &quot;floatValue&quot;: 3.14, # float
1731 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1732 },
1733 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
1734 # used.
1735 # Note that for the purposes of inspection or transformation, the number
1736 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1737 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1738 # 123456789, the number of bytes would be counted as 9, even though an
1739 # int64 only holds up to 8 bytes of data.
1740 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1741 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1742 # and time zone are either specified elsewhere or are not significant. The date
1743 # is relative to the Proleptic Gregorian Calendar. This can represent:
1744 #
1745 # * A full date, with non-zero year, month and day values
1746 # * A month and day value, with a zero year, e.g. an anniversary
1747 # * A year on its own, with zero month and day values
1748 # * A year and month value, with a zero day, e.g. a credit card expiration date
1749 #
1750 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1751 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1752 # a year.
1753 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1754 # month and day.
1755 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1756 # if specifying a year by itself or a year and month where the day is not
1757 # significant.
1758 },
1759 &quot;stringValue&quot;: &quot;A String&quot;, # string
1760 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1761 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1762 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1763 # types are google.type.Date and `google.protobuf.Timestamp`.
1764 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1765 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1766 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1767 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1768 # allow the value 60 if it allows leap-seconds.
1769 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1770 },
1771 &quot;booleanValue&quot;: True or False, # boolean
1772 &quot;floatValue&quot;: 3.14, # float
1773 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1774 },
1775 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
1776 # Note that for the purposes of inspection or transformation, the number
1777 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1778 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1779 # 123456789, the number of bytes would be counted as 9, even though an
1780 # int64 only holds up to 8 bytes of data.
1781 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1782 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1783 # and time zone are either specified elsewhere or are not significant. The date
1784 # is relative to the Proleptic Gregorian Calendar. This can represent:
1785 #
1786 # * A full date, with non-zero year, month and day values
1787 # * A month and day value, with a zero year, e.g. an anniversary
1788 # * A year on its own, with zero month and day values
1789 # * A year and month value, with a zero day, e.g. a credit card expiration date
1790 #
1791 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1792 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1793 # a year.
1794 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1795 # month and day.
1796 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1797 # if specifying a year by itself or a year and month where the day is not
1798 # significant.
1799 },
1800 &quot;stringValue&quot;: &quot;A String&quot;, # string
1801 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1802 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1803 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1804 # types are google.type.Date and `google.protobuf.Timestamp`.
1805 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1806 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1807 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1808 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1809 # allow the value 60 if it allows leap-seconds.
1810 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1811 },
1812 &quot;booleanValue&quot;: True or False, # boolean
1813 &quot;floatValue&quot;: 3.14, # float
1814 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001815 },
1816 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001817 ],
1818 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001819 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
1820 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
1821 # output would be &#x27;My phone number is &#x27;.
1822 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001823 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
1824 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
1825 # Note that for the purposes of inspection or transformation, the number
1826 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1827 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1828 # 123456789, the number of bytes would be counted as 9, even though an
1829 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001830 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1831 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1832 # and time zone are either specified elsewhere or are not significant. The date
1833 # is relative to the Proleptic Gregorian Calendar. This can represent:
1834 #
1835 # * A full date, with non-zero year, month and day values
1836 # * A month and day value, with a zero year, e.g. an anniversary
1837 # * A year on its own, with zero month and day values
1838 # * A year and month value, with a zero day, e.g. a credit card expiration date
1839 #
1840 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1841 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1842 # a year.
1843 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1844 # month and day.
1845 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1846 # if specifying a year by itself or a year and month where the day is not
1847 # significant.
1848 },
1849 &quot;stringValue&quot;: &quot;A String&quot;, # string
1850 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1851 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1852 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1853 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001854 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1855 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1856 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001857 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1858 # allow the value 60 if it allows leap-seconds.
1859 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07001860 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001861 &quot;booleanValue&quot;: True or False, # boolean
1862 &quot;floatValue&quot;: 3.14, # float
1863 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07001864 },
1865 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001866 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
1867 # Bucketing transformation can provide all of this functionality,
1868 # but requires more configuration. This message is provided as a convenience to
1869 # the user for simple bucketing strategies.
1870 #
1871 # The transformed value will be a hyphenated string of
1872 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
1873 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
1874 #
1875 # This can be used on data of type: double, long.
1876 #
1877 # If the bound Value type differs from the type of data
1878 # being transformed, we will first attempt converting the type of the data to
1879 # be transformed to match the type of the bound before comparing.
1880 #
1881 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07001882 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
1883 # grouped together into a single bucket; for example if `upper_bound` = 89,
1884 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
1885 # Note that for the purposes of inspection or transformation, the number
1886 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1887 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1888 # 123456789, the number of bytes would be counted as 9, even though an
1889 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07001890 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1891 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1892 # and time zone are either specified elsewhere or are not significant. The date
1893 # is relative to the Proleptic Gregorian Calendar. This can represent:
1894 #
1895 # * A full date, with non-zero year, month and day values
1896 # * A month and day value, with a zero year, e.g. an anniversary
1897 # * A year on its own, with zero month and day values
1898 # * A year and month value, with a zero day, e.g. a credit card expiration date
1899 #
1900 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1901 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1902 # a year.
1903 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1904 # month and day.
1905 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1906 # if specifying a year by itself or a year and month where the day is not
1907 # significant.
1908 },
1909 &quot;stringValue&quot;: &quot;A String&quot;, # string
1910 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1911 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1912 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1913 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001914 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1915 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1916 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001917 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1918 # allow the value 60 if it allows leap-seconds.
1919 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07001920 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001921 &quot;booleanValue&quot;: True or False, # boolean
1922 &quot;floatValue&quot;: 3.14, # float
1923 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07001924 },
1925 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
1926 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
1927 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
1928 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001929 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
1930 # grouped together into a single bucket; for example if `lower_bound` = 10,
1931 # then all values less than 10 are replaced with the value &quot;-10&quot;.
1932 # Note that for the purposes of inspection or transformation, the number
1933 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
1934 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
1935 # 123456789, the number of bytes would be counted as 9, even though an
1936 # int64 only holds up to 8 bytes of data.
1937 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
1938 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
1939 # and time zone are either specified elsewhere or are not significant. The date
1940 # is relative to the Proleptic Gregorian Calendar. This can represent:
1941 #
1942 # * A full date, with non-zero year, month and day values
1943 # * A month and day value, with a zero year, e.g. an anniversary
1944 # * A year on its own, with zero month and day values
1945 # * A year and month value, with a zero day, e.g. a credit card expiration date
1946 #
1947 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
1948 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
1949 # a year.
1950 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
1951 # month and day.
1952 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
1953 # if specifying a year by itself or a year and month where the day is not
1954 # significant.
1955 },
1956 &quot;stringValue&quot;: &quot;A String&quot;, # string
1957 &quot;integerValue&quot;: &quot;A String&quot;, # integer
1958 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
1959 # or are specified elsewhere. An API may choose to allow leap seconds. Related
1960 # types are google.type.Date and `google.protobuf.Timestamp`.
1961 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
1962 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
1963 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
1964 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
1965 # allow the value 60 if it allows leap-seconds.
1966 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
1967 },
1968 &quot;booleanValue&quot;: True or False, # boolean
1969 &quot;floatValue&quot;: 3.14, # float
1970 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
1971 },
1972 },
1973 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
1974 # fixed character. Masking can start from the beginning or end of the string.
1975 # This can be used on data of any type (numbers, longs, and so on) and when
1976 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
1977 # type. (This allows you to take a long like 123 and modify it to a string like
1978 # **3.
1979 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
1980 # characters. For example, if the input string is `555-555-5555` and you
1981 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
1982 # returns `***-**5-5555`.
1983 { # Characters to skip when doing deidentification of a value. These will be left
1984 # alone and skipped.
1985 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
1986 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
1987 # punctuation.
1988 },
1989 ],
1990 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
1991 # masked. Skipped characters do not count towards this tally.
1992 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
1993 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
1994 # code or credit card number. This string must have a length of 1. If not
1995 # supplied, this value defaults to `*` for strings, and `0` for digits.
1996 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
1997 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
1998 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
1999 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
2000 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07002001 },
2002 },
2003 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
2004 # given `RecordCondition`. The conditions are allowed to reference fields
2005 # that are not used in the actual transformation.
2006 #
2007 # Example Use Cases:
2008 #
2009 # - Apply a different bucket transformation to an age column if the zip code
2010 # column for the same record is within a specific range.
2011 # - Redact a field if the date of birth field is greater than 85.
2012 # a field.
2013 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
2014 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
2015 # only supported value is `AND`.
2016 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
2017 &quot;conditions&quot;: [ # A collection of conditions.
2018 { # The field type of `value` and `field` do not need to match to be
2019 # considered equal, but not all comparisons are possible.
2020 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
2021 # but all other comparisons are invalid with incompatible types.
2022 # A `value` of type:
2023 #
2024 # - `string` can be compared against all other types
2025 # - `boolean` can only be compared against other booleans
2026 # - `integer` can be compared against doubles or a string if the string value
2027 # can be parsed as an integer.
2028 # - `double` can be compared against integers or a string if the string can
2029 # be parsed as a double.
2030 # - `Timestamp` can be compared against strings in RFC 3339 date string
2031 # format.
2032 # - `TimeOfDay` can be compared against timestamps and strings in the format
2033 # of &#x27;HH:mm:ss&#x27;.
2034 #
2035 # If we fail to compare do to type mismatch, a warning will be given and
2036 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -07002037 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
2038 # Note that for the purposes of inspection or transformation, the number
2039 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2040 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2041 # 123456789, the number of bytes would be counted as 9, even though an
2042 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07002043 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2044 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2045 # and time zone are either specified elsewhere or are not significant. The date
2046 # is relative to the Proleptic Gregorian Calendar. This can represent:
2047 #
2048 # * A full date, with non-zero year, month and day values
2049 # * A month and day value, with a zero year, e.g. an anniversary
2050 # * A year on its own, with zero month and day values
2051 # * A year and month value, with a zero day, e.g. a credit card expiration date
2052 #
2053 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2054 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2055 # a year.
2056 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2057 # month and day.
2058 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2059 # if specifying a year by itself or a year and month where the day is not
2060 # significant.
2061 },
2062 &quot;stringValue&quot;: &quot;A String&quot;, # string
2063 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2064 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2065 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2066 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07002067 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2068 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2069 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002070 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2071 # allow the value 60 if it allows leap-seconds.
2072 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07002073 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002074 &quot;booleanValue&quot;: True or False, # boolean
2075 &quot;floatValue&quot;: 3.14, # float
2076 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07002077 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002078 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
2079 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2080 },
2081 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002082 },
2083 ],
2084 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002085 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002086 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002087 },
2088 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002089 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
2090 # match any suppression rule are omitted from the output.
2091 { # Configuration to suppress records whose suppression conditions evaluate to
2092 # true.
2093 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
2094 # evaluated to be suppressed from the transformed content.
2095 # a field.
2096 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
2097 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
2098 # only supported value is `AND`.
2099 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
2100 &quot;conditions&quot;: [ # A collection of conditions.
2101 { # The field type of `value` and `field` do not need to match to be
2102 # considered equal, but not all comparisons are possible.
2103 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
2104 # but all other comparisons are invalid with incompatible types.
2105 # A `value` of type:
2106 #
2107 # - `string` can be compared against all other types
2108 # - `boolean` can only be compared against other booleans
2109 # - `integer` can be compared against doubles or a string if the string value
2110 # can be parsed as an integer.
2111 # - `double` can be compared against integers or a string if the string can
2112 # be parsed as a double.
2113 # - `Timestamp` can be compared against strings in RFC 3339 date string
2114 # format.
2115 # - `TimeOfDay` can be compared against timestamps and strings in the format
2116 # of &#x27;HH:mm:ss&#x27;.
2117 #
2118 # If we fail to compare do to type mismatch, a warning will be given and
2119 # the condition will evaluate to false.
2120 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
2121 # Note that for the purposes of inspection or transformation, the number
2122 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2123 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2124 # 123456789, the number of bytes would be counted as 9, even though an
2125 # int64 only holds up to 8 bytes of data.
2126 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2127 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2128 # and time zone are either specified elsewhere or are not significant. The date
2129 # is relative to the Proleptic Gregorian Calendar. This can represent:
2130 #
2131 # * A full date, with non-zero year, month and day values
2132 # * A month and day value, with a zero year, e.g. an anniversary
2133 # * A year on its own, with zero month and day values
2134 # * A year and month value, with a zero day, e.g. a credit card expiration date
2135 #
2136 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2137 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2138 # a year.
2139 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2140 # month and day.
2141 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2142 # if specifying a year by itself or a year and month where the day is not
2143 # significant.
2144 },
2145 &quot;stringValue&quot;: &quot;A String&quot;, # string
2146 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2147 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2148 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2149 # types are google.type.Date and `google.protobuf.Timestamp`.
2150 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2151 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2152 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2153 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2154 # allow the value 60 if it allows leap-seconds.
2155 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2156 },
2157 &quot;booleanValue&quot;: True or False, # boolean
2158 &quot;floatValue&quot;: 3.14, # float
2159 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07002160 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002161 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
2162 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07002163 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002164 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -07002165 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002166 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07002167 },
2168 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002169 },
2170 },
2171 ],
Dan O'Mearadd494642020-05-01 07:42:23 -07002172 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002173 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002174 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002175 &quot;locationId&quot;: &quot;A String&quot;, # The geographic location to store the deidentification template. Reserved
Dan O'Mearadd494642020-05-01 07:42:23 -07002176 # for future extensions.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002177 }
2178
2179 x__xgafv: string, V1 error format.
2180 Allowed values
2181 1 - v1 error format
2182 2 - v2 error format
2183
2184Returns:
2185 An object of the form:
2186
Dan O'Mearadd494642020-05-01 07:42:23 -07002187 { # DeidentifyTemplates contains instructions on how to de-identify content.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002188 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07002189 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
2190 #
2191 # The template will have one of the following formats:
2192 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
2193 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
2194 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
2195 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
2196 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
2197 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
2198 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002199 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
2200 # transformation everywhere.
2201 # apply various `PrimitiveTransformation`s to each finding, where the
2202 # transformation is applied to only values that were identified as a specific
2203 # info_type.
2204 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
2205 # for a given infoType.
2206 { # A transformation to apply to text that is identified as a specific
2207 # info_type.
2208 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
2209 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
2210 # portion of the value.
2211 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2212 },
2213 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
2214 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
2215 # to learn more.
2216 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
2217 # If set, must also set cryptoKey. If set, shift will be consistent for the
2218 # given context.
2219 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2220 },
2221 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
2222 # range (inclusive ends). Negative means shift to earlier in time. Must not
2223 # be more than 365250 days (1000 years) each direction.
2224 #
2225 # For example, 3 means shift date to at most 3 days into the future.
2226 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
2227 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
2228 # results in the same shift for the same context and crypto_key. If
2229 # set, must also set context. Can only be applied to table items.
2230 # a key encryption key (KEK) stored by KMS).
2231 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2232 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2233 # unwrap the data crypto key.
2234 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
2235 # leaking the key. Choose another type of key if possible.
2236 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2237 },
2238 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
2239 # It will be discarded after the request finishes.
2240 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
2241 # This is an arbitrary string used to differentiate different keys.
2242 # A unique key is generated per name: two separate `TransientCryptoKey`
2243 # protos share the same generated key if their names are the same.
2244 # When the data crypto key is generated, this name is not used in any way
2245 # (repeating the api call will result in a different key being generated).
2246 },
2247 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2248 # The wrapped key must be a 128/192/256 bit key.
2249 # Authorization requires the following IAM permissions when sending a request
2250 # to perform a crypto transformation using a kms-wrapped crypto key:
2251 # dlp.kms.encrypt
2252 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2253 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2254 },
2255 },
2256 },
2257 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
2258 },
2259 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
2260 # Uses SHA-256.
2261 # The key size must be either 32 or 64 bytes.
2262 # Outputs a base64 encoded representation of the hashed output
2263 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
2264 # Currently, only string and integer values can be hashed.
2265 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
2266 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
2267 # a key encryption key (KEK) stored by KMS).
2268 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2269 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2270 # unwrap the data crypto key.
2271 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
2272 # leaking the key. Choose another type of key if possible.
2273 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2274 },
2275 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
2276 # It will be discarded after the request finishes.
2277 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
2278 # This is an arbitrary string used to differentiate different keys.
2279 # A unique key is generated per name: two separate `TransientCryptoKey`
2280 # protos share the same generated key if their names are the same.
2281 # When the data crypto key is generated, this name is not used in any way
2282 # (repeating the api call will result in a different key being generated).
2283 },
2284 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2285 # The wrapped key must be a 128/192/256 bit key.
2286 # Authorization requires the following IAM permissions when sending a request
2287 # to perform a crypto transformation using a kms-wrapped crypto key:
2288 # dlp.kms.encrypt
2289 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2290 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2291 },
2292 },
2293 },
2294 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
2295 # (FPE) with the FFX mode of operation; however when used in the
2296 # `ReidentifyContent` API method, it serves the opposite function by reversing
2297 # the surrogate back into the original identifier. The identifier must be
2298 # encoded as ASCII. For a given crypto key and context, the same identifier
2299 # will be replaced with the same surrogate. Identifiers must be at least two
2300 # characters long. In the case that the identifier is the empty string, it will
2301 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
2302 # more.
2303 #
2304 # Note: We recommend using CryptoDeterministicConfig for all use cases which
2305 # do not require preserving the input alphabet space and size, plus warrant
2306 # referential integrity.
2307 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
2308 # This annotation will be applied to the surrogate by prefixing it with
2309 # the name of the custom infoType followed by the number of
2310 # characters comprising the surrogate. The following scheme defines the
2311 # format: info_type_name(surrogate_character_count):surrogate
2312 #
2313 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
2314 # the surrogate is &#x27;abc&#x27;, the full replacement value
2315 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
2316 #
2317 # This annotation identifies the surrogate when inspecting content using the
2318 # custom infoType
2319 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
2320 # This facilitates reversal of the surrogate when it occurs in free text.
2321 #
2322 # In order for inspection to work properly, the name of this infoType must
2323 # not occur naturally anywhere in your data; otherwise, inspection may
2324 # find a surrogate that does not correspond to an actual identifier.
2325 # Therefore, choose your custom infoType name carefully after considering
2326 # what your data looks like. One way to select a name that has a high chance
2327 # of yielding reliable detection is to include one or more unicode characters
2328 # that are highly improbable to exist in your data.
2329 # For example, assuming your data is entered from a regular ASCII keyboard,
2330 # the symbol with the hex code point 29DD might be used like so:
2331 # ⧝MY_TOKEN_TYPE
2332 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
2333 # creating a CustomInfoType, or one of the names listed
2334 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2335 # a built-in type. InfoType names should conform to the pattern
2336 # `[a-zA-Z0-9_]{1,64}`.
2337 },
2338 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
2339 # identifier in two different contexts won&#x27;t be given the same surrogate. If
2340 # the context is not set, a default tweak will be used.
2341 #
2342 # If the context is set but:
2343 #
2344 # 1. there is no record present when transforming a given value or
2345 # 1. the field is not present when transforming a given value,
2346 #
2347 # a default tweak will be used.
2348 #
2349 # Note that case (1) is expected when an `InfoTypeTransformation` is
2350 # applied to both structured and non-structured `ContentItem`s.
2351 # Currently, the referenced field may be of value type integer or string.
2352 #
2353 # The tweak is constructed as a sequence of bytes in big endian byte order
2354 # such that:
2355 #
2356 # - a 64 bit integer is encoded followed by a single byte of value 1
2357 # - a string is encoded in UTF-8 format followed by a single byte of value 2
2358 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2359 },
2360 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
2361 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
2362 # a key encryption key (KEK) stored by KMS).
2363 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2364 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2365 # unwrap the data crypto key.
2366 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
2367 # leaking the key. Choose another type of key if possible.
2368 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2369 },
2370 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
2371 # It will be discarded after the request finishes.
2372 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
2373 # This is an arbitrary string used to differentiate different keys.
2374 # A unique key is generated per name: two separate `TransientCryptoKey`
2375 # protos share the same generated key if their names are the same.
2376 # When the data crypto key is generated, this name is not used in any way
2377 # (repeating the api call will result in a different key being generated).
2378 },
2379 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2380 # The wrapped key must be a 128/192/256 bit key.
2381 # Authorization requires the following IAM permissions when sending a request
2382 # to perform a crypto transformation using a kms-wrapped crypto key:
2383 # dlp.kms.encrypt
2384 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2385 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2386 },
2387 },
2388 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
2389 # that the FFX mode natively supports. This happens before/after
2390 # encryption/decryption.
2391 # Each character listed must appear only once.
2392 # Number of characters must be in the range [2, 95].
2393 # This must be encoded as ASCII.
2394 # The order of characters does not matter.
2395 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
2396 },
2397 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
2398 # input. Outputs a base64 encoded representation of the encrypted output.
2399 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
2400 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
2401 # This annotation will be applied to the surrogate by prefixing it with
2402 # the name of the custom info type followed by the number of
2403 # characters comprising the surrogate. The following scheme defines the
2404 # format: {info type name}({surrogate character count}):{surrogate}
2405 #
2406 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
2407 # the surrogate is &#x27;abc&#x27;, the full replacement value
2408 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
2409 #
2410 # This annotation identifies the surrogate when inspecting content using the
2411 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
2412 # surrogate when it occurs in free text.
2413 #
2414 # Note: For record transformations where the entire cell in a table is being
2415 # transformed, surrogates are not mandatory. Surrogates are used to denote
2416 # the location of the token and are necessary for re-identification in free
2417 # form text.
2418 #
2419 # In order for inspection to work properly, the name of this info type must
2420 # not occur naturally anywhere in your data; otherwise, inspection may either
2421 #
2422 # - reverse a surrogate that does not correspond to an actual identifier
2423 # - be unable to parse the surrogate and result in an error
2424 #
2425 # Therefore, choose your custom info type name carefully after considering
2426 # what your data looks like. One way to select a name that has a high chance
2427 # of yielding reliable detection is to include one or more unicode characters
2428 # that are highly improbable to exist in your data.
2429 # For example, assuming your data is entered from a regular ASCII keyboard,
2430 # the symbol with the hex code point 29DD might be used like so:
2431 # ⧝MY_TOKEN_TYPE.
2432 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
2433 # creating a CustomInfoType, or one of the names listed
2434 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2435 # a built-in type. InfoType names should conform to the pattern
2436 # `[a-zA-Z0-9_]{1,64}`.
2437 },
2438 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
2439 # referential integrity such that the same identifier in two different
2440 # contexts will be given a distinct surrogate. The context is appended to
2441 # plaintext value being encrypted. On decryption the provided context is
2442 # validated against the value used during encryption. If a context was
2443 # provided during encryption, same context must be provided during decryption
2444 # as well.
2445 #
2446 # If the context is not set, plaintext would be used as is for encryption.
2447 # If the context is set but:
2448 #
2449 # 1. there is no record present when transforming a given value or
2450 # 2. the field is not present when transforming a given value,
2451 #
2452 # plaintext would be used as is for encryption.
2453 #
2454 # Note that case (1) is expected when an `InfoTypeTransformation` is
2455 # applied to both structured and non-structured `ContentItem`s.
2456 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2457 },
2458 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
2459 # a key encryption key (KEK) stored by KMS).
2460 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2461 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2462 # unwrap the data crypto key.
2463 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
2464 # leaking the key. Choose another type of key if possible.
2465 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2466 },
2467 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
2468 # It will be discarded after the request finishes.
2469 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
2470 # This is an arbitrary string used to differentiate different keys.
2471 # A unique key is generated per name: two separate `TransientCryptoKey`
2472 # protos share the same generated key if their names are the same.
2473 # When the data crypto key is generated, this name is not used in any way
2474 # (repeating the api call will result in a different key being generated).
2475 },
2476 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2477 # The wrapped key must be a 128/192/256 bit key.
2478 # Authorization requires the following IAM permissions when sending a request
2479 # to perform a crypto transformation using a kms-wrapped crypto key:
2480 # dlp.kms.encrypt
2481 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2482 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2483 },
2484 },
2485 },
2486 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
2487 # replacement values are dynamically provided by the user for custom behavior,
2488 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
2489 # This can be used on
2490 # data of type: number, long, string, timestamp.
2491 # If the bound `Value` type differs from the type of data being transformed, we
2492 # will first attempt converting the type of the data to be transformed to match
2493 # the type of the bound before comparing.
2494 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
2495 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
2496 { # Bucket is represented as a range, along with replacement values.
2497 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
2498 # the default behavior will be to hyphenate the min-max range.
2499 # Note that for the purposes of inspection or transformation, the number
2500 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2501 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2502 # 123456789, the number of bytes would be counted as 9, even though an
2503 # int64 only holds up to 8 bytes of data.
2504 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2505 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2506 # and time zone are either specified elsewhere or are not significant. The date
2507 # is relative to the Proleptic Gregorian Calendar. This can represent:
2508 #
2509 # * A full date, with non-zero year, month and day values
2510 # * A month and day value, with a zero year, e.g. an anniversary
2511 # * A year on its own, with zero month and day values
2512 # * A year and month value, with a zero day, e.g. a credit card expiration date
2513 #
2514 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2515 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2516 # a year.
2517 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2518 # month and day.
2519 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2520 # if specifying a year by itself or a year and month where the day is not
2521 # significant.
2522 },
2523 &quot;stringValue&quot;: &quot;A String&quot;, # string
2524 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2525 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2526 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2527 # types are google.type.Date and `google.protobuf.Timestamp`.
2528 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2529 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2530 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2531 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2532 # allow the value 60 if it allows leap-seconds.
2533 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2534 },
2535 &quot;booleanValue&quot;: True or False, # boolean
2536 &quot;floatValue&quot;: 3.14, # float
2537 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2538 },
2539 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
2540 # used.
2541 # Note that for the purposes of inspection or transformation, the number
2542 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2543 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2544 # 123456789, the number of bytes would be counted as 9, even though an
2545 # int64 only holds up to 8 bytes of data.
2546 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2547 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2548 # and time zone are either specified elsewhere or are not significant. The date
2549 # is relative to the Proleptic Gregorian Calendar. This can represent:
2550 #
2551 # * A full date, with non-zero year, month and day values
2552 # * A month and day value, with a zero year, e.g. an anniversary
2553 # * A year on its own, with zero month and day values
2554 # * A year and month value, with a zero day, e.g. a credit card expiration date
2555 #
2556 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2557 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2558 # a year.
2559 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2560 # month and day.
2561 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2562 # if specifying a year by itself or a year and month where the day is not
2563 # significant.
2564 },
2565 &quot;stringValue&quot;: &quot;A String&quot;, # string
2566 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2567 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2568 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2569 # types are google.type.Date and `google.protobuf.Timestamp`.
2570 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2571 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2572 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2573 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2574 # allow the value 60 if it allows leap-seconds.
2575 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2576 },
2577 &quot;booleanValue&quot;: True or False, # boolean
2578 &quot;floatValue&quot;: 3.14, # float
2579 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2580 },
2581 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
2582 # Note that for the purposes of inspection or transformation, the number
2583 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2584 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2585 # 123456789, the number of bytes would be counted as 9, even though an
2586 # int64 only holds up to 8 bytes of data.
2587 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2588 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2589 # and time zone are either specified elsewhere or are not significant. The date
2590 # is relative to the Proleptic Gregorian Calendar. This can represent:
2591 #
2592 # * A full date, with non-zero year, month and day values
2593 # * A month and day value, with a zero year, e.g. an anniversary
2594 # * A year on its own, with zero month and day values
2595 # * A year and month value, with a zero day, e.g. a credit card expiration date
2596 #
2597 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2598 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2599 # a year.
2600 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2601 # month and day.
2602 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2603 # if specifying a year by itself or a year and month where the day is not
2604 # significant.
2605 },
2606 &quot;stringValue&quot;: &quot;A String&quot;, # string
2607 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2608 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2609 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2610 # types are google.type.Date and `google.protobuf.Timestamp`.
2611 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2612 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2613 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2614 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2615 # allow the value 60 if it allows leap-seconds.
2616 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2617 },
2618 &quot;booleanValue&quot;: True or False, # boolean
2619 &quot;floatValue&quot;: 3.14, # float
2620 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2621 },
2622 },
2623 ],
2624 },
2625 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
2626 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
2627 # output would be &#x27;My phone number is &#x27;.
2628 },
2629 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
2630 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
2631 # Note that for the purposes of inspection or transformation, the number
2632 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2633 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2634 # 123456789, the number of bytes would be counted as 9, even though an
2635 # int64 only holds up to 8 bytes of data.
2636 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2637 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2638 # and time zone are either specified elsewhere or are not significant. The date
2639 # is relative to the Proleptic Gregorian Calendar. This can represent:
2640 #
2641 # * A full date, with non-zero year, month and day values
2642 # * A month and day value, with a zero year, e.g. an anniversary
2643 # * A year on its own, with zero month and day values
2644 # * A year and month value, with a zero day, e.g. a credit card expiration date
2645 #
2646 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2647 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2648 # a year.
2649 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2650 # month and day.
2651 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2652 # if specifying a year by itself or a year and month where the day is not
2653 # significant.
2654 },
2655 &quot;stringValue&quot;: &quot;A String&quot;, # string
2656 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2657 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2658 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2659 # types are google.type.Date and `google.protobuf.Timestamp`.
2660 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2661 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2662 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2663 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2664 # allow the value 60 if it allows leap-seconds.
2665 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2666 },
2667 &quot;booleanValue&quot;: True or False, # boolean
2668 &quot;floatValue&quot;: 3.14, # float
2669 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2670 },
2671 },
2672 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
2673 # Bucketing transformation can provide all of this functionality,
2674 # but requires more configuration. This message is provided as a convenience to
2675 # the user for simple bucketing strategies.
2676 #
2677 # The transformed value will be a hyphenated string of
2678 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
2679 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
2680 #
2681 # This can be used on data of type: double, long.
2682 #
2683 # If the bound Value type differs from the type of data
2684 # being transformed, we will first attempt converting the type of the data to
2685 # be transformed to match the type of the bound before comparing.
2686 #
2687 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
2688 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
2689 # grouped together into a single bucket; for example if `upper_bound` = 89,
2690 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
2691 # Note that for the purposes of inspection or transformation, the number
2692 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2693 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2694 # 123456789, the number of bytes would be counted as 9, even though an
2695 # int64 only holds up to 8 bytes of data.
2696 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2697 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2698 # and time zone are either specified elsewhere or are not significant. The date
2699 # is relative to the Proleptic Gregorian Calendar. This can represent:
2700 #
2701 # * A full date, with non-zero year, month and day values
2702 # * A month and day value, with a zero year, e.g. an anniversary
2703 # * A year on its own, with zero month and day values
2704 # * A year and month value, with a zero day, e.g. a credit card expiration date
2705 #
2706 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2707 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2708 # a year.
2709 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2710 # month and day.
2711 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2712 # if specifying a year by itself or a year and month where the day is not
2713 # significant.
2714 },
2715 &quot;stringValue&quot;: &quot;A String&quot;, # string
2716 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2717 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2718 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2719 # types are google.type.Date and `google.protobuf.Timestamp`.
2720 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2721 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2722 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2723 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2724 # allow the value 60 if it allows leap-seconds.
2725 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2726 },
2727 &quot;booleanValue&quot;: True or False, # boolean
2728 &quot;floatValue&quot;: 3.14, # float
2729 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2730 },
2731 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
2732 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
2733 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
2734 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
2735 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
2736 # grouped together into a single bucket; for example if `lower_bound` = 10,
2737 # then all values less than 10 are replaced with the value &quot;-10&quot;.
2738 # Note that for the purposes of inspection or transformation, the number
2739 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
2740 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
2741 # 123456789, the number of bytes would be counted as 9, even though an
2742 # int64 only holds up to 8 bytes of data.
2743 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
2744 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
2745 # and time zone are either specified elsewhere or are not significant. The date
2746 # is relative to the Proleptic Gregorian Calendar. This can represent:
2747 #
2748 # * A full date, with non-zero year, month and day values
2749 # * A month and day value, with a zero year, e.g. an anniversary
2750 # * A year on its own, with zero month and day values
2751 # * A year and month value, with a zero day, e.g. a credit card expiration date
2752 #
2753 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
2754 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
2755 # a year.
2756 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
2757 # month and day.
2758 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
2759 # if specifying a year by itself or a year and month where the day is not
2760 # significant.
2761 },
2762 &quot;stringValue&quot;: &quot;A String&quot;, # string
2763 &quot;integerValue&quot;: &quot;A String&quot;, # integer
2764 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
2765 # or are specified elsewhere. An API may choose to allow leap seconds. Related
2766 # types are google.type.Date and `google.protobuf.Timestamp`.
2767 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
2768 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
2769 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
2770 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
2771 # allow the value 60 if it allows leap-seconds.
2772 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
2773 },
2774 &quot;booleanValue&quot;: True or False, # boolean
2775 &quot;floatValue&quot;: 3.14, # float
2776 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
2777 },
2778 },
2779 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
2780 # fixed character. Masking can start from the beginning or end of the string.
2781 # This can be used on data of any type (numbers, longs, and so on) and when
2782 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
2783 # type. (This allows you to take a long like 123 and modify it to a string like
2784 # **3.
2785 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
2786 # characters. For example, if the input string is `555-555-5555` and you
2787 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
2788 # returns `***-**5-5555`.
2789 { # Characters to skip when doing deidentification of a value. These will be left
2790 # alone and skipped.
2791 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
2792 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
2793 # punctuation.
2794 },
2795 ],
2796 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
2797 # masked. Skipped characters do not count towards this tally.
2798 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
2799 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
2800 # code or credit card number. This string must have a length of 1. If not
2801 # supplied, this value defaults to `*` for strings, and `0` for digits.
2802 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
2803 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
2804 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
2805 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
2806 # is `true`, then the string `12345` is masked as `12***`.
2807 },
2808 },
2809 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
2810 # this transformation to apply to all findings that correspond to
2811 # infoTypes that were requested in `InspectConfig`.
2812 { # Type of information detected by the API.
2813 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
2814 # creating a CustomInfoType, or one of the names listed
2815 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2816 # a built-in type. InfoType names should conform to the pattern
2817 # `[a-zA-Z0-9_]{1,64}`.
2818 },
2819 ],
2820 },
2821 ],
2822 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002823 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
2824 # mode is `TransformationErrorHandling.ThrowError`.
2825 # transformation error occurs when the requested transformation is incompatible
2826 # with the data. For example, trying to de-identify an IP address using a
2827 # `DateShift` transformation would result in a transformation error, since date
2828 # info cannot be extracted from an IP address.
2829 # Information about any incompatible transformations, and how they were
2830 # handled, is returned in the response as part of the
2831 # `TransformationOverviews`.
2832 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
2833 },
2834 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
2835 # cause an error. For example, if a `DateShift` transformation were applied
2836 # an an IP address, this mode would leave the IP address unchanged in the
2837 # response.
2838 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002839 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002840 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002841 # specific locations within structured datasets, such as transforming
2842 # a column within a table.
2843 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -07002844 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002845 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07002846 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -07002847 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -07002848 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -07002849 },
2850 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07002851 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002852 # transform content that matches an `InfoType`.
2853 # apply various `PrimitiveTransformation`s to each finding, where the
2854 # transformation is applied to only values that were identified as a specific
2855 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07002856 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -07002857 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002858 { # A transformation to apply to text that is identified as a specific
2859 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07002860 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
2861 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
2862 # portion of the value.
2863 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
2864 },
2865 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
2866 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
2867 # to learn more.
2868 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
2869 # If set, must also set cryptoKey. If set, shift will be consistent for the
2870 # given context.
2871 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
2872 },
2873 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
2874 # range (inclusive ends). Negative means shift to earlier in time. Must not
2875 # be more than 365250 days (1000 years) each direction.
2876 #
2877 # For example, 3 means shift date to at most 3 days into the future.
2878 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
2879 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
2880 # results in the same shift for the same context and crypto_key. If
2881 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002882 # a key encryption key (KEK) stored by KMS).
2883 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2884 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2885 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07002886 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002887 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -07002888 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002889 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002890 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002891 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -07002892 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002893 # This is an arbitrary string used to differentiate different keys.
2894 # A unique key is generated per name: two separate `TransientCryptoKey`
2895 # protos share the same generated key if their names are the same.
2896 # When the data crypto key is generated, this name is not used in any way
2897 # (repeating the api call will result in a different key being generated).
2898 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002899 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2900 # The wrapped key must be a 128/192/256 bit key.
2901 # Authorization requires the following IAM permissions when sending a request
2902 # to perform a crypto transformation using a kms-wrapped crypto key:
2903 # dlp.kms.encrypt
2904 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2905 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2906 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002907 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002908 },
2909 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
2910 },
2911 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
2912 # Uses SHA-256.
2913 # The key size must be either 32 or 64 bytes.
2914 # Outputs a base64 encoded representation of the hashed output
2915 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
2916 # Currently, only string and integer values can be hashed.
2917 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
2918 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
2919 # a key encryption key (KEK) stored by KMS).
2920 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
2921 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
2922 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07002923 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
2924 # leaking the key. Choose another type of key if possible.
2925 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
2926 },
2927 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
2928 # It will be discarded after the request finishes.
2929 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
2930 # This is an arbitrary string used to differentiate different keys.
2931 # A unique key is generated per name: two separate `TransientCryptoKey`
2932 # protos share the same generated key if their names are the same.
2933 # When the data crypto key is generated, this name is not used in any way
2934 # (repeating the api call will result in a different key being generated).
2935 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07002936 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
2937 # The wrapped key must be a 128/192/256 bit key.
2938 # Authorization requires the following IAM permissions when sending a request
2939 # to perform a crypto transformation using a kms-wrapped crypto key:
2940 # dlp.kms.encrypt
2941 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
2942 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
2943 },
Bu Sun Kim65020912020-05-20 12:08:20 -07002944 },
2945 },
2946 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
2947 # (FPE) with the FFX mode of operation; however when used in the
2948 # `ReidentifyContent` API method, it serves the opposite function by reversing
2949 # the surrogate back into the original identifier. The identifier must be
2950 # encoded as ASCII. For a given crypto key and context, the same identifier
2951 # will be replaced with the same surrogate. Identifiers must be at least two
2952 # characters long. In the case that the identifier is the empty string, it will
2953 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
2954 # more.
2955 #
2956 # Note: We recommend using CryptoDeterministicConfig for all use cases which
2957 # do not require preserving the input alphabet space and size, plus warrant
2958 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07002959 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
2960 # This annotation will be applied to the surrogate by prefixing it with
2961 # the name of the custom infoType followed by the number of
2962 # characters comprising the surrogate. The following scheme defines the
2963 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002964 #
Bu Sun Kim65020912020-05-20 12:08:20 -07002965 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
2966 # the surrogate is &#x27;abc&#x27;, the full replacement value
2967 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
2968 #
2969 # This annotation identifies the surrogate when inspecting content using the
2970 # custom infoType
2971 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
2972 # This facilitates reversal of the surrogate when it occurs in free text.
2973 #
2974 # In order for inspection to work properly, the name of this infoType must
2975 # not occur naturally anywhere in your data; otherwise, inspection may
2976 # find a surrogate that does not correspond to an actual identifier.
2977 # Therefore, choose your custom infoType name carefully after considering
2978 # what your data looks like. One way to select a name that has a high chance
2979 # of yielding reliable detection is to include one or more unicode characters
2980 # that are highly improbable to exist in your data.
2981 # For example, assuming your data is entered from a regular ASCII keyboard,
2982 # the symbol with the hex code point 29DD might be used like so:
2983 # ⧝MY_TOKEN_TYPE
2984 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
2985 # creating a CustomInfoType, or one of the names listed
2986 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
2987 # a built-in type. InfoType names should conform to the pattern
2988 # `[a-zA-Z0-9_]{1,64}`.
2989 },
2990 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
2991 # identifier in two different contexts won&#x27;t be given the same surrogate. If
2992 # the context is not set, a default tweak will be used.
2993 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002994 # If the context is set but:
2995 #
2996 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07002997 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07002998 #
Bu Sun Kim65020912020-05-20 12:08:20 -07002999 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003000 #
3001 # Note that case (1) is expected when an `InfoTypeTransformation` is
3002 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07003003 # Currently, the referenced field may be of value type integer or string.
3004 #
3005 # The tweak is constructed as a sequence of bytes in big endian byte order
3006 # such that:
3007 #
3008 # - a 64 bit integer is encoded followed by a single byte of value 1
3009 # - a string is encoded in UTF-8 format followed by a single byte of value 2
3010 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003011 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003012 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3013 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
3014 # a key encryption key (KEK) stored by KMS).
3015 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3016 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3017 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003018 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3019 # leaking the key. Choose another type of key if possible.
3020 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3021 },
3022 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3023 # It will be discarded after the request finishes.
3024 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3025 # This is an arbitrary string used to differentiate different keys.
3026 # A unique key is generated per name: two separate `TransientCryptoKey`
3027 # protos share the same generated key if their names are the same.
3028 # When the data crypto key is generated, this name is not used in any way
3029 # (repeating the api call will result in a different key being generated).
3030 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003031 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3032 # The wrapped key must be a 128/192/256 bit key.
3033 # Authorization requires the following IAM permissions when sending a request
3034 # to perform a crypto transformation using a kms-wrapped crypto key:
3035 # dlp.kms.encrypt
3036 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3037 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3038 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003039 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003040 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
3041 # that the FFX mode natively supports. This happens before/after
3042 # encryption/decryption.
3043 # Each character listed must appear only once.
3044 # Number of characters must be in the range [2, 95].
3045 # This must be encoded as ASCII.
3046 # The order of characters does not matter.
3047 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07003048 },
3049 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
3050 # input. Outputs a base64 encoded representation of the encrypted output.
3051 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
3052 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003053 # This annotation will be applied to the surrogate by prefixing it with
3054 # the name of the custom info type followed by the number of
3055 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -07003056 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003057 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003058 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
3059 # the surrogate is &#x27;abc&#x27;, the full replacement value
3060 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003061 #
3062 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -07003063 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003064 # surrogate when it occurs in free text.
3065 #
Dan O'Mearadd494642020-05-01 07:42:23 -07003066 # Note: For record transformations where the entire cell in a table is being
3067 # transformed, surrogates are not mandatory. Surrogates are used to denote
3068 # the location of the token and are necessary for re-identification in free
3069 # form text.
3070 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003071 # In order for inspection to work properly, the name of this info type must
3072 # not occur naturally anywhere in your data; otherwise, inspection may either
3073 #
3074 # - reverse a surrogate that does not correspond to an actual identifier
3075 # - be unable to parse the surrogate and result in an error
3076 #
3077 # Therefore, choose your custom info type name carefully after considering
3078 # what your data looks like. One way to select a name that has a high chance
3079 # of yielding reliable detection is to include one or more unicode characters
3080 # that are highly improbable to exist in your data.
3081 # For example, assuming your data is entered from a regular ASCII keyboard,
3082 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -07003083 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -07003084 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003085 # creating a CustomInfoType, or one of the names listed
3086 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3087 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -07003088 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003089 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003090 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
3091 # referential integrity such that the same identifier in two different
3092 # contexts will be given a distinct surrogate. The context is appended to
3093 # plaintext value being encrypted. On decryption the provided context is
3094 # validated against the value used during encryption. If a context was
3095 # provided during encryption, same context must be provided during decryption
3096 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003097 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003098 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003099 # If the context is set but:
3100 #
3101 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07003102 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003103 #
Bu Sun Kim65020912020-05-20 12:08:20 -07003104 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003105 #
3106 # Note that case (1) is expected when an `InfoTypeTransformation` is
3107 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07003108 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003109 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003110 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
3111 # a key encryption key (KEK) stored by KMS).
3112 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3113 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3114 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003115 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3116 # leaking the key. Choose another type of key if possible.
3117 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3118 },
3119 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3120 # It will be discarded after the request finishes.
3121 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3122 # This is an arbitrary string used to differentiate different keys.
3123 # A unique key is generated per name: two separate `TransientCryptoKey`
3124 # protos share the same generated key if their names are the same.
3125 # When the data crypto key is generated, this name is not used in any way
3126 # (repeating the api call will result in a different key being generated).
3127 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003128 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3129 # The wrapped key must be a 128/192/256 bit key.
3130 # Authorization requires the following IAM permissions when sending a request
3131 # to perform a crypto transformation using a kms-wrapped crypto key:
3132 # dlp.kms.encrypt
3133 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3134 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3135 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003136 },
3137 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003138 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -07003139 # replacement values are dynamically provided by the user for custom behavior,
3140 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
3141 # This can be used on
3142 # data of type: number, long, string, timestamp.
3143 # If the bound `Value` type differs from the type of data being transformed, we
3144 # will first attempt converting the type of the data to be transformed to match
3145 # the type of the bound before comparing.
3146 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07003147 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -07003148 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07003149 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
3150 # the default behavior will be to hyphenate the min-max range.
3151 # Note that for the purposes of inspection or transformation, the number
3152 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3153 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3154 # 123456789, the number of bytes would be counted as 9, even though an
3155 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003156 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3157 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3158 # and time zone are either specified elsewhere or are not significant. The date
3159 # is relative to the Proleptic Gregorian Calendar. This can represent:
3160 #
3161 # * A full date, with non-zero year, month and day values
3162 # * A month and day value, with a zero year, e.g. an anniversary
3163 # * A year on its own, with zero month and day values
3164 # * A year and month value, with a zero day, e.g. a credit card expiration date
3165 #
3166 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3167 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3168 # a year.
3169 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3170 # month and day.
3171 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3172 # if specifying a year by itself or a year and month where the day is not
3173 # significant.
3174 },
3175 &quot;stringValue&quot;: &quot;A String&quot;, # string
3176 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3177 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3178 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3179 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003180 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3181 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3182 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003183 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3184 # allow the value 60 if it allows leap-seconds.
3185 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07003186 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003187 &quot;booleanValue&quot;: True or False, # boolean
3188 &quot;floatValue&quot;: 3.14, # float
3189 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3190 },
3191 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
3192 # used.
3193 # Note that for the purposes of inspection or transformation, the number
3194 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3195 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3196 # 123456789, the number of bytes would be counted as 9, even though an
3197 # int64 only holds up to 8 bytes of data.
3198 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3199 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3200 # and time zone are either specified elsewhere or are not significant. The date
3201 # is relative to the Proleptic Gregorian Calendar. This can represent:
3202 #
3203 # * A full date, with non-zero year, month and day values
3204 # * A month and day value, with a zero year, e.g. an anniversary
3205 # * A year on its own, with zero month and day values
3206 # * A year and month value, with a zero day, e.g. a credit card expiration date
3207 #
3208 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3209 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3210 # a year.
3211 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3212 # month and day.
3213 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3214 # if specifying a year by itself or a year and month where the day is not
3215 # significant.
3216 },
3217 &quot;stringValue&quot;: &quot;A String&quot;, # string
3218 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3219 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3220 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3221 # types are google.type.Date and `google.protobuf.Timestamp`.
3222 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3223 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3224 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3225 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3226 # allow the value 60 if it allows leap-seconds.
3227 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3228 },
3229 &quot;booleanValue&quot;: True or False, # boolean
3230 &quot;floatValue&quot;: 3.14, # float
3231 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3232 },
3233 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
3234 # Note that for the purposes of inspection or transformation, the number
3235 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3236 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3237 # 123456789, the number of bytes would be counted as 9, even though an
3238 # int64 only holds up to 8 bytes of data.
3239 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3240 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3241 # and time zone are either specified elsewhere or are not significant. The date
3242 # is relative to the Proleptic Gregorian Calendar. This can represent:
3243 #
3244 # * A full date, with non-zero year, month and day values
3245 # * A month and day value, with a zero year, e.g. an anniversary
3246 # * A year on its own, with zero month and day values
3247 # * A year and month value, with a zero day, e.g. a credit card expiration date
3248 #
3249 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3250 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3251 # a year.
3252 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3253 # month and day.
3254 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3255 # if specifying a year by itself or a year and month where the day is not
3256 # significant.
3257 },
3258 &quot;stringValue&quot;: &quot;A String&quot;, # string
3259 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3260 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3261 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3262 # types are google.type.Date and `google.protobuf.Timestamp`.
3263 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3264 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3265 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3266 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3267 # allow the value 60 if it allows leap-seconds.
3268 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3269 },
3270 &quot;booleanValue&quot;: True or False, # boolean
3271 &quot;floatValue&quot;: 3.14, # float
3272 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -07003273 },
3274 },
3275 ],
3276 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003277 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
3278 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
3279 # output would be &#x27;My phone number is &#x27;.
3280 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003281 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3282 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003283 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -07003284 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3285 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003286 # 123456789, the number of bytes would be counted as 9, even though an
3287 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003288 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3289 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003290 # and time zone are either specified elsewhere or are not significant. The date
3291 # is relative to the Proleptic Gregorian Calendar. This can represent:
3292 #
3293 # * A full date, with non-zero year, month and day values
3294 # * A month and day value, with a zero year, e.g. an anniversary
3295 # * A year on its own, with zero month and day values
3296 # * A year and month value, with a zero day, e.g. a credit card expiration date
3297 #
3298 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003299 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3300 # a year.
3301 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -07003302 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -07003303 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003304 # if specifying a year by itself or a year and month where the day is not
3305 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003306 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003307 &quot;stringValue&quot;: &quot;A String&quot;, # string
3308 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3309 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3310 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3311 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003312 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3313 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3314 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003315 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3316 # allow the value 60 if it allows leap-seconds.
3317 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07003318 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003319 &quot;booleanValue&quot;: True or False, # boolean
3320 &quot;floatValue&quot;: 3.14, # float
3321 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07003322 },
3323 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003324 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
3325 # Bucketing transformation can provide all of this functionality,
3326 # but requires more configuration. This message is provided as a convenience to
3327 # the user for simple bucketing strategies.
3328 #
3329 # The transformed value will be a hyphenated string of
3330 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
3331 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
3332 #
3333 # This can be used on data of type: double, long.
3334 #
3335 # If the bound Value type differs from the type of data
3336 # being transformed, we will first attempt converting the type of the data to
3337 # be transformed to match the type of the bound before comparing.
3338 #
3339 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07003340 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
3341 # grouped together into a single bucket; for example if `upper_bound` = 89,
3342 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
3343 # Note that for the purposes of inspection or transformation, the number
3344 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3345 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3346 # 123456789, the number of bytes would be counted as 9, even though an
3347 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003348 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3349 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3350 # and time zone are either specified elsewhere or are not significant. The date
3351 # is relative to the Proleptic Gregorian Calendar. This can represent:
3352 #
3353 # * A full date, with non-zero year, month and day values
3354 # * A month and day value, with a zero year, e.g. an anniversary
3355 # * A year on its own, with zero month and day values
3356 # * A year and month value, with a zero day, e.g. a credit card expiration date
3357 #
3358 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3359 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3360 # a year.
3361 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3362 # month and day.
3363 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3364 # if specifying a year by itself or a year and month where the day is not
3365 # significant.
3366 },
3367 &quot;stringValue&quot;: &quot;A String&quot;, # string
3368 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3369 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3370 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3371 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003372 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3373 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3374 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003375 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3376 # allow the value 60 if it allows leap-seconds.
3377 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07003378 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003379 &quot;booleanValue&quot;: True or False, # boolean
3380 &quot;floatValue&quot;: 3.14, # float
3381 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07003382 },
3383 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
3384 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
3385 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
3386 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003387 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
3388 # grouped together into a single bucket; for example if `lower_bound` = 10,
3389 # then all values less than 10 are replaced with the value &quot;-10&quot;.
3390 # Note that for the purposes of inspection or transformation, the number
3391 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3392 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3393 # 123456789, the number of bytes would be counted as 9, even though an
3394 # int64 only holds up to 8 bytes of data.
3395 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3396 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3397 # and time zone are either specified elsewhere or are not significant. The date
3398 # is relative to the Proleptic Gregorian Calendar. This can represent:
3399 #
3400 # * A full date, with non-zero year, month and day values
3401 # * A month and day value, with a zero year, e.g. an anniversary
3402 # * A year on its own, with zero month and day values
3403 # * A year and month value, with a zero day, e.g. a credit card expiration date
3404 #
3405 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3406 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3407 # a year.
3408 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3409 # month and day.
3410 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3411 # if specifying a year by itself or a year and month where the day is not
3412 # significant.
3413 },
3414 &quot;stringValue&quot;: &quot;A String&quot;, # string
3415 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3416 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3417 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3418 # types are google.type.Date and `google.protobuf.Timestamp`.
3419 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3420 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3421 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3422 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3423 # allow the value 60 if it allows leap-seconds.
3424 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3425 },
3426 &quot;booleanValue&quot;: True or False, # boolean
3427 &quot;floatValue&quot;: 3.14, # float
3428 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3429 },
3430 },
3431 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
3432 # fixed character. Masking can start from the beginning or end of the string.
3433 # This can be used on data of any type (numbers, longs, and so on) and when
3434 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
3435 # type. (This allows you to take a long like 123 and modify it to a string like
3436 # **3.
3437 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
3438 # characters. For example, if the input string is `555-555-5555` and you
3439 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
3440 # returns `***-**5-5555`.
3441 { # Characters to skip when doing deidentification of a value. These will be left
3442 # alone and skipped.
3443 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
3444 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
3445 # punctuation.
3446 },
3447 ],
3448 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
3449 # masked. Skipped characters do not count towards this tally.
3450 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
3451 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
3452 # code or credit card number. This string must have a length of 1. If not
3453 # supplied, this value defaults to `*` for strings, and `0` for digits.
3454 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
3455 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
3456 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
3457 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
3458 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003459 },
3460 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003461 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
3462 # this transformation to apply to all findings that correspond to
3463 # infoTypes that were requested in `InspectConfig`.
3464 { # Type of information detected by the API.
3465 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
3466 # creating a CustomInfoType, or one of the names listed
3467 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3468 # a built-in type. InfoType names should conform to the pattern
3469 # `[a-zA-Z0-9_]{1,64}`.
3470 },
3471 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07003472 },
3473 ],
3474 },
3475 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
3476 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
3477 # portion of the value.
3478 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
3479 },
3480 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
3481 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
3482 # to learn more.
3483 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
3484 # If set, must also set cryptoKey. If set, shift will be consistent for the
3485 # given context.
3486 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3487 },
3488 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
3489 # range (inclusive ends). Negative means shift to earlier in time. Must not
3490 # be more than 365250 days (1000 years) each direction.
3491 #
3492 # For example, 3 means shift date to at most 3 days into the future.
3493 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
3494 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
3495 # results in the same shift for the same context and crypto_key. If
3496 # set, must also set context. Can only be applied to table items.
3497 # a key encryption key (KEK) stored by KMS).
3498 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3499 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3500 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003501 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3502 # leaking the key. Choose another type of key if possible.
3503 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3504 },
3505 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3506 # It will be discarded after the request finishes.
3507 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3508 # This is an arbitrary string used to differentiate different keys.
3509 # A unique key is generated per name: two separate `TransientCryptoKey`
3510 # protos share the same generated key if their names are the same.
3511 # When the data crypto key is generated, this name is not used in any way
3512 # (repeating the api call will result in a different key being generated).
3513 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003514 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3515 # The wrapped key must be a 128/192/256 bit key.
3516 # Authorization requires the following IAM permissions when sending a request
3517 # to perform a crypto transformation using a kms-wrapped crypto key:
3518 # dlp.kms.encrypt
3519 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3520 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3521 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003522 },
3523 },
3524 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
3525 },
3526 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
3527 # Uses SHA-256.
3528 # The key size must be either 32 or 64 bytes.
3529 # Outputs a base64 encoded representation of the hashed output
3530 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
3531 # Currently, only string and integer values can be hashed.
3532 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
3533 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
3534 # a key encryption key (KEK) stored by KMS).
3535 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3536 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3537 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003538 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3539 # leaking the key. Choose another type of key if possible.
3540 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3541 },
3542 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3543 # It will be discarded after the request finishes.
3544 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3545 # This is an arbitrary string used to differentiate different keys.
3546 # A unique key is generated per name: two separate `TransientCryptoKey`
3547 # protos share the same generated key if their names are the same.
3548 # When the data crypto key is generated, this name is not used in any way
3549 # (repeating the api call will result in a different key being generated).
3550 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003551 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3552 # The wrapped key must be a 128/192/256 bit key.
3553 # Authorization requires the following IAM permissions when sending a request
3554 # to perform a crypto transformation using a kms-wrapped crypto key:
3555 # dlp.kms.encrypt
3556 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3557 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3558 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003559 },
3560 },
3561 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
3562 # (FPE) with the FFX mode of operation; however when used in the
3563 # `ReidentifyContent` API method, it serves the opposite function by reversing
3564 # the surrogate back into the original identifier. The identifier must be
3565 # encoded as ASCII. For a given crypto key and context, the same identifier
3566 # will be replaced with the same surrogate. Identifiers must be at least two
3567 # characters long. In the case that the identifier is the empty string, it will
3568 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
3569 # more.
3570 #
3571 # Note: We recommend using CryptoDeterministicConfig for all use cases which
3572 # do not require preserving the input alphabet space and size, plus warrant
3573 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07003574 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
3575 # This annotation will be applied to the surrogate by prefixing it with
3576 # the name of the custom infoType followed by the number of
3577 # characters comprising the surrogate. The following scheme defines the
3578 # format: info_type_name(surrogate_character_count):surrogate
3579 #
3580 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
3581 # the surrogate is &#x27;abc&#x27;, the full replacement value
3582 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
3583 #
3584 # This annotation identifies the surrogate when inspecting content using the
3585 # custom infoType
3586 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
3587 # This facilitates reversal of the surrogate when it occurs in free text.
3588 #
3589 # In order for inspection to work properly, the name of this infoType must
3590 # not occur naturally anywhere in your data; otherwise, inspection may
3591 # find a surrogate that does not correspond to an actual identifier.
3592 # Therefore, choose your custom infoType name carefully after considering
3593 # what your data looks like. One way to select a name that has a high chance
3594 # of yielding reliable detection is to include one or more unicode characters
3595 # that are highly improbable to exist in your data.
3596 # For example, assuming your data is entered from a regular ASCII keyboard,
3597 # the symbol with the hex code point 29DD might be used like so:
3598 # ⧝MY_TOKEN_TYPE
3599 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
3600 # creating a CustomInfoType, or one of the names listed
3601 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3602 # a built-in type. InfoType names should conform to the pattern
3603 # `[a-zA-Z0-9_]{1,64}`.
3604 },
3605 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
3606 # identifier in two different contexts won&#x27;t be given the same surrogate. If
3607 # the context is not set, a default tweak will be used.
3608 #
3609 # If the context is set but:
3610 #
3611 # 1. there is no record present when transforming a given value or
3612 # 1. the field is not present when transforming a given value,
3613 #
3614 # a default tweak will be used.
3615 #
3616 # Note that case (1) is expected when an `InfoTypeTransformation` is
3617 # applied to both structured and non-structured `ContentItem`s.
3618 # Currently, the referenced field may be of value type integer or string.
3619 #
3620 # The tweak is constructed as a sequence of bytes in big endian byte order
3621 # such that:
3622 #
3623 # - a 64 bit integer is encoded followed by a single byte of value 1
3624 # - a string is encoded in UTF-8 format followed by a single byte of value 2
3625 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3626 },
3627 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
3628 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
3629 # a key encryption key (KEK) stored by KMS).
3630 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3631 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3632 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003633 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3634 # leaking the key. Choose another type of key if possible.
3635 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3636 },
3637 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3638 # It will be discarded after the request finishes.
3639 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3640 # This is an arbitrary string used to differentiate different keys.
3641 # A unique key is generated per name: two separate `TransientCryptoKey`
3642 # protos share the same generated key if their names are the same.
3643 # When the data crypto key is generated, this name is not used in any way
3644 # (repeating the api call will result in a different key being generated).
3645 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003646 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3647 # The wrapped key must be a 128/192/256 bit key.
3648 # Authorization requires the following IAM permissions when sending a request
3649 # to perform a crypto transformation using a kms-wrapped crypto key:
3650 # dlp.kms.encrypt
3651 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3652 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3653 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003654 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003655 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
3656 # that the FFX mode natively supports. This happens before/after
3657 # encryption/decryption.
3658 # Each character listed must appear only once.
3659 # Number of characters must be in the range [2, 95].
3660 # This must be encoded as ASCII.
3661 # The order of characters does not matter.
3662 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07003663 },
3664 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
3665 # input. Outputs a base64 encoded representation of the encrypted output.
3666 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
3667 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
3668 # This annotation will be applied to the surrogate by prefixing it with
3669 # the name of the custom info type followed by the number of
3670 # characters comprising the surrogate. The following scheme defines the
3671 # format: {info type name}({surrogate character count}):{surrogate}
3672 #
3673 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
3674 # the surrogate is &#x27;abc&#x27;, the full replacement value
3675 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
3676 #
3677 # This annotation identifies the surrogate when inspecting content using the
3678 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
3679 # surrogate when it occurs in free text.
3680 #
3681 # Note: For record transformations where the entire cell in a table is being
3682 # transformed, surrogates are not mandatory. Surrogates are used to denote
3683 # the location of the token and are necessary for re-identification in free
3684 # form text.
3685 #
3686 # In order for inspection to work properly, the name of this info type must
3687 # not occur naturally anywhere in your data; otherwise, inspection may either
3688 #
3689 # - reverse a surrogate that does not correspond to an actual identifier
3690 # - be unable to parse the surrogate and result in an error
3691 #
3692 # Therefore, choose your custom info type name carefully after considering
3693 # what your data looks like. One way to select a name that has a high chance
3694 # of yielding reliable detection is to include one or more unicode characters
3695 # that are highly improbable to exist in your data.
3696 # For example, assuming your data is entered from a regular ASCII keyboard,
3697 # the symbol with the hex code point 29DD might be used like so:
3698 # ⧝MY_TOKEN_TYPE.
3699 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
3700 # creating a CustomInfoType, or one of the names listed
3701 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
3702 # a built-in type. InfoType names should conform to the pattern
3703 # `[a-zA-Z0-9_]{1,64}`.
3704 },
3705 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
3706 # referential integrity such that the same identifier in two different
3707 # contexts will be given a distinct surrogate. The context is appended to
3708 # plaintext value being encrypted. On decryption the provided context is
3709 # validated against the value used during encryption. If a context was
3710 # provided during encryption, same context must be provided during decryption
3711 # as well.
3712 #
3713 # If the context is not set, plaintext would be used as is for encryption.
3714 # If the context is set but:
3715 #
3716 # 1. there is no record present when transforming a given value or
3717 # 2. the field is not present when transforming a given value,
3718 #
3719 # plaintext would be used as is for encryption.
3720 #
3721 # Note that case (1) is expected when an `InfoTypeTransformation` is
3722 # applied to both structured and non-structured `ContentItem`s.
3723 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
3724 },
3725 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
3726 # a key encryption key (KEK) stored by KMS).
3727 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
3728 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
3729 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07003730 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
3731 # leaking the key. Choose another type of key if possible.
3732 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
3733 },
3734 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
3735 # It will be discarded after the request finishes.
3736 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
3737 # This is an arbitrary string used to differentiate different keys.
3738 # A unique key is generated per name: two separate `TransientCryptoKey`
3739 # protos share the same generated key if their names are the same.
3740 # When the data crypto key is generated, this name is not used in any way
3741 # (repeating the api call will result in a different key being generated).
3742 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003743 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
3744 # The wrapped key must be a 128/192/256 bit key.
3745 # Authorization requires the following IAM permissions when sending a request
3746 # to perform a crypto transformation using a kms-wrapped crypto key:
3747 # dlp.kms.encrypt
3748 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
3749 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
3750 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003751 },
3752 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003753 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
3754 # replacement values are dynamically provided by the user for custom behavior,
3755 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
3756 # This can be used on
3757 # data of type: number, long, string, timestamp.
3758 # If the bound `Value` type differs from the type of data being transformed, we
3759 # will first attempt converting the type of the data to be transformed to match
3760 # the type of the bound before comparing.
3761 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
3762 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
3763 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07003764 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
3765 # the default behavior will be to hyphenate the min-max range.
3766 # Note that for the purposes of inspection or transformation, the number
3767 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3768 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3769 # 123456789, the number of bytes would be counted as 9, even though an
3770 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003771 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3772 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3773 # and time zone are either specified elsewhere or are not significant. The date
3774 # is relative to the Proleptic Gregorian Calendar. This can represent:
3775 #
3776 # * A full date, with non-zero year, month and day values
3777 # * A month and day value, with a zero year, e.g. an anniversary
3778 # * A year on its own, with zero month and day values
3779 # * A year and month value, with a zero day, e.g. a credit card expiration date
3780 #
3781 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3782 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3783 # a year.
3784 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3785 # month and day.
3786 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3787 # if specifying a year by itself or a year and month where the day is not
3788 # significant.
3789 },
3790 &quot;stringValue&quot;: &quot;A String&quot;, # string
3791 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3792 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3793 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3794 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003795 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3796 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3797 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003798 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3799 # allow the value 60 if it allows leap-seconds.
3800 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003801 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003802 &quot;booleanValue&quot;: True or False, # boolean
3803 &quot;floatValue&quot;: 3.14, # float
3804 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3805 },
3806 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
3807 # used.
3808 # Note that for the purposes of inspection or transformation, the number
3809 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3810 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3811 # 123456789, the number of bytes would be counted as 9, even though an
3812 # int64 only holds up to 8 bytes of data.
3813 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3814 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3815 # and time zone are either specified elsewhere or are not significant. The date
3816 # is relative to the Proleptic Gregorian Calendar. This can represent:
3817 #
3818 # * A full date, with non-zero year, month and day values
3819 # * A month and day value, with a zero year, e.g. an anniversary
3820 # * A year on its own, with zero month and day values
3821 # * A year and month value, with a zero day, e.g. a credit card expiration date
3822 #
3823 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3824 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3825 # a year.
3826 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3827 # month and day.
3828 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3829 # if specifying a year by itself or a year and month where the day is not
3830 # significant.
3831 },
3832 &quot;stringValue&quot;: &quot;A String&quot;, # string
3833 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3834 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3835 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3836 # types are google.type.Date and `google.protobuf.Timestamp`.
3837 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3838 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3839 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3840 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3841 # allow the value 60 if it allows leap-seconds.
3842 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3843 },
3844 &quot;booleanValue&quot;: True or False, # boolean
3845 &quot;floatValue&quot;: 3.14, # float
3846 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
3847 },
3848 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
3849 # Note that for the purposes of inspection or transformation, the number
3850 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3851 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3852 # 123456789, the number of bytes would be counted as 9, even though an
3853 # int64 only holds up to 8 bytes of data.
3854 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3855 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3856 # and time zone are either specified elsewhere or are not significant. The date
3857 # is relative to the Proleptic Gregorian Calendar. This can represent:
3858 #
3859 # * A full date, with non-zero year, month and day values
3860 # * A month and day value, with a zero year, e.g. an anniversary
3861 # * A year on its own, with zero month and day values
3862 # * A year and month value, with a zero day, e.g. a credit card expiration date
3863 #
3864 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3865 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3866 # a year.
3867 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3868 # month and day.
3869 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3870 # if specifying a year by itself or a year and month where the day is not
3871 # significant.
3872 },
3873 &quot;stringValue&quot;: &quot;A String&quot;, # string
3874 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3875 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3876 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3877 # types are google.type.Date and `google.protobuf.Timestamp`.
3878 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3879 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3880 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
3881 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3882 # allow the value 60 if it allows leap-seconds.
3883 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
3884 },
3885 &quot;booleanValue&quot;: True or False, # boolean
3886 &quot;floatValue&quot;: 3.14, # float
3887 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07003888 },
3889 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003890 ],
3891 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003892 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
3893 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
3894 # output would be &#x27;My phone number is &#x27;.
3895 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003896 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
3897 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
3898 # Note that for the purposes of inspection or transformation, the number
3899 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3900 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3901 # 123456789, the number of bytes would be counted as 9, even though an
3902 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003903 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3904 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3905 # and time zone are either specified elsewhere or are not significant. The date
3906 # is relative to the Proleptic Gregorian Calendar. This can represent:
3907 #
3908 # * A full date, with non-zero year, month and day values
3909 # * A month and day value, with a zero year, e.g. an anniversary
3910 # * A year on its own, with zero month and day values
3911 # * A year and month value, with a zero day, e.g. a credit card expiration date
3912 #
3913 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3914 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3915 # a year.
3916 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3917 # month and day.
3918 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3919 # if specifying a year by itself or a year and month where the day is not
3920 # significant.
3921 },
3922 &quot;stringValue&quot;: &quot;A String&quot;, # string
3923 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3924 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3925 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3926 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003927 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3928 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3929 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003930 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3931 # allow the value 60 if it allows leap-seconds.
3932 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07003933 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003934 &quot;booleanValue&quot;: True or False, # boolean
3935 &quot;floatValue&quot;: 3.14, # float
3936 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07003937 },
3938 },
Bu Sun Kim65020912020-05-20 12:08:20 -07003939 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
3940 # Bucketing transformation can provide all of this functionality,
3941 # but requires more configuration. This message is provided as a convenience to
3942 # the user for simple bucketing strategies.
3943 #
3944 # The transformed value will be a hyphenated string of
3945 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
3946 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
3947 #
3948 # This can be used on data of type: double, long.
3949 #
3950 # If the bound Value type differs from the type of data
3951 # being transformed, we will first attempt converting the type of the data to
3952 # be transformed to match the type of the bound before comparing.
3953 #
3954 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07003955 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
3956 # grouped together into a single bucket; for example if `upper_bound` = 89,
3957 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
3958 # Note that for the purposes of inspection or transformation, the number
3959 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
3960 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
3961 # 123456789, the number of bytes would be counted as 9, even though an
3962 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07003963 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
3964 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
3965 # and time zone are either specified elsewhere or are not significant. The date
3966 # is relative to the Proleptic Gregorian Calendar. This can represent:
3967 #
3968 # * A full date, with non-zero year, month and day values
3969 # * A month and day value, with a zero year, e.g. an anniversary
3970 # * A year on its own, with zero month and day values
3971 # * A year and month value, with a zero day, e.g. a credit card expiration date
3972 #
3973 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
3974 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
3975 # a year.
3976 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
3977 # month and day.
3978 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
3979 # if specifying a year by itself or a year and month where the day is not
3980 # significant.
3981 },
3982 &quot;stringValue&quot;: &quot;A String&quot;, # string
3983 &quot;integerValue&quot;: &quot;A String&quot;, # integer
3984 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
3985 # or are specified elsewhere. An API may choose to allow leap seconds. Related
3986 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07003987 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
3988 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
3989 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003990 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
3991 # allow the value 60 if it allows leap-seconds.
3992 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07003993 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07003994 &quot;booleanValue&quot;: True or False, # boolean
3995 &quot;floatValue&quot;: 3.14, # float
3996 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07003997 },
3998 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
3999 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
4000 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
4001 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004002 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
4003 # grouped together into a single bucket; for example if `lower_bound` = 10,
4004 # then all values less than 10 are replaced with the value &quot;-10&quot;.
4005 # Note that for the purposes of inspection or transformation, the number
4006 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4007 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4008 # 123456789, the number of bytes would be counted as 9, even though an
4009 # int64 only holds up to 8 bytes of data.
4010 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4011 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4012 # and time zone are either specified elsewhere or are not significant. The date
4013 # is relative to the Proleptic Gregorian Calendar. This can represent:
4014 #
4015 # * A full date, with non-zero year, month and day values
4016 # * A month and day value, with a zero year, e.g. an anniversary
4017 # * A year on its own, with zero month and day values
4018 # * A year and month value, with a zero day, e.g. a credit card expiration date
4019 #
4020 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4021 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4022 # a year.
4023 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4024 # month and day.
4025 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4026 # if specifying a year by itself or a year and month where the day is not
4027 # significant.
4028 },
4029 &quot;stringValue&quot;: &quot;A String&quot;, # string
4030 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4031 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4032 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4033 # types are google.type.Date and `google.protobuf.Timestamp`.
4034 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4035 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4036 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4037 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4038 # allow the value 60 if it allows leap-seconds.
4039 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4040 },
4041 &quot;booleanValue&quot;: True or False, # boolean
4042 &quot;floatValue&quot;: 3.14, # float
4043 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4044 },
4045 },
4046 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
4047 # fixed character. Masking can start from the beginning or end of the string.
4048 # This can be used on data of any type (numbers, longs, and so on) and when
4049 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
4050 # type. (This allows you to take a long like 123 and modify it to a string like
4051 # **3.
4052 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
4053 # characters. For example, if the input string is `555-555-5555` and you
4054 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
4055 # returns `***-**5-5555`.
4056 { # Characters to skip when doing deidentification of a value. These will be left
4057 # alone and skipped.
4058 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
4059 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
4060 # punctuation.
4061 },
4062 ],
4063 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
4064 # masked. Skipped characters do not count towards this tally.
4065 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
4066 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
4067 # code or credit card number. This string must have a length of 1. If not
4068 # supplied, this value defaults to `*` for strings, and `0` for digits.
4069 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
4070 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
4071 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
4072 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
4073 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07004074 },
4075 },
4076 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
4077 # given `RecordCondition`. The conditions are allowed to reference fields
4078 # that are not used in the actual transformation.
4079 #
4080 # Example Use Cases:
4081 #
4082 # - Apply a different bucket transformation to an age column if the zip code
4083 # column for the same record is within a specific range.
4084 # - Redact a field if the date of birth field is greater than 85.
4085 # a field.
4086 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
4087 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
4088 # only supported value is `AND`.
4089 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
4090 &quot;conditions&quot;: [ # A collection of conditions.
4091 { # The field type of `value` and `field` do not need to match to be
4092 # considered equal, but not all comparisons are possible.
4093 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
4094 # but all other comparisons are invalid with incompatible types.
4095 # A `value` of type:
4096 #
4097 # - `string` can be compared against all other types
4098 # - `boolean` can only be compared against other booleans
4099 # - `integer` can be compared against doubles or a string if the string value
4100 # can be parsed as an integer.
4101 # - `double` can be compared against integers or a string if the string can
4102 # be parsed as a double.
4103 # - `Timestamp` can be compared against strings in RFC 3339 date string
4104 # format.
4105 # - `TimeOfDay` can be compared against timestamps and strings in the format
4106 # of &#x27;HH:mm:ss&#x27;.
4107 #
4108 # If we fail to compare do to type mismatch, a warning will be given and
4109 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -07004110 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
4111 # Note that for the purposes of inspection or transformation, the number
4112 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4113 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4114 # 123456789, the number of bytes would be counted as 9, even though an
4115 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07004116 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4117 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4118 # and time zone are either specified elsewhere or are not significant. The date
4119 # is relative to the Proleptic Gregorian Calendar. This can represent:
4120 #
4121 # * A full date, with non-zero year, month and day values
4122 # * A month and day value, with a zero year, e.g. an anniversary
4123 # * A year on its own, with zero month and day values
4124 # * A year and month value, with a zero day, e.g. a credit card expiration date
4125 #
4126 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4127 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4128 # a year.
4129 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4130 # month and day.
4131 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4132 # if specifying a year by itself or a year and month where the day is not
4133 # significant.
4134 },
4135 &quot;stringValue&quot;: &quot;A String&quot;, # string
4136 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4137 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4138 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4139 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07004140 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4141 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4142 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004143 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4144 # allow the value 60 if it allows leap-seconds.
4145 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07004146 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004147 &quot;booleanValue&quot;: True or False, # boolean
4148 &quot;floatValue&quot;: 3.14, # float
4149 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07004150 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004151 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
4152 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4153 },
4154 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004155 },
4156 ],
4157 },
Bu Sun Kim65020912020-05-20 12:08:20 -07004158 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004159 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004160 },
4161 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004162 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
4163 # match any suppression rule are omitted from the output.
4164 { # Configuration to suppress records whose suppression conditions evaluate to
4165 # true.
4166 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
4167 # evaluated to be suppressed from the transformed content.
4168 # a field.
4169 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
4170 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
4171 # only supported value is `AND`.
4172 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
4173 &quot;conditions&quot;: [ # A collection of conditions.
4174 { # The field type of `value` and `field` do not need to match to be
4175 # considered equal, but not all comparisons are possible.
4176 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
4177 # but all other comparisons are invalid with incompatible types.
4178 # A `value` of type:
4179 #
4180 # - `string` can be compared against all other types
4181 # - `boolean` can only be compared against other booleans
4182 # - `integer` can be compared against doubles or a string if the string value
4183 # can be parsed as an integer.
4184 # - `double` can be compared against integers or a string if the string can
4185 # be parsed as a double.
4186 # - `Timestamp` can be compared against strings in RFC 3339 date string
4187 # format.
4188 # - `TimeOfDay` can be compared against timestamps and strings in the format
4189 # of &#x27;HH:mm:ss&#x27;.
4190 #
4191 # If we fail to compare do to type mismatch, a warning will be given and
4192 # the condition will evaluate to false.
4193 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
4194 # Note that for the purposes of inspection or transformation, the number
4195 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4196 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4197 # 123456789, the number of bytes would be counted as 9, even though an
4198 # int64 only holds up to 8 bytes of data.
4199 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4200 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4201 # and time zone are either specified elsewhere or are not significant. The date
4202 # is relative to the Proleptic Gregorian Calendar. This can represent:
4203 #
4204 # * A full date, with non-zero year, month and day values
4205 # * A month and day value, with a zero year, e.g. an anniversary
4206 # * A year on its own, with zero month and day values
4207 # * A year and month value, with a zero day, e.g. a credit card expiration date
4208 #
4209 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4210 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4211 # a year.
4212 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4213 # month and day.
4214 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4215 # if specifying a year by itself or a year and month where the day is not
4216 # significant.
4217 },
4218 &quot;stringValue&quot;: &quot;A String&quot;, # string
4219 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4220 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4221 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4222 # types are google.type.Date and `google.protobuf.Timestamp`.
4223 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4224 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4225 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4226 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4227 # allow the value 60 if it allows leap-seconds.
4228 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4229 },
4230 &quot;booleanValue&quot;: True or False, # boolean
4231 &quot;floatValue&quot;: 3.14, # float
4232 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07004233 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004234 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
4235 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07004236 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004237 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -07004238 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004239 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07004240 },
4241 },
Bu Sun Kim65020912020-05-20 12:08:20 -07004242 },
4243 },
4244 ],
Dan O'Mearadd494642020-05-01 07:42:23 -07004245 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004246 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004247 }</pre>
4248</div>
4249
4250<div class="method">
4251 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
4252 <pre>Deletes a DeidentifyTemplate.
4253See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
4254more.
4255
4256Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07004257 name: string, Required. Resource name of the organization and deidentify template to be deleted,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004258for example `organizations/433245324/deidentifyTemplates/432452342` or
4259projects/project-id/deidentifyTemplates/432452342. (required)
4260 x__xgafv: string, V1 error format.
4261 Allowed values
4262 1 - v1 error format
4263 2 - v2 error format
4264
4265Returns:
4266 An object of the form:
4267
4268 { # A generic empty message that you can re-use to avoid defining duplicated
4269 # empty messages in your APIs. A typical example is to use it as the request
4270 # or the response type of an API method. For instance:
4271 #
4272 # service Foo {
4273 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
4274 # }
4275 #
4276 # The JSON representation for `Empty` is empty JSON object `{}`.
4277 }</pre>
4278</div>
4279
4280<div class="method">
4281 <code class="details" id="get">get(name, x__xgafv=None)</code>
4282 <pre>Gets a DeidentifyTemplate.
4283See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
4284more.
4285
4286Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07004287 name: string, Required. Resource name of the organization and deidentify template to be read, for
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004288example `organizations/433245324/deidentifyTemplates/432452342` or
4289projects/project-id/deidentifyTemplates/432452342. (required)
4290 x__xgafv: string, V1 error format.
4291 Allowed values
4292 1 - v1 error format
4293 2 - v2 error format
4294
4295Returns:
4296 An object of the form:
4297
Dan O'Mearadd494642020-05-01 07:42:23 -07004298 { # DeidentifyTemplates contains instructions on how to de-identify content.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004299 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07004300 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
4301 #
4302 # The template will have one of the following formats:
4303 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
4304 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
4305 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
4306 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
4307 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
4308 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
4309 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07004310 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
4311 # transformation everywhere.
4312 # apply various `PrimitiveTransformation`s to each finding, where the
4313 # transformation is applied to only values that were identified as a specific
4314 # info_type.
4315 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
4316 # for a given infoType.
4317 { # A transformation to apply to text that is identified as a specific
4318 # info_type.
4319 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
4320 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
4321 # portion of the value.
4322 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
4323 },
4324 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
4325 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
4326 # to learn more.
4327 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
4328 # If set, must also set cryptoKey. If set, shift will be consistent for the
4329 # given context.
4330 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4331 },
4332 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
4333 # range (inclusive ends). Negative means shift to earlier in time. Must not
4334 # be more than 365250 days (1000 years) each direction.
4335 #
4336 # For example, 3 means shift date to at most 3 days into the future.
4337 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4338 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
4339 # results in the same shift for the same context and crypto_key. If
4340 # set, must also set context. Can only be applied to table items.
4341 # a key encryption key (KEK) stored by KMS).
4342 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4343 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4344 # unwrap the data crypto key.
4345 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
4346 # leaking the key. Choose another type of key if possible.
4347 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4348 },
4349 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
4350 # It will be discarded after the request finishes.
4351 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
4352 # This is an arbitrary string used to differentiate different keys.
4353 # A unique key is generated per name: two separate `TransientCryptoKey`
4354 # protos share the same generated key if their names are the same.
4355 # When the data crypto key is generated, this name is not used in any way
4356 # (repeating the api call will result in a different key being generated).
4357 },
4358 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
4359 # The wrapped key must be a 128/192/256 bit key.
4360 # Authorization requires the following IAM permissions when sending a request
4361 # to perform a crypto transformation using a kms-wrapped crypto key:
4362 # dlp.kms.encrypt
4363 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4364 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4365 },
4366 },
4367 },
4368 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
4369 },
4370 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
4371 # Uses SHA-256.
4372 # The key size must be either 32 or 64 bytes.
4373 # Outputs a base64 encoded representation of the hashed output
4374 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
4375 # Currently, only string and integer values can be hashed.
4376 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
4377 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
4378 # a key encryption key (KEK) stored by KMS).
4379 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4380 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4381 # unwrap the data crypto key.
4382 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
4383 # leaking the key. Choose another type of key if possible.
4384 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4385 },
4386 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
4387 # It will be discarded after the request finishes.
4388 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
4389 # This is an arbitrary string used to differentiate different keys.
4390 # A unique key is generated per name: two separate `TransientCryptoKey`
4391 # protos share the same generated key if their names are the same.
4392 # When the data crypto key is generated, this name is not used in any way
4393 # (repeating the api call will result in a different key being generated).
4394 },
4395 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
4396 # The wrapped key must be a 128/192/256 bit key.
4397 # Authorization requires the following IAM permissions when sending a request
4398 # to perform a crypto transformation using a kms-wrapped crypto key:
4399 # dlp.kms.encrypt
4400 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4401 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4402 },
4403 },
4404 },
4405 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
4406 # (FPE) with the FFX mode of operation; however when used in the
4407 # `ReidentifyContent` API method, it serves the opposite function by reversing
4408 # the surrogate back into the original identifier. The identifier must be
4409 # encoded as ASCII. For a given crypto key and context, the same identifier
4410 # will be replaced with the same surrogate. Identifiers must be at least two
4411 # characters long. In the case that the identifier is the empty string, it will
4412 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
4413 # more.
4414 #
4415 # Note: We recommend using CryptoDeterministicConfig for all use cases which
4416 # do not require preserving the input alphabet space and size, plus warrant
4417 # referential integrity.
4418 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
4419 # This annotation will be applied to the surrogate by prefixing it with
4420 # the name of the custom infoType followed by the number of
4421 # characters comprising the surrogate. The following scheme defines the
4422 # format: info_type_name(surrogate_character_count):surrogate
4423 #
4424 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
4425 # the surrogate is &#x27;abc&#x27;, the full replacement value
4426 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
4427 #
4428 # This annotation identifies the surrogate when inspecting content using the
4429 # custom infoType
4430 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
4431 # This facilitates reversal of the surrogate when it occurs in free text.
4432 #
4433 # In order for inspection to work properly, the name of this infoType must
4434 # not occur naturally anywhere in your data; otherwise, inspection may
4435 # find a surrogate that does not correspond to an actual identifier.
4436 # Therefore, choose your custom infoType name carefully after considering
4437 # what your data looks like. One way to select a name that has a high chance
4438 # of yielding reliable detection is to include one or more unicode characters
4439 # that are highly improbable to exist in your data.
4440 # For example, assuming your data is entered from a regular ASCII keyboard,
4441 # the symbol with the hex code point 29DD might be used like so:
4442 # ⧝MY_TOKEN_TYPE
4443 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
4444 # creating a CustomInfoType, or one of the names listed
4445 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4446 # a built-in type. InfoType names should conform to the pattern
4447 # `[a-zA-Z0-9_]{1,64}`.
4448 },
4449 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
4450 # identifier in two different contexts won&#x27;t be given the same surrogate. If
4451 # the context is not set, a default tweak will be used.
4452 #
4453 # If the context is set but:
4454 #
4455 # 1. there is no record present when transforming a given value or
4456 # 1. the field is not present when transforming a given value,
4457 #
4458 # a default tweak will be used.
4459 #
4460 # Note that case (1) is expected when an `InfoTypeTransformation` is
4461 # applied to both structured and non-structured `ContentItem`s.
4462 # Currently, the referenced field may be of value type integer or string.
4463 #
4464 # The tweak is constructed as a sequence of bytes in big endian byte order
4465 # such that:
4466 #
4467 # - a 64 bit integer is encoded followed by a single byte of value 1
4468 # - a string is encoded in UTF-8 format followed by a single byte of value 2
4469 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4470 },
4471 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
4472 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
4473 # a key encryption key (KEK) stored by KMS).
4474 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4475 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4476 # unwrap the data crypto key.
4477 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
4478 # leaking the key. Choose another type of key if possible.
4479 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4480 },
4481 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
4482 # It will be discarded after the request finishes.
4483 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
4484 # This is an arbitrary string used to differentiate different keys.
4485 # A unique key is generated per name: two separate `TransientCryptoKey`
4486 # protos share the same generated key if their names are the same.
4487 # When the data crypto key is generated, this name is not used in any way
4488 # (repeating the api call will result in a different key being generated).
4489 },
4490 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
4491 # The wrapped key must be a 128/192/256 bit key.
4492 # Authorization requires the following IAM permissions when sending a request
4493 # to perform a crypto transformation using a kms-wrapped crypto key:
4494 # dlp.kms.encrypt
4495 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4496 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4497 },
4498 },
4499 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
4500 # that the FFX mode natively supports. This happens before/after
4501 # encryption/decryption.
4502 # Each character listed must appear only once.
4503 # Number of characters must be in the range [2, 95].
4504 # This must be encoded as ASCII.
4505 # The order of characters does not matter.
4506 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
4507 },
4508 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
4509 # input. Outputs a base64 encoded representation of the encrypted output.
4510 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
4511 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
4512 # This annotation will be applied to the surrogate by prefixing it with
4513 # the name of the custom info type followed by the number of
4514 # characters comprising the surrogate. The following scheme defines the
4515 # format: {info type name}({surrogate character count}):{surrogate}
4516 #
4517 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
4518 # the surrogate is &#x27;abc&#x27;, the full replacement value
4519 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
4520 #
4521 # This annotation identifies the surrogate when inspecting content using the
4522 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
4523 # surrogate when it occurs in free text.
4524 #
4525 # Note: For record transformations where the entire cell in a table is being
4526 # transformed, surrogates are not mandatory. Surrogates are used to denote
4527 # the location of the token and are necessary for re-identification in free
4528 # form text.
4529 #
4530 # In order for inspection to work properly, the name of this info type must
4531 # not occur naturally anywhere in your data; otherwise, inspection may either
4532 #
4533 # - reverse a surrogate that does not correspond to an actual identifier
4534 # - be unable to parse the surrogate and result in an error
4535 #
4536 # Therefore, choose your custom info type name carefully after considering
4537 # what your data looks like. One way to select a name that has a high chance
4538 # of yielding reliable detection is to include one or more unicode characters
4539 # that are highly improbable to exist in your data.
4540 # For example, assuming your data is entered from a regular ASCII keyboard,
4541 # the symbol with the hex code point 29DD might be used like so:
4542 # ⧝MY_TOKEN_TYPE.
4543 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
4544 # creating a CustomInfoType, or one of the names listed
4545 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4546 # a built-in type. InfoType names should conform to the pattern
4547 # `[a-zA-Z0-9_]{1,64}`.
4548 },
4549 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
4550 # referential integrity such that the same identifier in two different
4551 # contexts will be given a distinct surrogate. The context is appended to
4552 # plaintext value being encrypted. On decryption the provided context is
4553 # validated against the value used during encryption. If a context was
4554 # provided during encryption, same context must be provided during decryption
4555 # as well.
4556 #
4557 # If the context is not set, plaintext would be used as is for encryption.
4558 # If the context is set but:
4559 #
4560 # 1. there is no record present when transforming a given value or
4561 # 2. the field is not present when transforming a given value,
4562 #
4563 # plaintext would be used as is for encryption.
4564 #
4565 # Note that case (1) is expected when an `InfoTypeTransformation` is
4566 # applied to both structured and non-structured `ContentItem`s.
4567 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4568 },
4569 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
4570 # a key encryption key (KEK) stored by KMS).
4571 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4572 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4573 # unwrap the data crypto key.
4574 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
4575 # leaking the key. Choose another type of key if possible.
4576 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
4577 },
4578 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
4579 # It will be discarded after the request finishes.
4580 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
4581 # This is an arbitrary string used to differentiate different keys.
4582 # A unique key is generated per name: two separate `TransientCryptoKey`
4583 # protos share the same generated key if their names are the same.
4584 # When the data crypto key is generated, this name is not used in any way
4585 # (repeating the api call will result in a different key being generated).
4586 },
4587 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
4588 # The wrapped key must be a 128/192/256 bit key.
4589 # Authorization requires the following IAM permissions when sending a request
4590 # to perform a crypto transformation using a kms-wrapped crypto key:
4591 # dlp.kms.encrypt
4592 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
4593 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
4594 },
4595 },
4596 },
4597 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
4598 # replacement values are dynamically provided by the user for custom behavior,
4599 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
4600 # This can be used on
4601 # data of type: number, long, string, timestamp.
4602 # If the bound `Value` type differs from the type of data being transformed, we
4603 # will first attempt converting the type of the data to be transformed to match
4604 # the type of the bound before comparing.
4605 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
4606 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
4607 { # Bucket is represented as a range, along with replacement values.
4608 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
4609 # the default behavior will be to hyphenate the min-max range.
4610 # Note that for the purposes of inspection or transformation, the number
4611 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4612 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4613 # 123456789, the number of bytes would be counted as 9, even though an
4614 # int64 only holds up to 8 bytes of data.
4615 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4616 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4617 # and time zone are either specified elsewhere or are not significant. The date
4618 # is relative to the Proleptic Gregorian Calendar. This can represent:
4619 #
4620 # * A full date, with non-zero year, month and day values
4621 # * A month and day value, with a zero year, e.g. an anniversary
4622 # * A year on its own, with zero month and day values
4623 # * A year and month value, with a zero day, e.g. a credit card expiration date
4624 #
4625 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4626 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4627 # a year.
4628 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4629 # month and day.
4630 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4631 # if specifying a year by itself or a year and month where the day is not
4632 # significant.
4633 },
4634 &quot;stringValue&quot;: &quot;A String&quot;, # string
4635 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4636 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4637 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4638 # types are google.type.Date and `google.protobuf.Timestamp`.
4639 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4640 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4641 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4642 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4643 # allow the value 60 if it allows leap-seconds.
4644 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4645 },
4646 &quot;booleanValue&quot;: True or False, # boolean
4647 &quot;floatValue&quot;: 3.14, # float
4648 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4649 },
4650 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
4651 # used.
4652 # Note that for the purposes of inspection or transformation, the number
4653 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4654 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4655 # 123456789, the number of bytes would be counted as 9, even though an
4656 # int64 only holds up to 8 bytes of data.
4657 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4658 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4659 # and time zone are either specified elsewhere or are not significant. The date
4660 # is relative to the Proleptic Gregorian Calendar. This can represent:
4661 #
4662 # * A full date, with non-zero year, month and day values
4663 # * A month and day value, with a zero year, e.g. an anniversary
4664 # * A year on its own, with zero month and day values
4665 # * A year and month value, with a zero day, e.g. a credit card expiration date
4666 #
4667 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4668 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4669 # a year.
4670 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4671 # month and day.
4672 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4673 # if specifying a year by itself or a year and month where the day is not
4674 # significant.
4675 },
4676 &quot;stringValue&quot;: &quot;A String&quot;, # string
4677 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4678 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4679 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4680 # types are google.type.Date and `google.protobuf.Timestamp`.
4681 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4682 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4683 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4684 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4685 # allow the value 60 if it allows leap-seconds.
4686 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4687 },
4688 &quot;booleanValue&quot;: True or False, # boolean
4689 &quot;floatValue&quot;: 3.14, # float
4690 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4691 },
4692 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
4693 # Note that for the purposes of inspection or transformation, the number
4694 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4695 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4696 # 123456789, the number of bytes would be counted as 9, even though an
4697 # int64 only holds up to 8 bytes of data.
4698 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4699 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4700 # and time zone are either specified elsewhere or are not significant. The date
4701 # is relative to the Proleptic Gregorian Calendar. This can represent:
4702 #
4703 # * A full date, with non-zero year, month and day values
4704 # * A month and day value, with a zero year, e.g. an anniversary
4705 # * A year on its own, with zero month and day values
4706 # * A year and month value, with a zero day, e.g. a credit card expiration date
4707 #
4708 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4709 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4710 # a year.
4711 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4712 # month and day.
4713 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4714 # if specifying a year by itself or a year and month where the day is not
4715 # significant.
4716 },
4717 &quot;stringValue&quot;: &quot;A String&quot;, # string
4718 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4719 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4720 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4721 # types are google.type.Date and `google.protobuf.Timestamp`.
4722 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4723 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4724 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4725 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4726 # allow the value 60 if it allows leap-seconds.
4727 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4728 },
4729 &quot;booleanValue&quot;: True or False, # boolean
4730 &quot;floatValue&quot;: 3.14, # float
4731 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4732 },
4733 },
4734 ],
4735 },
4736 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
4737 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
4738 # output would be &#x27;My phone number is &#x27;.
4739 },
4740 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
4741 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
4742 # Note that for the purposes of inspection or transformation, the number
4743 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4744 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4745 # 123456789, the number of bytes would be counted as 9, even though an
4746 # int64 only holds up to 8 bytes of data.
4747 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4748 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4749 # and time zone are either specified elsewhere or are not significant. The date
4750 # is relative to the Proleptic Gregorian Calendar. This can represent:
4751 #
4752 # * A full date, with non-zero year, month and day values
4753 # * A month and day value, with a zero year, e.g. an anniversary
4754 # * A year on its own, with zero month and day values
4755 # * A year and month value, with a zero day, e.g. a credit card expiration date
4756 #
4757 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4758 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4759 # a year.
4760 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4761 # month and day.
4762 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4763 # if specifying a year by itself or a year and month where the day is not
4764 # significant.
4765 },
4766 &quot;stringValue&quot;: &quot;A String&quot;, # string
4767 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4768 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4769 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4770 # types are google.type.Date and `google.protobuf.Timestamp`.
4771 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4772 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4773 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4774 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4775 # allow the value 60 if it allows leap-seconds.
4776 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4777 },
4778 &quot;booleanValue&quot;: True or False, # boolean
4779 &quot;floatValue&quot;: 3.14, # float
4780 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4781 },
4782 },
4783 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
4784 # Bucketing transformation can provide all of this functionality,
4785 # but requires more configuration. This message is provided as a convenience to
4786 # the user for simple bucketing strategies.
4787 #
4788 # The transformed value will be a hyphenated string of
4789 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
4790 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
4791 #
4792 # This can be used on data of type: double, long.
4793 #
4794 # If the bound Value type differs from the type of data
4795 # being transformed, we will first attempt converting the type of the data to
4796 # be transformed to match the type of the bound before comparing.
4797 #
4798 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
4799 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
4800 # grouped together into a single bucket; for example if `upper_bound` = 89,
4801 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
4802 # Note that for the purposes of inspection or transformation, the number
4803 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4804 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4805 # 123456789, the number of bytes would be counted as 9, even though an
4806 # int64 only holds up to 8 bytes of data.
4807 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4808 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4809 # and time zone are either specified elsewhere or are not significant. The date
4810 # is relative to the Proleptic Gregorian Calendar. This can represent:
4811 #
4812 # * A full date, with non-zero year, month and day values
4813 # * A month and day value, with a zero year, e.g. an anniversary
4814 # * A year on its own, with zero month and day values
4815 # * A year and month value, with a zero day, e.g. a credit card expiration date
4816 #
4817 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4818 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4819 # a year.
4820 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4821 # month and day.
4822 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4823 # if specifying a year by itself or a year and month where the day is not
4824 # significant.
4825 },
4826 &quot;stringValue&quot;: &quot;A String&quot;, # string
4827 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4828 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4829 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4830 # types are google.type.Date and `google.protobuf.Timestamp`.
4831 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4832 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4833 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4834 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4835 # allow the value 60 if it allows leap-seconds.
4836 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4837 },
4838 &quot;booleanValue&quot;: True or False, # boolean
4839 &quot;floatValue&quot;: 3.14, # float
4840 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4841 },
4842 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
4843 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
4844 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
4845 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
4846 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
4847 # grouped together into a single bucket; for example if `lower_bound` = 10,
4848 # then all values less than 10 are replaced with the value &quot;-10&quot;.
4849 # Note that for the purposes of inspection or transformation, the number
4850 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
4851 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
4852 # 123456789, the number of bytes would be counted as 9, even though an
4853 # int64 only holds up to 8 bytes of data.
4854 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
4855 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
4856 # and time zone are either specified elsewhere or are not significant. The date
4857 # is relative to the Proleptic Gregorian Calendar. This can represent:
4858 #
4859 # * A full date, with non-zero year, month and day values
4860 # * A month and day value, with a zero year, e.g. an anniversary
4861 # * A year on its own, with zero month and day values
4862 # * A year and month value, with a zero day, e.g. a credit card expiration date
4863 #
4864 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
4865 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
4866 # a year.
4867 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
4868 # month and day.
4869 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
4870 # if specifying a year by itself or a year and month where the day is not
4871 # significant.
4872 },
4873 &quot;stringValue&quot;: &quot;A String&quot;, # string
4874 &quot;integerValue&quot;: &quot;A String&quot;, # integer
4875 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
4876 # or are specified elsewhere. An API may choose to allow leap seconds. Related
4877 # types are google.type.Date and `google.protobuf.Timestamp`.
4878 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
4879 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
4880 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
4881 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
4882 # allow the value 60 if it allows leap-seconds.
4883 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
4884 },
4885 &quot;booleanValue&quot;: True or False, # boolean
4886 &quot;floatValue&quot;: 3.14, # float
4887 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
4888 },
4889 },
4890 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
4891 # fixed character. Masking can start from the beginning or end of the string.
4892 # This can be used on data of any type (numbers, longs, and so on) and when
4893 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
4894 # type. (This allows you to take a long like 123 and modify it to a string like
4895 # **3.
4896 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
4897 # characters. For example, if the input string is `555-555-5555` and you
4898 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
4899 # returns `***-**5-5555`.
4900 { # Characters to skip when doing deidentification of a value. These will be left
4901 # alone and skipped.
4902 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
4903 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
4904 # punctuation.
4905 },
4906 ],
4907 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
4908 # masked. Skipped characters do not count towards this tally.
4909 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
4910 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
4911 # code or credit card number. This string must have a length of 1. If not
4912 # supplied, this value defaults to `*` for strings, and `0` for digits.
4913 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
4914 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
4915 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
4916 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
4917 # is `true`, then the string `12345` is masked as `12***`.
4918 },
4919 },
4920 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
4921 # this transformation to apply to all findings that correspond to
4922 # infoTypes that were requested in `InspectConfig`.
4923 { # Type of information detected by the API.
4924 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
4925 # creating a CustomInfoType, or one of the names listed
4926 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
4927 # a built-in type. InfoType names should conform to the pattern
4928 # `[a-zA-Z0-9_]{1,64}`.
4929 },
4930 ],
4931 },
4932 ],
4933 },
Bu Sun Kim65020912020-05-20 12:08:20 -07004934 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
4935 # mode is `TransformationErrorHandling.ThrowError`.
4936 # transformation error occurs when the requested transformation is incompatible
4937 # with the data. For example, trying to de-identify an IP address using a
4938 # `DateShift` transformation would result in a transformation error, since date
4939 # info cannot be extracted from an IP address.
4940 # Information about any incompatible transformations, and how they were
4941 # handled, is returned in the response as part of the
4942 # `TransformationOverviews`.
4943 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
4944 },
4945 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
4946 # cause an error. For example, if a `DateShift` transformation were applied
4947 # an an IP address, this mode would leave the IP address unchanged in the
4948 # response.
4949 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004950 },
Bu Sun Kim65020912020-05-20 12:08:20 -07004951 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004952 # specific locations within structured datasets, such as transforming
4953 # a column within a table.
4954 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -07004955 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004956 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07004957 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -07004958 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -07004959 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -07004960 },
4961 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07004962 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004963 # transform content that matches an `InfoType`.
4964 # apply various `PrimitiveTransformation`s to each finding, where the
4965 # transformation is applied to only values that were identified as a specific
4966 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07004967 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -07004968 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004969 { # A transformation to apply to text that is identified as a specific
4970 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07004971 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
4972 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
4973 # portion of the value.
4974 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
4975 },
4976 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
4977 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
4978 # to learn more.
4979 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
4980 # If set, must also set cryptoKey. If set, shift will be consistent for the
4981 # given context.
4982 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
4983 },
4984 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
4985 # range (inclusive ends). Negative means shift to earlier in time. Must not
4986 # be more than 365250 days (1000 years) each direction.
4987 #
4988 # For example, 3 means shift date to at most 3 days into the future.
4989 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
4990 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
4991 # results in the same shift for the same context and crypto_key. If
4992 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004993 # a key encryption key (KEK) stored by KMS).
4994 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
4995 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
4996 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07004997 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07004998 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -07004999 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005000 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005001 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005002 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -07005003 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005004 # This is an arbitrary string used to differentiate different keys.
5005 # A unique key is generated per name: two separate `TransientCryptoKey`
5006 # protos share the same generated key if their names are the same.
5007 # When the data crypto key is generated, this name is not used in any way
5008 # (repeating the api call will result in a different key being generated).
5009 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005010 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5011 # The wrapped key must be a 128/192/256 bit key.
5012 # Authorization requires the following IAM permissions when sending a request
5013 # to perform a crypto transformation using a kms-wrapped crypto key:
5014 # dlp.kms.encrypt
5015 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5016 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5017 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005018 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005019 },
5020 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
5021 },
5022 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
5023 # Uses SHA-256.
5024 # The key size must be either 32 or 64 bytes.
5025 # Outputs a base64 encoded representation of the hashed output
5026 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
5027 # Currently, only string and integer values can be hashed.
5028 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
5029 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
5030 # a key encryption key (KEK) stored by KMS).
5031 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5032 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5033 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005034 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5035 # leaking the key. Choose another type of key if possible.
5036 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5037 },
5038 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5039 # It will be discarded after the request finishes.
5040 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5041 # This is an arbitrary string used to differentiate different keys.
5042 # A unique key is generated per name: two separate `TransientCryptoKey`
5043 # protos share the same generated key if their names are the same.
5044 # When the data crypto key is generated, this name is not used in any way
5045 # (repeating the api call will result in a different key being generated).
5046 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005047 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5048 # The wrapped key must be a 128/192/256 bit key.
5049 # Authorization requires the following IAM permissions when sending a request
5050 # to perform a crypto transformation using a kms-wrapped crypto key:
5051 # dlp.kms.encrypt
5052 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5053 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5054 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005055 },
5056 },
5057 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
5058 # (FPE) with the FFX mode of operation; however when used in the
5059 # `ReidentifyContent` API method, it serves the opposite function by reversing
5060 # the surrogate back into the original identifier. The identifier must be
5061 # encoded as ASCII. For a given crypto key and context, the same identifier
5062 # will be replaced with the same surrogate. Identifiers must be at least two
5063 # characters long. In the case that the identifier is the empty string, it will
5064 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
5065 # more.
5066 #
5067 # Note: We recommend using CryptoDeterministicConfig for all use cases which
5068 # do not require preserving the input alphabet space and size, plus warrant
5069 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07005070 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
5071 # This annotation will be applied to the surrogate by prefixing it with
5072 # the name of the custom infoType followed by the number of
5073 # characters comprising the surrogate. The following scheme defines the
5074 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005075 #
Bu Sun Kim65020912020-05-20 12:08:20 -07005076 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
5077 # the surrogate is &#x27;abc&#x27;, the full replacement value
5078 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
5079 #
5080 # This annotation identifies the surrogate when inspecting content using the
5081 # custom infoType
5082 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
5083 # This facilitates reversal of the surrogate when it occurs in free text.
5084 #
5085 # In order for inspection to work properly, the name of this infoType must
5086 # not occur naturally anywhere in your data; otherwise, inspection may
5087 # find a surrogate that does not correspond to an actual identifier.
5088 # Therefore, choose your custom infoType name carefully after considering
5089 # what your data looks like. One way to select a name that has a high chance
5090 # of yielding reliable detection is to include one or more unicode characters
5091 # that are highly improbable to exist in your data.
5092 # For example, assuming your data is entered from a regular ASCII keyboard,
5093 # the symbol with the hex code point 29DD might be used like so:
5094 # ⧝MY_TOKEN_TYPE
5095 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
5096 # creating a CustomInfoType, or one of the names listed
5097 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5098 # a built-in type. InfoType names should conform to the pattern
5099 # `[a-zA-Z0-9_]{1,64}`.
5100 },
5101 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
5102 # identifier in two different contexts won&#x27;t be given the same surrogate. If
5103 # the context is not set, a default tweak will be used.
5104 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005105 # If the context is set but:
5106 #
5107 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07005108 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005109 #
Bu Sun Kim65020912020-05-20 12:08:20 -07005110 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005111 #
5112 # Note that case (1) is expected when an `InfoTypeTransformation` is
5113 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07005114 # Currently, the referenced field may be of value type integer or string.
5115 #
5116 # The tweak is constructed as a sequence of bytes in big endian byte order
5117 # such that:
5118 #
5119 # - a 64 bit integer is encoded followed by a single byte of value 1
5120 # - a string is encoded in UTF-8 format followed by a single byte of value 2
5121 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005122 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005123 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
5124 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
5125 # a key encryption key (KEK) stored by KMS).
5126 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5127 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5128 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005129 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5130 # leaking the key. Choose another type of key if possible.
5131 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5132 },
5133 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5134 # It will be discarded after the request finishes.
5135 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5136 # This is an arbitrary string used to differentiate different keys.
5137 # A unique key is generated per name: two separate `TransientCryptoKey`
5138 # protos share the same generated key if their names are the same.
5139 # When the data crypto key is generated, this name is not used in any way
5140 # (repeating the api call will result in a different key being generated).
5141 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005142 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5143 # The wrapped key must be a 128/192/256 bit key.
5144 # Authorization requires the following IAM permissions when sending a request
5145 # to perform a crypto transformation using a kms-wrapped crypto key:
5146 # dlp.kms.encrypt
5147 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5148 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5149 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005150 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005151 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
5152 # that the FFX mode natively supports. This happens before/after
5153 # encryption/decryption.
5154 # Each character listed must appear only once.
5155 # Number of characters must be in the range [2, 95].
5156 # This must be encoded as ASCII.
5157 # The order of characters does not matter.
5158 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07005159 },
5160 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
5161 # input. Outputs a base64 encoded representation of the encrypted output.
5162 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
5163 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005164 # This annotation will be applied to the surrogate by prefixing it with
5165 # the name of the custom info type followed by the number of
5166 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -07005167 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005168 #
Bu Sun Kim65020912020-05-20 12:08:20 -07005169 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
5170 # the surrogate is &#x27;abc&#x27;, the full replacement value
5171 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005172 #
5173 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -07005174 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005175 # surrogate when it occurs in free text.
5176 #
Dan O'Mearadd494642020-05-01 07:42:23 -07005177 # Note: For record transformations where the entire cell in a table is being
5178 # transformed, surrogates are not mandatory. Surrogates are used to denote
5179 # the location of the token and are necessary for re-identification in free
5180 # form text.
5181 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005182 # In order for inspection to work properly, the name of this info type must
5183 # not occur naturally anywhere in your data; otherwise, inspection may either
5184 #
5185 # - reverse a surrogate that does not correspond to an actual identifier
5186 # - be unable to parse the surrogate and result in an error
5187 #
5188 # Therefore, choose your custom info type name carefully after considering
5189 # what your data looks like. One way to select a name that has a high chance
5190 # of yielding reliable detection is to include one or more unicode characters
5191 # that are highly improbable to exist in your data.
5192 # For example, assuming your data is entered from a regular ASCII keyboard,
5193 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -07005194 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -07005195 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005196 # creating a CustomInfoType, or one of the names listed
5197 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5198 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -07005199 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005200 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005201 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
5202 # referential integrity such that the same identifier in two different
5203 # contexts will be given a distinct surrogate. The context is appended to
5204 # plaintext value being encrypted. On decryption the provided context is
5205 # validated against the value used during encryption. If a context was
5206 # provided during encryption, same context must be provided during decryption
5207 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005208 #
Bu Sun Kim65020912020-05-20 12:08:20 -07005209 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005210 # If the context is set but:
5211 #
5212 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07005213 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005214 #
Bu Sun Kim65020912020-05-20 12:08:20 -07005215 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005216 #
5217 # Note that case (1) is expected when an `InfoTypeTransformation` is
5218 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07005219 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005220 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005221 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
5222 # a key encryption key (KEK) stored by KMS).
5223 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5224 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5225 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005226 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5227 # leaking the key. Choose another type of key if possible.
5228 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5229 },
5230 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5231 # It will be discarded after the request finishes.
5232 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5233 # This is an arbitrary string used to differentiate different keys.
5234 # A unique key is generated per name: two separate `TransientCryptoKey`
5235 # protos share the same generated key if their names are the same.
5236 # When the data crypto key is generated, this name is not used in any way
5237 # (repeating the api call will result in a different key being generated).
5238 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005239 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5240 # The wrapped key must be a 128/192/256 bit key.
5241 # Authorization requires the following IAM permissions when sending a request
5242 # to perform a crypto transformation using a kms-wrapped crypto key:
5243 # dlp.kms.encrypt
5244 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5245 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5246 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005247 },
5248 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005249 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -07005250 # replacement values are dynamically provided by the user for custom behavior,
5251 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
5252 # This can be used on
5253 # data of type: number, long, string, timestamp.
5254 # If the bound `Value` type differs from the type of data being transformed, we
5255 # will first attempt converting the type of the data to be transformed to match
5256 # the type of the bound before comparing.
5257 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07005258 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -07005259 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07005260 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
5261 # the default behavior will be to hyphenate the min-max range.
5262 # Note that for the purposes of inspection or transformation, the number
5263 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5264 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5265 # 123456789, the number of bytes would be counted as 9, even though an
5266 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07005267 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5268 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5269 # and time zone are either specified elsewhere or are not significant. The date
5270 # is relative to the Proleptic Gregorian Calendar. This can represent:
5271 #
5272 # * A full date, with non-zero year, month and day values
5273 # * A month and day value, with a zero year, e.g. an anniversary
5274 # * A year on its own, with zero month and day values
5275 # * A year and month value, with a zero day, e.g. a credit card expiration date
5276 #
5277 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5278 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5279 # a year.
5280 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5281 # month and day.
5282 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5283 # if specifying a year by itself or a year and month where the day is not
5284 # significant.
5285 },
5286 &quot;stringValue&quot;: &quot;A String&quot;, # string
5287 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5288 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5289 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5290 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005291 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5292 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5293 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005294 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5295 # allow the value 60 if it allows leap-seconds.
5296 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07005297 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005298 &quot;booleanValue&quot;: True or False, # boolean
5299 &quot;floatValue&quot;: 3.14, # float
5300 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
5301 },
5302 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
5303 # used.
5304 # Note that for the purposes of inspection or transformation, the number
5305 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5306 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5307 # 123456789, the number of bytes would be counted as 9, even though an
5308 # int64 only holds up to 8 bytes of data.
5309 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5310 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5311 # and time zone are either specified elsewhere or are not significant. The date
5312 # is relative to the Proleptic Gregorian Calendar. This can represent:
5313 #
5314 # * A full date, with non-zero year, month and day values
5315 # * A month and day value, with a zero year, e.g. an anniversary
5316 # * A year on its own, with zero month and day values
5317 # * A year and month value, with a zero day, e.g. a credit card expiration date
5318 #
5319 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5320 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5321 # a year.
5322 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5323 # month and day.
5324 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5325 # if specifying a year by itself or a year and month where the day is not
5326 # significant.
5327 },
5328 &quot;stringValue&quot;: &quot;A String&quot;, # string
5329 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5330 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5331 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5332 # types are google.type.Date and `google.protobuf.Timestamp`.
5333 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5334 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5335 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
5336 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5337 # allow the value 60 if it allows leap-seconds.
5338 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5339 },
5340 &quot;booleanValue&quot;: True or False, # boolean
5341 &quot;floatValue&quot;: 3.14, # float
5342 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
5343 },
5344 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
5345 # Note that for the purposes of inspection or transformation, the number
5346 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5347 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5348 # 123456789, the number of bytes would be counted as 9, even though an
5349 # int64 only holds up to 8 bytes of data.
5350 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5351 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5352 # and time zone are either specified elsewhere or are not significant. The date
5353 # is relative to the Proleptic Gregorian Calendar. This can represent:
5354 #
5355 # * A full date, with non-zero year, month and day values
5356 # * A month and day value, with a zero year, e.g. an anniversary
5357 # * A year on its own, with zero month and day values
5358 # * A year and month value, with a zero day, e.g. a credit card expiration date
5359 #
5360 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5361 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5362 # a year.
5363 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5364 # month and day.
5365 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5366 # if specifying a year by itself or a year and month where the day is not
5367 # significant.
5368 },
5369 &quot;stringValue&quot;: &quot;A String&quot;, # string
5370 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5371 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5372 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5373 # types are google.type.Date and `google.protobuf.Timestamp`.
5374 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5375 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5376 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
5377 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5378 # allow the value 60 if it allows leap-seconds.
5379 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5380 },
5381 &quot;booleanValue&quot;: True or False, # boolean
5382 &quot;floatValue&quot;: 3.14, # float
5383 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -07005384 },
5385 },
5386 ],
5387 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005388 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
5389 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
5390 # output would be &#x27;My phone number is &#x27;.
5391 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005392 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
5393 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005394 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -07005395 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5396 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005397 # 123456789, the number of bytes would be counted as 9, even though an
5398 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07005399 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5400 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005401 # and time zone are either specified elsewhere or are not significant. The date
5402 # is relative to the Proleptic Gregorian Calendar. This can represent:
5403 #
5404 # * A full date, with non-zero year, month and day values
5405 # * A month and day value, with a zero year, e.g. an anniversary
5406 # * A year on its own, with zero month and day values
5407 # * A year and month value, with a zero day, e.g. a credit card expiration date
5408 #
5409 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005410 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5411 # a year.
5412 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -07005413 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -07005414 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005415 # if specifying a year by itself or a year and month where the day is not
5416 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005417 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005418 &quot;stringValue&quot;: &quot;A String&quot;, # string
5419 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5420 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5421 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5422 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005423 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5424 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5425 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005426 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5427 # allow the value 60 if it allows leap-seconds.
5428 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07005429 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005430 &quot;booleanValue&quot;: True or False, # boolean
5431 &quot;floatValue&quot;: 3.14, # float
5432 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07005433 },
5434 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005435 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
5436 # Bucketing transformation can provide all of this functionality,
5437 # but requires more configuration. This message is provided as a convenience to
5438 # the user for simple bucketing strategies.
5439 #
5440 # The transformed value will be a hyphenated string of
5441 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
5442 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
5443 #
5444 # This can be used on data of type: double, long.
5445 #
5446 # If the bound Value type differs from the type of data
5447 # being transformed, we will first attempt converting the type of the data to
5448 # be transformed to match the type of the bound before comparing.
5449 #
5450 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07005451 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
5452 # grouped together into a single bucket; for example if `upper_bound` = 89,
5453 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
5454 # Note that for the purposes of inspection or transformation, the number
5455 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5456 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5457 # 123456789, the number of bytes would be counted as 9, even though an
5458 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07005459 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5460 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5461 # and time zone are either specified elsewhere or are not significant. The date
5462 # is relative to the Proleptic Gregorian Calendar. This can represent:
5463 #
5464 # * A full date, with non-zero year, month and day values
5465 # * A month and day value, with a zero year, e.g. an anniversary
5466 # * A year on its own, with zero month and day values
5467 # * A year and month value, with a zero day, e.g. a credit card expiration date
5468 #
5469 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5470 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5471 # a year.
5472 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5473 # month and day.
5474 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5475 # if specifying a year by itself or a year and month where the day is not
5476 # significant.
5477 },
5478 &quot;stringValue&quot;: &quot;A String&quot;, # string
5479 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5480 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5481 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5482 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005483 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5484 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5485 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005486 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5487 # allow the value 60 if it allows leap-seconds.
5488 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07005489 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005490 &quot;booleanValue&quot;: True or False, # boolean
5491 &quot;floatValue&quot;: 3.14, # float
5492 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07005493 },
5494 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
5495 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
5496 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
5497 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005498 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
5499 # grouped together into a single bucket; for example if `lower_bound` = 10,
5500 # then all values less than 10 are replaced with the value &quot;-10&quot;.
5501 # Note that for the purposes of inspection or transformation, the number
5502 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5503 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5504 # 123456789, the number of bytes would be counted as 9, even though an
5505 # int64 only holds up to 8 bytes of data.
5506 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5507 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5508 # and time zone are either specified elsewhere or are not significant. The date
5509 # is relative to the Proleptic Gregorian Calendar. This can represent:
5510 #
5511 # * A full date, with non-zero year, month and day values
5512 # * A month and day value, with a zero year, e.g. an anniversary
5513 # * A year on its own, with zero month and day values
5514 # * A year and month value, with a zero day, e.g. a credit card expiration date
5515 #
5516 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5517 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5518 # a year.
5519 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5520 # month and day.
5521 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5522 # if specifying a year by itself or a year and month where the day is not
5523 # significant.
5524 },
5525 &quot;stringValue&quot;: &quot;A String&quot;, # string
5526 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5527 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5528 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5529 # types are google.type.Date and `google.protobuf.Timestamp`.
5530 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5531 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5532 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
5533 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5534 # allow the value 60 if it allows leap-seconds.
5535 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5536 },
5537 &quot;booleanValue&quot;: True or False, # boolean
5538 &quot;floatValue&quot;: 3.14, # float
5539 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
5540 },
5541 },
5542 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
5543 # fixed character. Masking can start from the beginning or end of the string.
5544 # This can be used on data of any type (numbers, longs, and so on) and when
5545 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
5546 # type. (This allows you to take a long like 123 and modify it to a string like
5547 # **3.
5548 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
5549 # characters. For example, if the input string is `555-555-5555` and you
5550 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
5551 # returns `***-**5-5555`.
5552 { # Characters to skip when doing deidentification of a value. These will be left
5553 # alone and skipped.
5554 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
5555 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
5556 # punctuation.
5557 },
5558 ],
5559 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
5560 # masked. Skipped characters do not count towards this tally.
5561 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
5562 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
5563 # code or credit card number. This string must have a length of 1. If not
5564 # supplied, this value defaults to `*` for strings, and `0` for digits.
5565 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
5566 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
5567 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
5568 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
5569 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005570 },
5571 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005572 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
5573 # this transformation to apply to all findings that correspond to
5574 # infoTypes that were requested in `InspectConfig`.
5575 { # Type of information detected by the API.
5576 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
5577 # creating a CustomInfoType, or one of the names listed
5578 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5579 # a built-in type. InfoType names should conform to the pattern
5580 # `[a-zA-Z0-9_]{1,64}`.
5581 },
5582 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07005583 },
5584 ],
5585 },
5586 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
5587 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
5588 # portion of the value.
5589 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
5590 },
5591 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
5592 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
5593 # to learn more.
5594 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
5595 # If set, must also set cryptoKey. If set, shift will be consistent for the
5596 # given context.
5597 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
5598 },
5599 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
5600 # range (inclusive ends). Negative means shift to earlier in time. Must not
5601 # be more than 365250 days (1000 years) each direction.
5602 #
5603 # For example, 3 means shift date to at most 3 days into the future.
5604 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
5605 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
5606 # results in the same shift for the same context and crypto_key. If
5607 # set, must also set context. Can only be applied to table items.
5608 # a key encryption key (KEK) stored by KMS).
5609 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5610 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5611 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005612 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5613 # leaking the key. Choose another type of key if possible.
5614 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5615 },
5616 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5617 # It will be discarded after the request finishes.
5618 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5619 # This is an arbitrary string used to differentiate different keys.
5620 # A unique key is generated per name: two separate `TransientCryptoKey`
5621 # protos share the same generated key if their names are the same.
5622 # When the data crypto key is generated, this name is not used in any way
5623 # (repeating the api call will result in a different key being generated).
5624 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005625 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5626 # The wrapped key must be a 128/192/256 bit key.
5627 # Authorization requires the following IAM permissions when sending a request
5628 # to perform a crypto transformation using a kms-wrapped crypto key:
5629 # dlp.kms.encrypt
5630 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5631 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5632 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005633 },
5634 },
5635 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
5636 },
5637 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
5638 # Uses SHA-256.
5639 # The key size must be either 32 or 64 bytes.
5640 # Outputs a base64 encoded representation of the hashed output
5641 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
5642 # Currently, only string and integer values can be hashed.
5643 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
5644 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
5645 # a key encryption key (KEK) stored by KMS).
5646 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5647 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5648 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005649 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5650 # leaking the key. Choose another type of key if possible.
5651 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5652 },
5653 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5654 # It will be discarded after the request finishes.
5655 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5656 # This is an arbitrary string used to differentiate different keys.
5657 # A unique key is generated per name: two separate `TransientCryptoKey`
5658 # protos share the same generated key if their names are the same.
5659 # When the data crypto key is generated, this name is not used in any way
5660 # (repeating the api call will result in a different key being generated).
5661 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005662 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5663 # The wrapped key must be a 128/192/256 bit key.
5664 # Authorization requires the following IAM permissions when sending a request
5665 # to perform a crypto transformation using a kms-wrapped crypto key:
5666 # dlp.kms.encrypt
5667 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5668 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5669 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005670 },
5671 },
5672 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
5673 # (FPE) with the FFX mode of operation; however when used in the
5674 # `ReidentifyContent` API method, it serves the opposite function by reversing
5675 # the surrogate back into the original identifier. The identifier must be
5676 # encoded as ASCII. For a given crypto key and context, the same identifier
5677 # will be replaced with the same surrogate. Identifiers must be at least two
5678 # characters long. In the case that the identifier is the empty string, it will
5679 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
5680 # more.
5681 #
5682 # Note: We recommend using CryptoDeterministicConfig for all use cases which
5683 # do not require preserving the input alphabet space and size, plus warrant
5684 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07005685 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
5686 # This annotation will be applied to the surrogate by prefixing it with
5687 # the name of the custom infoType followed by the number of
5688 # characters comprising the surrogate. The following scheme defines the
5689 # format: info_type_name(surrogate_character_count):surrogate
5690 #
5691 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
5692 # the surrogate is &#x27;abc&#x27;, the full replacement value
5693 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
5694 #
5695 # This annotation identifies the surrogate when inspecting content using the
5696 # custom infoType
5697 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
5698 # This facilitates reversal of the surrogate when it occurs in free text.
5699 #
5700 # In order for inspection to work properly, the name of this infoType must
5701 # not occur naturally anywhere in your data; otherwise, inspection may
5702 # find a surrogate that does not correspond to an actual identifier.
5703 # Therefore, choose your custom infoType name carefully after considering
5704 # what your data looks like. One way to select a name that has a high chance
5705 # of yielding reliable detection is to include one or more unicode characters
5706 # that are highly improbable to exist in your data.
5707 # For example, assuming your data is entered from a regular ASCII keyboard,
5708 # the symbol with the hex code point 29DD might be used like so:
5709 # ⧝MY_TOKEN_TYPE
5710 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
5711 # creating a CustomInfoType, or one of the names listed
5712 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5713 # a built-in type. InfoType names should conform to the pattern
5714 # `[a-zA-Z0-9_]{1,64}`.
5715 },
5716 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
5717 # identifier in two different contexts won&#x27;t be given the same surrogate. If
5718 # the context is not set, a default tweak will be used.
5719 #
5720 # If the context is set but:
5721 #
5722 # 1. there is no record present when transforming a given value or
5723 # 1. the field is not present when transforming a given value,
5724 #
5725 # a default tweak will be used.
5726 #
5727 # Note that case (1) is expected when an `InfoTypeTransformation` is
5728 # applied to both structured and non-structured `ContentItem`s.
5729 # Currently, the referenced field may be of value type integer or string.
5730 #
5731 # The tweak is constructed as a sequence of bytes in big endian byte order
5732 # such that:
5733 #
5734 # - a 64 bit integer is encoded followed by a single byte of value 1
5735 # - a string is encoded in UTF-8 format followed by a single byte of value 2
5736 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
5737 },
5738 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
5739 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
5740 # a key encryption key (KEK) stored by KMS).
5741 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5742 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5743 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005744 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5745 # leaking the key. Choose another type of key if possible.
5746 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5747 },
5748 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5749 # It will be discarded after the request finishes.
5750 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5751 # This is an arbitrary string used to differentiate different keys.
5752 # A unique key is generated per name: two separate `TransientCryptoKey`
5753 # protos share the same generated key if their names are the same.
5754 # When the data crypto key is generated, this name is not used in any way
5755 # (repeating the api call will result in a different key being generated).
5756 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005757 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5758 # The wrapped key must be a 128/192/256 bit key.
5759 # Authorization requires the following IAM permissions when sending a request
5760 # to perform a crypto transformation using a kms-wrapped crypto key:
5761 # dlp.kms.encrypt
5762 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5763 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5764 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005765 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005766 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
5767 # that the FFX mode natively supports. This happens before/after
5768 # encryption/decryption.
5769 # Each character listed must appear only once.
5770 # Number of characters must be in the range [2, 95].
5771 # This must be encoded as ASCII.
5772 # The order of characters does not matter.
5773 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07005774 },
5775 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
5776 # input. Outputs a base64 encoded representation of the encrypted output.
5777 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
5778 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
5779 # This annotation will be applied to the surrogate by prefixing it with
5780 # the name of the custom info type followed by the number of
5781 # characters comprising the surrogate. The following scheme defines the
5782 # format: {info type name}({surrogate character count}):{surrogate}
5783 #
5784 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
5785 # the surrogate is &#x27;abc&#x27;, the full replacement value
5786 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
5787 #
5788 # This annotation identifies the surrogate when inspecting content using the
5789 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
5790 # surrogate when it occurs in free text.
5791 #
5792 # Note: For record transformations where the entire cell in a table is being
5793 # transformed, surrogates are not mandatory. Surrogates are used to denote
5794 # the location of the token and are necessary for re-identification in free
5795 # form text.
5796 #
5797 # In order for inspection to work properly, the name of this info type must
5798 # not occur naturally anywhere in your data; otherwise, inspection may either
5799 #
5800 # - reverse a surrogate that does not correspond to an actual identifier
5801 # - be unable to parse the surrogate and result in an error
5802 #
5803 # Therefore, choose your custom info type name carefully after considering
5804 # what your data looks like. One way to select a name that has a high chance
5805 # of yielding reliable detection is to include one or more unicode characters
5806 # that are highly improbable to exist in your data.
5807 # For example, assuming your data is entered from a regular ASCII keyboard,
5808 # the symbol with the hex code point 29DD might be used like so:
5809 # ⧝MY_TOKEN_TYPE.
5810 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
5811 # creating a CustomInfoType, or one of the names listed
5812 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
5813 # a built-in type. InfoType names should conform to the pattern
5814 # `[a-zA-Z0-9_]{1,64}`.
5815 },
5816 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
5817 # referential integrity such that the same identifier in two different
5818 # contexts will be given a distinct surrogate. The context is appended to
5819 # plaintext value being encrypted. On decryption the provided context is
5820 # validated against the value used during encryption. If a context was
5821 # provided during encryption, same context must be provided during decryption
5822 # as well.
5823 #
5824 # If the context is not set, plaintext would be used as is for encryption.
5825 # If the context is set but:
5826 #
5827 # 1. there is no record present when transforming a given value or
5828 # 2. the field is not present when transforming a given value,
5829 #
5830 # plaintext would be used as is for encryption.
5831 #
5832 # Note that case (1) is expected when an `InfoTypeTransformation` is
5833 # applied to both structured and non-structured `ContentItem`s.
5834 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
5835 },
5836 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
5837 # a key encryption key (KEK) stored by KMS).
5838 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
5839 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
5840 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07005841 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
5842 # leaking the key. Choose another type of key if possible.
5843 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
5844 },
5845 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
5846 # It will be discarded after the request finishes.
5847 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
5848 # This is an arbitrary string used to differentiate different keys.
5849 # A unique key is generated per name: two separate `TransientCryptoKey`
5850 # protos share the same generated key if their names are the same.
5851 # When the data crypto key is generated, this name is not used in any way
5852 # (repeating the api call will result in a different key being generated).
5853 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005854 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
5855 # The wrapped key must be a 128/192/256 bit key.
5856 # Authorization requires the following IAM permissions when sending a request
5857 # to perform a crypto transformation using a kms-wrapped crypto key:
5858 # dlp.kms.encrypt
5859 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
5860 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
5861 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005862 },
5863 },
Bu Sun Kim65020912020-05-20 12:08:20 -07005864 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
5865 # replacement values are dynamically provided by the user for custom behavior,
5866 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
5867 # This can be used on
5868 # data of type: number, long, string, timestamp.
5869 # If the bound `Value` type differs from the type of data being transformed, we
5870 # will first attempt converting the type of the data to be transformed to match
5871 # the type of the bound before comparing.
5872 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
5873 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
5874 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07005875 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
5876 # the default behavior will be to hyphenate the min-max range.
5877 # Note that for the purposes of inspection or transformation, the number
5878 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5879 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5880 # 123456789, the number of bytes would be counted as 9, even though an
5881 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07005882 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5883 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5884 # and time zone are either specified elsewhere or are not significant. The date
5885 # is relative to the Proleptic Gregorian Calendar. This can represent:
5886 #
5887 # * A full date, with non-zero year, month and day values
5888 # * A month and day value, with a zero year, e.g. an anniversary
5889 # * A year on its own, with zero month and day values
5890 # * A year and month value, with a zero day, e.g. a credit card expiration date
5891 #
5892 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5893 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5894 # a year.
5895 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5896 # month and day.
5897 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5898 # if specifying a year by itself or a year and month where the day is not
5899 # significant.
5900 },
5901 &quot;stringValue&quot;: &quot;A String&quot;, # string
5902 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5903 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5904 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5905 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07005906 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5907 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5908 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005909 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5910 # allow the value 60 if it allows leap-seconds.
5911 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005912 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07005913 &quot;booleanValue&quot;: True or False, # boolean
5914 &quot;floatValue&quot;: 3.14, # float
5915 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
5916 },
5917 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
5918 # used.
5919 # Note that for the purposes of inspection or transformation, the number
5920 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5921 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5922 # 123456789, the number of bytes would be counted as 9, even though an
5923 # int64 only holds up to 8 bytes of data.
5924 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5925 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5926 # and time zone are either specified elsewhere or are not significant. The date
5927 # is relative to the Proleptic Gregorian Calendar. This can represent:
5928 #
5929 # * A full date, with non-zero year, month and day values
5930 # * A month and day value, with a zero year, e.g. an anniversary
5931 # * A year on its own, with zero month and day values
5932 # * A year and month value, with a zero day, e.g. a credit card expiration date
5933 #
5934 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5935 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5936 # a year.
5937 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5938 # month and day.
5939 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5940 # if specifying a year by itself or a year and month where the day is not
5941 # significant.
5942 },
5943 &quot;stringValue&quot;: &quot;A String&quot;, # string
5944 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5945 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5946 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5947 # types are google.type.Date and `google.protobuf.Timestamp`.
5948 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5949 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5950 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
5951 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5952 # allow the value 60 if it allows leap-seconds.
5953 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5954 },
5955 &quot;booleanValue&quot;: True or False, # boolean
5956 &quot;floatValue&quot;: 3.14, # float
5957 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
5958 },
5959 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
5960 # Note that for the purposes of inspection or transformation, the number
5961 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
5962 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
5963 # 123456789, the number of bytes would be counted as 9, even though an
5964 # int64 only holds up to 8 bytes of data.
5965 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
5966 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
5967 # and time zone are either specified elsewhere or are not significant. The date
5968 # is relative to the Proleptic Gregorian Calendar. This can represent:
5969 #
5970 # * A full date, with non-zero year, month and day values
5971 # * A month and day value, with a zero year, e.g. an anniversary
5972 # * A year on its own, with zero month and day values
5973 # * A year and month value, with a zero day, e.g. a credit card expiration date
5974 #
5975 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
5976 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
5977 # a year.
5978 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
5979 # month and day.
5980 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
5981 # if specifying a year by itself or a year and month where the day is not
5982 # significant.
5983 },
5984 &quot;stringValue&quot;: &quot;A String&quot;, # string
5985 &quot;integerValue&quot;: &quot;A String&quot;, # integer
5986 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
5987 # or are specified elsewhere. An API may choose to allow leap seconds. Related
5988 # types are google.type.Date and `google.protobuf.Timestamp`.
5989 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
5990 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
5991 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
5992 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
5993 # allow the value 60 if it allows leap-seconds.
5994 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
5995 },
5996 &quot;booleanValue&quot;: True or False, # boolean
5997 &quot;floatValue&quot;: 3.14, # float
5998 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07005999 },
6000 },
Bu Sun Kim65020912020-05-20 12:08:20 -07006001 ],
6002 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006003 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
6004 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
6005 # output would be &#x27;My phone number is &#x27;.
6006 },
Bu Sun Kim65020912020-05-20 12:08:20 -07006007 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
6008 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
6009 # Note that for the purposes of inspection or transformation, the number
6010 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6011 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6012 # 123456789, the number of bytes would be counted as 9, even though an
6013 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07006014 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6015 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6016 # and time zone are either specified elsewhere or are not significant. The date
6017 # is relative to the Proleptic Gregorian Calendar. This can represent:
6018 #
6019 # * A full date, with non-zero year, month and day values
6020 # * A month and day value, with a zero year, e.g. an anniversary
6021 # * A year on its own, with zero month and day values
6022 # * A year and month value, with a zero day, e.g. a credit card expiration date
6023 #
6024 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6025 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6026 # a year.
6027 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6028 # month and day.
6029 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6030 # if specifying a year by itself or a year and month where the day is not
6031 # significant.
6032 },
6033 &quot;stringValue&quot;: &quot;A String&quot;, # string
6034 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6035 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6036 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6037 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07006038 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6039 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6040 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006041 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6042 # allow the value 60 if it allows leap-seconds.
6043 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07006044 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006045 &quot;booleanValue&quot;: True or False, # boolean
6046 &quot;floatValue&quot;: 3.14, # float
6047 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07006048 },
6049 },
Bu Sun Kim65020912020-05-20 12:08:20 -07006050 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
6051 # Bucketing transformation can provide all of this functionality,
6052 # but requires more configuration. This message is provided as a convenience to
6053 # the user for simple bucketing strategies.
6054 #
6055 # The transformed value will be a hyphenated string of
6056 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
6057 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
6058 #
6059 # This can be used on data of type: double, long.
6060 #
6061 # If the bound Value type differs from the type of data
6062 # being transformed, we will first attempt converting the type of the data to
6063 # be transformed to match the type of the bound before comparing.
6064 #
6065 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07006066 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
6067 # grouped together into a single bucket; for example if `upper_bound` = 89,
6068 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
6069 # Note that for the purposes of inspection or transformation, the number
6070 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6071 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6072 # 123456789, the number of bytes would be counted as 9, even though an
6073 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07006074 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6075 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6076 # and time zone are either specified elsewhere or are not significant. The date
6077 # is relative to the Proleptic Gregorian Calendar. This can represent:
6078 #
6079 # * A full date, with non-zero year, month and day values
6080 # * A month and day value, with a zero year, e.g. an anniversary
6081 # * A year on its own, with zero month and day values
6082 # * A year and month value, with a zero day, e.g. a credit card expiration date
6083 #
6084 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6085 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6086 # a year.
6087 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6088 # month and day.
6089 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6090 # if specifying a year by itself or a year and month where the day is not
6091 # significant.
6092 },
6093 &quot;stringValue&quot;: &quot;A String&quot;, # string
6094 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6095 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6096 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6097 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07006098 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6099 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6100 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006101 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6102 # allow the value 60 if it allows leap-seconds.
6103 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07006104 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006105 &quot;booleanValue&quot;: True or False, # boolean
6106 &quot;floatValue&quot;: 3.14, # float
6107 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07006108 },
6109 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
6110 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
6111 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
6112 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006113 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
6114 # grouped together into a single bucket; for example if `lower_bound` = 10,
6115 # then all values less than 10 are replaced with the value &quot;-10&quot;.
6116 # Note that for the purposes of inspection or transformation, the number
6117 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6118 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6119 # 123456789, the number of bytes would be counted as 9, even though an
6120 # int64 only holds up to 8 bytes of data.
6121 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6122 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6123 # and time zone are either specified elsewhere or are not significant. The date
6124 # is relative to the Proleptic Gregorian Calendar. This can represent:
6125 #
6126 # * A full date, with non-zero year, month and day values
6127 # * A month and day value, with a zero year, e.g. an anniversary
6128 # * A year on its own, with zero month and day values
6129 # * A year and month value, with a zero day, e.g. a credit card expiration date
6130 #
6131 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6132 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6133 # a year.
6134 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6135 # month and day.
6136 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6137 # if specifying a year by itself or a year and month where the day is not
6138 # significant.
6139 },
6140 &quot;stringValue&quot;: &quot;A String&quot;, # string
6141 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6142 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6143 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6144 # types are google.type.Date and `google.protobuf.Timestamp`.
6145 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6146 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6147 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6148 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6149 # allow the value 60 if it allows leap-seconds.
6150 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6151 },
6152 &quot;booleanValue&quot;: True or False, # boolean
6153 &quot;floatValue&quot;: 3.14, # float
6154 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6155 },
6156 },
6157 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
6158 # fixed character. Masking can start from the beginning or end of the string.
6159 # This can be used on data of any type (numbers, longs, and so on) and when
6160 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
6161 # type. (This allows you to take a long like 123 and modify it to a string like
6162 # **3.
6163 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
6164 # characters. For example, if the input string is `555-555-5555` and you
6165 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
6166 # returns `***-**5-5555`.
6167 { # Characters to skip when doing deidentification of a value. These will be left
6168 # alone and skipped.
6169 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
6170 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
6171 # punctuation.
6172 },
6173 ],
6174 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
6175 # masked. Skipped characters do not count towards this tally.
6176 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
6177 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
6178 # code or credit card number. This string must have a length of 1. If not
6179 # supplied, this value defaults to `*` for strings, and `0` for digits.
6180 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
6181 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
6182 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
6183 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
6184 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07006185 },
6186 },
6187 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
6188 # given `RecordCondition`. The conditions are allowed to reference fields
6189 # that are not used in the actual transformation.
6190 #
6191 # Example Use Cases:
6192 #
6193 # - Apply a different bucket transformation to an age column if the zip code
6194 # column for the same record is within a specific range.
6195 # - Redact a field if the date of birth field is greater than 85.
6196 # a field.
6197 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
6198 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
6199 # only supported value is `AND`.
6200 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
6201 &quot;conditions&quot;: [ # A collection of conditions.
6202 { # The field type of `value` and `field` do not need to match to be
6203 # considered equal, but not all comparisons are possible.
6204 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
6205 # but all other comparisons are invalid with incompatible types.
6206 # A `value` of type:
6207 #
6208 # - `string` can be compared against all other types
6209 # - `boolean` can only be compared against other booleans
6210 # - `integer` can be compared against doubles or a string if the string value
6211 # can be parsed as an integer.
6212 # - `double` can be compared against integers or a string if the string can
6213 # be parsed as a double.
6214 # - `Timestamp` can be compared against strings in RFC 3339 date string
6215 # format.
6216 # - `TimeOfDay` can be compared against timestamps and strings in the format
6217 # of &#x27;HH:mm:ss&#x27;.
6218 #
6219 # If we fail to compare do to type mismatch, a warning will be given and
6220 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -07006221 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
6222 # Note that for the purposes of inspection or transformation, the number
6223 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6224 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6225 # 123456789, the number of bytes would be counted as 9, even though an
6226 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07006227 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6228 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6229 # and time zone are either specified elsewhere or are not significant. The date
6230 # is relative to the Proleptic Gregorian Calendar. This can represent:
6231 #
6232 # * A full date, with non-zero year, month and day values
6233 # * A month and day value, with a zero year, e.g. an anniversary
6234 # * A year on its own, with zero month and day values
6235 # * A year and month value, with a zero day, e.g. a credit card expiration date
6236 #
6237 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6238 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6239 # a year.
6240 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6241 # month and day.
6242 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6243 # if specifying a year by itself or a year and month where the day is not
6244 # significant.
6245 },
6246 &quot;stringValue&quot;: &quot;A String&quot;, # string
6247 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6248 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6249 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6250 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07006251 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6252 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6253 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006254 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6255 # allow the value 60 if it allows leap-seconds.
6256 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07006257 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006258 &quot;booleanValue&quot;: True or False, # boolean
6259 &quot;floatValue&quot;: 3.14, # float
6260 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07006261 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006262 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
6263 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
6264 },
6265 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006266 },
6267 ],
6268 },
Bu Sun Kim65020912020-05-20 12:08:20 -07006269 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006270 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006271 },
6272 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006273 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
6274 # match any suppression rule are omitted from the output.
6275 { # Configuration to suppress records whose suppression conditions evaluate to
6276 # true.
6277 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
6278 # evaluated to be suppressed from the transformed content.
6279 # a field.
6280 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
6281 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
6282 # only supported value is `AND`.
6283 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
6284 &quot;conditions&quot;: [ # A collection of conditions.
6285 { # The field type of `value` and `field` do not need to match to be
6286 # considered equal, but not all comparisons are possible.
6287 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
6288 # but all other comparisons are invalid with incompatible types.
6289 # A `value` of type:
6290 #
6291 # - `string` can be compared against all other types
6292 # - `boolean` can only be compared against other booleans
6293 # - `integer` can be compared against doubles or a string if the string value
6294 # can be parsed as an integer.
6295 # - `double` can be compared against integers or a string if the string can
6296 # be parsed as a double.
6297 # - `Timestamp` can be compared against strings in RFC 3339 date string
6298 # format.
6299 # - `TimeOfDay` can be compared against timestamps and strings in the format
6300 # of &#x27;HH:mm:ss&#x27;.
6301 #
6302 # If we fail to compare do to type mismatch, a warning will be given and
6303 # the condition will evaluate to false.
6304 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
6305 # Note that for the purposes of inspection or transformation, the number
6306 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6307 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6308 # 123456789, the number of bytes would be counted as 9, even though an
6309 # int64 only holds up to 8 bytes of data.
6310 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6311 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6312 # and time zone are either specified elsewhere or are not significant. The date
6313 # is relative to the Proleptic Gregorian Calendar. This can represent:
6314 #
6315 # * A full date, with non-zero year, month and day values
6316 # * A month and day value, with a zero year, e.g. an anniversary
6317 # * A year on its own, with zero month and day values
6318 # * A year and month value, with a zero day, e.g. a credit card expiration date
6319 #
6320 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6321 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6322 # a year.
6323 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6324 # month and day.
6325 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6326 # if specifying a year by itself or a year and month where the day is not
6327 # significant.
6328 },
6329 &quot;stringValue&quot;: &quot;A String&quot;, # string
6330 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6331 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6332 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6333 # types are google.type.Date and `google.protobuf.Timestamp`.
6334 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6335 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6336 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6337 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6338 # allow the value 60 if it allows leap-seconds.
6339 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6340 },
6341 &quot;booleanValue&quot;: True or False, # boolean
6342 &quot;floatValue&quot;: 3.14, # float
6343 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07006344 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006345 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
6346 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07006347 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006348 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -07006349 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006350 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07006351 },
6352 },
Bu Sun Kim65020912020-05-20 12:08:20 -07006353 },
6354 },
6355 ],
Dan O'Mearadd494642020-05-01 07:42:23 -07006356 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006357 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006358 }</pre>
6359</div>
6360
6361<div class="method">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006362 <code class="details" id="list">list(parent, orderBy=None, pageToken=None, locationId=None, pageSize=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006363 <pre>Lists DeidentifyTemplates.
6364See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
6365more.
6366
6367Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07006368 parent: string, Required. The parent resource name, for example projects/my-project-id or
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006369organizations/my-org-id. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07006370 orderBy: string, Comma separated list of fields to order by,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006371followed by `asc` or `desc` postfix. This list is case-insensitive,
6372default sorting order is ascending, redundant space characters are
6373insignificant.
6374
6375Example: `name asc,update_time, create_time desc`
6376
6377Supported fields are:
6378
6379- `create_time`: corresponds to time the template was created.
6380- `update_time`: corresponds to time the template was last updated.
Bu Sun Kim65020912020-05-20 12:08:20 -07006381- `name`: corresponds to template&#x27;s name.
6382- `display_name`: corresponds to template&#x27;s display name.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006383 pageToken: string, Page token to continue retrieval. Comes from previous call
6384to `ListDeidentifyTemplates`.
6385 locationId: string, The geographic location where deidentifications templates will be retrieved
6386from. Use `-` for all locations. Reserved for future extensions.
6387 pageSize: integer, Size of the page, can be limited by server. If zero server returns
6388a page of max size 100.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006389 x__xgafv: string, V1 error format.
6390 Allowed values
6391 1 - v1 error format
6392 2 - v2 error format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006393
6394Returns:
6395 An object of the form:
6396
6397 { # Response message for ListDeidentifyTemplates.
Bu Sun Kim65020912020-05-20 12:08:20 -07006398 &quot;nextPageToken&quot;: &quot;A String&quot;, # If the next page is available then the next page token to be used
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006399 # in following ListDeidentifyTemplates request.
Bu Sun Kim65020912020-05-20 12:08:20 -07006400 &quot;deidentifyTemplates&quot;: [ # List of deidentify templates, up to page_size in
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006401 # ListDeidentifyTemplatesRequest.
Dan O'Mearadd494642020-05-01 07:42:23 -07006402 { # DeidentifyTemplates contains instructions on how to de-identify content.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07006403 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07006404 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
6405 #
6406 # The template will have one of the following formats:
6407 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
6408 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
6409 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
6410 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
6411 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
6412 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
6413 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07006414 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
6415 # transformation everywhere.
6416 # apply various `PrimitiveTransformation`s to each finding, where the
6417 # transformation is applied to only values that were identified as a specific
6418 # info_type.
6419 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
6420 # for a given infoType.
6421 { # A transformation to apply to text that is identified as a specific
6422 # info_type.
6423 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
6424 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
6425 # portion of the value.
6426 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
6427 },
6428 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
6429 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
6430 # to learn more.
6431 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
6432 # If set, must also set cryptoKey. If set, shift will be consistent for the
6433 # given context.
6434 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
6435 },
6436 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
6437 # range (inclusive ends). Negative means shift to earlier in time. Must not
6438 # be more than 365250 days (1000 years) each direction.
6439 #
6440 # For example, 3 means shift date to at most 3 days into the future.
6441 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
6442 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
6443 # results in the same shift for the same context and crypto_key. If
6444 # set, must also set context. Can only be applied to table items.
6445 # a key encryption key (KEK) stored by KMS).
6446 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6447 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6448 # unwrap the data crypto key.
6449 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
6450 # leaking the key. Choose another type of key if possible.
6451 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
6452 },
6453 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
6454 # It will be discarded after the request finishes.
6455 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
6456 # This is an arbitrary string used to differentiate different keys.
6457 # A unique key is generated per name: two separate `TransientCryptoKey`
6458 # protos share the same generated key if their names are the same.
6459 # When the data crypto key is generated, this name is not used in any way
6460 # (repeating the api call will result in a different key being generated).
6461 },
6462 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
6463 # The wrapped key must be a 128/192/256 bit key.
6464 # Authorization requires the following IAM permissions when sending a request
6465 # to perform a crypto transformation using a kms-wrapped crypto key:
6466 # dlp.kms.encrypt
6467 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
6468 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
6469 },
6470 },
6471 },
6472 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
6473 },
6474 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
6475 # Uses SHA-256.
6476 # The key size must be either 32 or 64 bytes.
6477 # Outputs a base64 encoded representation of the hashed output
6478 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
6479 # Currently, only string and integer values can be hashed.
6480 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
6481 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
6482 # a key encryption key (KEK) stored by KMS).
6483 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6484 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6485 # unwrap the data crypto key.
6486 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
6487 # leaking the key. Choose another type of key if possible.
6488 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
6489 },
6490 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
6491 # It will be discarded after the request finishes.
6492 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
6493 # This is an arbitrary string used to differentiate different keys.
6494 # A unique key is generated per name: two separate `TransientCryptoKey`
6495 # protos share the same generated key if their names are the same.
6496 # When the data crypto key is generated, this name is not used in any way
6497 # (repeating the api call will result in a different key being generated).
6498 },
6499 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
6500 # The wrapped key must be a 128/192/256 bit key.
6501 # Authorization requires the following IAM permissions when sending a request
6502 # to perform a crypto transformation using a kms-wrapped crypto key:
6503 # dlp.kms.encrypt
6504 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
6505 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
6506 },
6507 },
6508 },
6509 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
6510 # (FPE) with the FFX mode of operation; however when used in the
6511 # `ReidentifyContent` API method, it serves the opposite function by reversing
6512 # the surrogate back into the original identifier. The identifier must be
6513 # encoded as ASCII. For a given crypto key and context, the same identifier
6514 # will be replaced with the same surrogate. Identifiers must be at least two
6515 # characters long. In the case that the identifier is the empty string, it will
6516 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
6517 # more.
6518 #
6519 # Note: We recommend using CryptoDeterministicConfig for all use cases which
6520 # do not require preserving the input alphabet space and size, plus warrant
6521 # referential integrity.
6522 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
6523 # This annotation will be applied to the surrogate by prefixing it with
6524 # the name of the custom infoType followed by the number of
6525 # characters comprising the surrogate. The following scheme defines the
6526 # format: info_type_name(surrogate_character_count):surrogate
6527 #
6528 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
6529 # the surrogate is &#x27;abc&#x27;, the full replacement value
6530 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
6531 #
6532 # This annotation identifies the surrogate when inspecting content using the
6533 # custom infoType
6534 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
6535 # This facilitates reversal of the surrogate when it occurs in free text.
6536 #
6537 # In order for inspection to work properly, the name of this infoType must
6538 # not occur naturally anywhere in your data; otherwise, inspection may
6539 # find a surrogate that does not correspond to an actual identifier.
6540 # Therefore, choose your custom infoType name carefully after considering
6541 # what your data looks like. One way to select a name that has a high chance
6542 # of yielding reliable detection is to include one or more unicode characters
6543 # that are highly improbable to exist in your data.
6544 # For example, assuming your data is entered from a regular ASCII keyboard,
6545 # the symbol with the hex code point 29DD might be used like so:
6546 # ⧝MY_TOKEN_TYPE
6547 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
6548 # creating a CustomInfoType, or one of the names listed
6549 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6550 # a built-in type. InfoType names should conform to the pattern
6551 # `[a-zA-Z0-9_]{1,64}`.
6552 },
6553 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
6554 # identifier in two different contexts won&#x27;t be given the same surrogate. If
6555 # the context is not set, a default tweak will be used.
6556 #
6557 # If the context is set but:
6558 #
6559 # 1. there is no record present when transforming a given value or
6560 # 1. the field is not present when transforming a given value,
6561 #
6562 # a default tweak will be used.
6563 #
6564 # Note that case (1) is expected when an `InfoTypeTransformation` is
6565 # applied to both structured and non-structured `ContentItem`s.
6566 # Currently, the referenced field may be of value type integer or string.
6567 #
6568 # The tweak is constructed as a sequence of bytes in big endian byte order
6569 # such that:
6570 #
6571 # - a 64 bit integer is encoded followed by a single byte of value 1
6572 # - a string is encoded in UTF-8 format followed by a single byte of value 2
6573 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
6574 },
6575 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
6576 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
6577 # a key encryption key (KEK) stored by KMS).
6578 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6579 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6580 # unwrap the data crypto key.
6581 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
6582 # leaking the key. Choose another type of key if possible.
6583 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
6584 },
6585 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
6586 # It will be discarded after the request finishes.
6587 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
6588 # This is an arbitrary string used to differentiate different keys.
6589 # A unique key is generated per name: two separate `TransientCryptoKey`
6590 # protos share the same generated key if their names are the same.
6591 # When the data crypto key is generated, this name is not used in any way
6592 # (repeating the api call will result in a different key being generated).
6593 },
6594 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
6595 # The wrapped key must be a 128/192/256 bit key.
6596 # Authorization requires the following IAM permissions when sending a request
6597 # to perform a crypto transformation using a kms-wrapped crypto key:
6598 # dlp.kms.encrypt
6599 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
6600 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
6601 },
6602 },
6603 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
6604 # that the FFX mode natively supports. This happens before/after
6605 # encryption/decryption.
6606 # Each character listed must appear only once.
6607 # Number of characters must be in the range [2, 95].
6608 # This must be encoded as ASCII.
6609 # The order of characters does not matter.
6610 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
6611 },
6612 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
6613 # input. Outputs a base64 encoded representation of the encrypted output.
6614 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
6615 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
6616 # This annotation will be applied to the surrogate by prefixing it with
6617 # the name of the custom info type followed by the number of
6618 # characters comprising the surrogate. The following scheme defines the
6619 # format: {info type name}({surrogate character count}):{surrogate}
6620 #
6621 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
6622 # the surrogate is &#x27;abc&#x27;, the full replacement value
6623 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
6624 #
6625 # This annotation identifies the surrogate when inspecting content using the
6626 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
6627 # surrogate when it occurs in free text.
6628 #
6629 # Note: For record transformations where the entire cell in a table is being
6630 # transformed, surrogates are not mandatory. Surrogates are used to denote
6631 # the location of the token and are necessary for re-identification in free
6632 # form text.
6633 #
6634 # In order for inspection to work properly, the name of this info type must
6635 # not occur naturally anywhere in your data; otherwise, inspection may either
6636 #
6637 # - reverse a surrogate that does not correspond to an actual identifier
6638 # - be unable to parse the surrogate and result in an error
6639 #
6640 # Therefore, choose your custom info type name carefully after considering
6641 # what your data looks like. One way to select a name that has a high chance
6642 # of yielding reliable detection is to include one or more unicode characters
6643 # that are highly improbable to exist in your data.
6644 # For example, assuming your data is entered from a regular ASCII keyboard,
6645 # the symbol with the hex code point 29DD might be used like so:
6646 # ⧝MY_TOKEN_TYPE.
6647 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
6648 # creating a CustomInfoType, or one of the names listed
6649 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
6650 # a built-in type. InfoType names should conform to the pattern
6651 # `[a-zA-Z0-9_]{1,64}`.
6652 },
6653 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
6654 # referential integrity such that the same identifier in two different
6655 # contexts will be given a distinct surrogate. The context is appended to
6656 # plaintext value being encrypted. On decryption the provided context is
6657 # validated against the value used during encryption. If a context was
6658 # provided during encryption, same context must be provided during decryption
6659 # as well.
6660 #
6661 # If the context is not set, plaintext would be used as is for encryption.
6662 # If the context is set but:
6663 #
6664 # 1. there is no record present when transforming a given value or
6665 # 2. the field is not present when transforming a given value,
6666 #
6667 # plaintext would be used as is for encryption.
6668 #
6669 # Note that case (1) is expected when an `InfoTypeTransformation` is
6670 # applied to both structured and non-structured `ContentItem`s.
6671 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
6672 },
6673 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
6674 # a key encryption key (KEK) stored by KMS).
6675 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
6676 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
6677 # unwrap the data crypto key.
6678 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
6679 # leaking the key. Choose another type of key if possible.
6680 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
6681 },
6682 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
6683 # It will be discarded after the request finishes.
6684 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
6685 # This is an arbitrary string used to differentiate different keys.
6686 # A unique key is generated per name: two separate `TransientCryptoKey`
6687 # protos share the same generated key if their names are the same.
6688 # When the data crypto key is generated, this name is not used in any way
6689 # (repeating the api call will result in a different key being generated).
6690 },
6691 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
6692 # The wrapped key must be a 128/192/256 bit key.
6693 # Authorization requires the following IAM permissions when sending a request
6694 # to perform a crypto transformation using a kms-wrapped crypto key:
6695 # dlp.kms.encrypt
6696 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
6697 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
6698 },
6699 },
6700 },
6701 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
6702 # replacement values are dynamically provided by the user for custom behavior,
6703 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
6704 # This can be used on
6705 # data of type: number, long, string, timestamp.
6706 # If the bound `Value` type differs from the type of data being transformed, we
6707 # will first attempt converting the type of the data to be transformed to match
6708 # the type of the bound before comparing.
6709 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6710 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
6711 { # Bucket is represented as a range, along with replacement values.
6712 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
6713 # the default behavior will be to hyphenate the min-max range.
6714 # Note that for the purposes of inspection or transformation, the number
6715 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6716 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6717 # 123456789, the number of bytes would be counted as 9, even though an
6718 # int64 only holds up to 8 bytes of data.
6719 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6720 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6721 # and time zone are either specified elsewhere or are not significant. The date
6722 # is relative to the Proleptic Gregorian Calendar. This can represent:
6723 #
6724 # * A full date, with non-zero year, month and day values
6725 # * A month and day value, with a zero year, e.g. an anniversary
6726 # * A year on its own, with zero month and day values
6727 # * A year and month value, with a zero day, e.g. a credit card expiration date
6728 #
6729 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6730 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6731 # a year.
6732 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6733 # month and day.
6734 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6735 # if specifying a year by itself or a year and month where the day is not
6736 # significant.
6737 },
6738 &quot;stringValue&quot;: &quot;A String&quot;, # string
6739 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6740 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6741 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6742 # types are google.type.Date and `google.protobuf.Timestamp`.
6743 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6744 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6745 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6746 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6747 # allow the value 60 if it allows leap-seconds.
6748 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6749 },
6750 &quot;booleanValue&quot;: True or False, # boolean
6751 &quot;floatValue&quot;: 3.14, # float
6752 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6753 },
6754 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
6755 # used.
6756 # Note that for the purposes of inspection or transformation, the number
6757 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6758 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6759 # 123456789, the number of bytes would be counted as 9, even though an
6760 # int64 only holds up to 8 bytes of data.
6761 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6762 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6763 # and time zone are either specified elsewhere or are not significant. The date
6764 # is relative to the Proleptic Gregorian Calendar. This can represent:
6765 #
6766 # * A full date, with non-zero year, month and day values
6767 # * A month and day value, with a zero year, e.g. an anniversary
6768 # * A year on its own, with zero month and day values
6769 # * A year and month value, with a zero day, e.g. a credit card expiration date
6770 #
6771 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6772 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6773 # a year.
6774 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6775 # month and day.
6776 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6777 # if specifying a year by itself or a year and month where the day is not
6778 # significant.
6779 },
6780 &quot;stringValue&quot;: &quot;A String&quot;, # string
6781 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6782 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6783 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6784 # types are google.type.Date and `google.protobuf.Timestamp`.
6785 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6786 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6787 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6788 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6789 # allow the value 60 if it allows leap-seconds.
6790 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6791 },
6792 &quot;booleanValue&quot;: True or False, # boolean
6793 &quot;floatValue&quot;: 3.14, # float
6794 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6795 },
6796 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
6797 # Note that for the purposes of inspection or transformation, the number
6798 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6799 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6800 # 123456789, the number of bytes would be counted as 9, even though an
6801 # int64 only holds up to 8 bytes of data.
6802 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6803 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6804 # and time zone are either specified elsewhere or are not significant. The date
6805 # is relative to the Proleptic Gregorian Calendar. This can represent:
6806 #
6807 # * A full date, with non-zero year, month and day values
6808 # * A month and day value, with a zero year, e.g. an anniversary
6809 # * A year on its own, with zero month and day values
6810 # * A year and month value, with a zero day, e.g. a credit card expiration date
6811 #
6812 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6813 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6814 # a year.
6815 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6816 # month and day.
6817 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6818 # if specifying a year by itself or a year and month where the day is not
6819 # significant.
6820 },
6821 &quot;stringValue&quot;: &quot;A String&quot;, # string
6822 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6823 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6824 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6825 # types are google.type.Date and `google.protobuf.Timestamp`.
6826 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6827 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6828 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6829 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6830 # allow the value 60 if it allows leap-seconds.
6831 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6832 },
6833 &quot;booleanValue&quot;: True or False, # boolean
6834 &quot;floatValue&quot;: 3.14, # float
6835 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6836 },
6837 },
6838 ],
6839 },
6840 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
6841 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
6842 # output would be &#x27;My phone number is &#x27;.
6843 },
6844 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
6845 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
6846 # Note that for the purposes of inspection or transformation, the number
6847 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6848 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6849 # 123456789, the number of bytes would be counted as 9, even though an
6850 # int64 only holds up to 8 bytes of data.
6851 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6852 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6853 # and time zone are either specified elsewhere or are not significant. The date
6854 # is relative to the Proleptic Gregorian Calendar. This can represent:
6855 #
6856 # * A full date, with non-zero year, month and day values
6857 # * A month and day value, with a zero year, e.g. an anniversary
6858 # * A year on its own, with zero month and day values
6859 # * A year and month value, with a zero day, e.g. a credit card expiration date
6860 #
6861 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6862 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6863 # a year.
6864 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6865 # month and day.
6866 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6867 # if specifying a year by itself or a year and month where the day is not
6868 # significant.
6869 },
6870 &quot;stringValue&quot;: &quot;A String&quot;, # string
6871 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6872 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6873 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6874 # types are google.type.Date and `google.protobuf.Timestamp`.
6875 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6876 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6877 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6878 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6879 # allow the value 60 if it allows leap-seconds.
6880 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6881 },
6882 &quot;booleanValue&quot;: True or False, # boolean
6883 &quot;floatValue&quot;: 3.14, # float
6884 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6885 },
6886 },
6887 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
6888 # Bucketing transformation can provide all of this functionality,
6889 # but requires more configuration. This message is provided as a convenience to
6890 # the user for simple bucketing strategies.
6891 #
6892 # The transformed value will be a hyphenated string of
6893 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
6894 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
6895 #
6896 # This can be used on data of type: double, long.
6897 #
6898 # If the bound Value type differs from the type of data
6899 # being transformed, we will first attempt converting the type of the data to
6900 # be transformed to match the type of the bound before comparing.
6901 #
6902 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
6903 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
6904 # grouped together into a single bucket; for example if `upper_bound` = 89,
6905 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
6906 # Note that for the purposes of inspection or transformation, the number
6907 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6908 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6909 # 123456789, the number of bytes would be counted as 9, even though an
6910 # int64 only holds up to 8 bytes of data.
6911 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6912 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6913 # and time zone are either specified elsewhere or are not significant. The date
6914 # is relative to the Proleptic Gregorian Calendar. This can represent:
6915 #
6916 # * A full date, with non-zero year, month and day values
6917 # * A month and day value, with a zero year, e.g. an anniversary
6918 # * A year on its own, with zero month and day values
6919 # * A year and month value, with a zero day, e.g. a credit card expiration date
6920 #
6921 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6922 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6923 # a year.
6924 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6925 # month and day.
6926 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6927 # if specifying a year by itself or a year and month where the day is not
6928 # significant.
6929 },
6930 &quot;stringValue&quot;: &quot;A String&quot;, # string
6931 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6932 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6933 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6934 # types are google.type.Date and `google.protobuf.Timestamp`.
6935 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6936 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6937 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6938 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6939 # allow the value 60 if it allows leap-seconds.
6940 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6941 },
6942 &quot;booleanValue&quot;: True or False, # boolean
6943 &quot;floatValue&quot;: 3.14, # float
6944 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6945 },
6946 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
6947 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
6948 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
6949 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
6950 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
6951 # grouped together into a single bucket; for example if `lower_bound` = 10,
6952 # then all values less than 10 are replaced with the value &quot;-10&quot;.
6953 # Note that for the purposes of inspection or transformation, the number
6954 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
6955 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
6956 # 123456789, the number of bytes would be counted as 9, even though an
6957 # int64 only holds up to 8 bytes of data.
6958 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
6959 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
6960 # and time zone are either specified elsewhere or are not significant. The date
6961 # is relative to the Proleptic Gregorian Calendar. This can represent:
6962 #
6963 # * A full date, with non-zero year, month and day values
6964 # * A month and day value, with a zero year, e.g. an anniversary
6965 # * A year on its own, with zero month and day values
6966 # * A year and month value, with a zero day, e.g. a credit card expiration date
6967 #
6968 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
6969 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
6970 # a year.
6971 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
6972 # month and day.
6973 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
6974 # if specifying a year by itself or a year and month where the day is not
6975 # significant.
6976 },
6977 &quot;stringValue&quot;: &quot;A String&quot;, # string
6978 &quot;integerValue&quot;: &quot;A String&quot;, # integer
6979 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
6980 # or are specified elsewhere. An API may choose to allow leap seconds. Related
6981 # types are google.type.Date and `google.protobuf.Timestamp`.
6982 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
6983 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
6984 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
6985 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
6986 # allow the value 60 if it allows leap-seconds.
6987 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
6988 },
6989 &quot;booleanValue&quot;: True or False, # boolean
6990 &quot;floatValue&quot;: 3.14, # float
6991 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
6992 },
6993 },
6994 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
6995 # fixed character. Masking can start from the beginning or end of the string.
6996 # This can be used on data of any type (numbers, longs, and so on) and when
6997 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
6998 # type. (This allows you to take a long like 123 and modify it to a string like
6999 # **3.
7000 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
7001 # characters. For example, if the input string is `555-555-5555` and you
7002 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
7003 # returns `***-**5-5555`.
7004 { # Characters to skip when doing deidentification of a value. These will be left
7005 # alone and skipped.
7006 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
7007 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
7008 # punctuation.
7009 },
7010 ],
7011 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
7012 # masked. Skipped characters do not count towards this tally.
7013 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
7014 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
7015 # code or credit card number. This string must have a length of 1. If not
7016 # supplied, this value defaults to `*` for strings, and `0` for digits.
7017 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
7018 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
7019 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
7020 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
7021 # is `true`, then the string `12345` is masked as `12***`.
7022 },
7023 },
7024 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
7025 # this transformation to apply to all findings that correspond to
7026 # infoTypes that were requested in `InspectConfig`.
7027 { # Type of information detected by the API.
7028 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
7029 # creating a CustomInfoType, or one of the names listed
7030 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7031 # a built-in type. InfoType names should conform to the pattern
7032 # `[a-zA-Z0-9_]{1,64}`.
7033 },
7034 ],
7035 },
7036 ],
7037 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007038 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
7039 # mode is `TransformationErrorHandling.ThrowError`.
7040 # transformation error occurs when the requested transformation is incompatible
7041 # with the data. For example, trying to de-identify an IP address using a
7042 # `DateShift` transformation would result in a transformation error, since date
7043 # info cannot be extracted from an IP address.
7044 # Information about any incompatible transformations, and how they were
7045 # handled, is returned in the response as part of the
7046 # `TransformationOverviews`.
7047 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
7048 },
7049 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
7050 # cause an error. For example, if a `DateShift` transformation were applied
7051 # an an IP address, this mode would leave the IP address unchanged in the
7052 # response.
7053 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007054 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007055 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007056 # specific locations within structured datasets, such as transforming
7057 # a column within a table.
7058 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -07007059 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007060 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07007061 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -07007062 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -07007063 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -07007064 },
7065 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07007066 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007067 # transform content that matches an `InfoType`.
7068 # apply various `PrimitiveTransformation`s to each finding, where the
7069 # transformation is applied to only values that were identified as a specific
7070 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07007071 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -07007072 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007073 { # A transformation to apply to text that is identified as a specific
7074 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07007075 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
7076 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
7077 # portion of the value.
7078 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
7079 },
7080 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
7081 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
7082 # to learn more.
7083 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
7084 # If set, must also set cryptoKey. If set, shift will be consistent for the
7085 # given context.
7086 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
7087 },
7088 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
7089 # range (inclusive ends). Negative means shift to earlier in time. Must not
7090 # be more than 365250 days (1000 years) each direction.
7091 #
7092 # For example, 3 means shift date to at most 3 days into the future.
7093 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
7094 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
7095 # results in the same shift for the same context and crypto_key. If
7096 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007097 # a key encryption key (KEK) stored by KMS).
7098 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7099 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7100 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007101 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007102 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -07007103 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007104 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007105 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007106 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -07007107 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007108 # This is an arbitrary string used to differentiate different keys.
7109 # A unique key is generated per name: two separate `TransientCryptoKey`
7110 # protos share the same generated key if their names are the same.
7111 # When the data crypto key is generated, this name is not used in any way
7112 # (repeating the api call will result in a different key being generated).
7113 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007114 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7115 # The wrapped key must be a 128/192/256 bit key.
7116 # Authorization requires the following IAM permissions when sending a request
7117 # to perform a crypto transformation using a kms-wrapped crypto key:
7118 # dlp.kms.encrypt
7119 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7120 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7121 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007122 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007123 },
7124 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
7125 },
7126 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
7127 # Uses SHA-256.
7128 # The key size must be either 32 or 64 bytes.
7129 # Outputs a base64 encoded representation of the hashed output
7130 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
7131 # Currently, only string and integer values can be hashed.
7132 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
7133 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
7134 # a key encryption key (KEK) stored by KMS).
7135 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7136 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7137 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007138 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7139 # leaking the key. Choose another type of key if possible.
7140 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7141 },
7142 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7143 # It will be discarded after the request finishes.
7144 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7145 # This is an arbitrary string used to differentiate different keys.
7146 # A unique key is generated per name: two separate `TransientCryptoKey`
7147 # protos share the same generated key if their names are the same.
7148 # When the data crypto key is generated, this name is not used in any way
7149 # (repeating the api call will result in a different key being generated).
7150 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007151 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7152 # The wrapped key must be a 128/192/256 bit key.
7153 # Authorization requires the following IAM permissions when sending a request
7154 # to perform a crypto transformation using a kms-wrapped crypto key:
7155 # dlp.kms.encrypt
7156 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7157 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7158 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007159 },
7160 },
7161 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
7162 # (FPE) with the FFX mode of operation; however when used in the
7163 # `ReidentifyContent` API method, it serves the opposite function by reversing
7164 # the surrogate back into the original identifier. The identifier must be
7165 # encoded as ASCII. For a given crypto key and context, the same identifier
7166 # will be replaced with the same surrogate. Identifiers must be at least two
7167 # characters long. In the case that the identifier is the empty string, it will
7168 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
7169 # more.
7170 #
7171 # Note: We recommend using CryptoDeterministicConfig for all use cases which
7172 # do not require preserving the input alphabet space and size, plus warrant
7173 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07007174 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
7175 # This annotation will be applied to the surrogate by prefixing it with
7176 # the name of the custom infoType followed by the number of
7177 # characters comprising the surrogate. The following scheme defines the
7178 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007179 #
Bu Sun Kim65020912020-05-20 12:08:20 -07007180 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
7181 # the surrogate is &#x27;abc&#x27;, the full replacement value
7182 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
7183 #
7184 # This annotation identifies the surrogate when inspecting content using the
7185 # custom infoType
7186 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
7187 # This facilitates reversal of the surrogate when it occurs in free text.
7188 #
7189 # In order for inspection to work properly, the name of this infoType must
7190 # not occur naturally anywhere in your data; otherwise, inspection may
7191 # find a surrogate that does not correspond to an actual identifier.
7192 # Therefore, choose your custom infoType name carefully after considering
7193 # what your data looks like. One way to select a name that has a high chance
7194 # of yielding reliable detection is to include one or more unicode characters
7195 # that are highly improbable to exist in your data.
7196 # For example, assuming your data is entered from a regular ASCII keyboard,
7197 # the symbol with the hex code point 29DD might be used like so:
7198 # ⧝MY_TOKEN_TYPE
7199 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
7200 # creating a CustomInfoType, or one of the names listed
7201 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7202 # a built-in type. InfoType names should conform to the pattern
7203 # `[a-zA-Z0-9_]{1,64}`.
7204 },
7205 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
7206 # identifier in two different contexts won&#x27;t be given the same surrogate. If
7207 # the context is not set, a default tweak will be used.
7208 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007209 # If the context is set but:
7210 #
7211 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07007212 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007213 #
Bu Sun Kim65020912020-05-20 12:08:20 -07007214 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007215 #
7216 # Note that case (1) is expected when an `InfoTypeTransformation` is
7217 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07007218 # Currently, the referenced field may be of value type integer or string.
7219 #
7220 # The tweak is constructed as a sequence of bytes in big endian byte order
7221 # such that:
7222 #
7223 # - a 64 bit integer is encoded followed by a single byte of value 1
7224 # - a string is encoded in UTF-8 format followed by a single byte of value 2
7225 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007226 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007227 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
7228 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
7229 # a key encryption key (KEK) stored by KMS).
7230 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7231 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7232 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007233 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7234 # leaking the key. Choose another type of key if possible.
7235 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7236 },
7237 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7238 # It will be discarded after the request finishes.
7239 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7240 # This is an arbitrary string used to differentiate different keys.
7241 # A unique key is generated per name: two separate `TransientCryptoKey`
7242 # protos share the same generated key if their names are the same.
7243 # When the data crypto key is generated, this name is not used in any way
7244 # (repeating the api call will result in a different key being generated).
7245 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007246 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7247 # The wrapped key must be a 128/192/256 bit key.
7248 # Authorization requires the following IAM permissions when sending a request
7249 # to perform a crypto transformation using a kms-wrapped crypto key:
7250 # dlp.kms.encrypt
7251 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7252 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7253 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007254 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007255 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
7256 # that the FFX mode natively supports. This happens before/after
7257 # encryption/decryption.
7258 # Each character listed must appear only once.
7259 # Number of characters must be in the range [2, 95].
7260 # This must be encoded as ASCII.
7261 # The order of characters does not matter.
7262 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07007263 },
7264 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
7265 # input. Outputs a base64 encoded representation of the encrypted output.
7266 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
7267 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007268 # This annotation will be applied to the surrogate by prefixing it with
7269 # the name of the custom info type followed by the number of
7270 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -07007271 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007272 #
Bu Sun Kim65020912020-05-20 12:08:20 -07007273 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
7274 # the surrogate is &#x27;abc&#x27;, the full replacement value
7275 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007276 #
7277 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -07007278 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007279 # surrogate when it occurs in free text.
7280 #
Dan O'Mearadd494642020-05-01 07:42:23 -07007281 # Note: For record transformations where the entire cell in a table is being
7282 # transformed, surrogates are not mandatory. Surrogates are used to denote
7283 # the location of the token and are necessary for re-identification in free
7284 # form text.
7285 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007286 # In order for inspection to work properly, the name of this info type must
7287 # not occur naturally anywhere in your data; otherwise, inspection may either
7288 #
7289 # - reverse a surrogate that does not correspond to an actual identifier
7290 # - be unable to parse the surrogate and result in an error
7291 #
7292 # Therefore, choose your custom info type name carefully after considering
7293 # what your data looks like. One way to select a name that has a high chance
7294 # of yielding reliable detection is to include one or more unicode characters
7295 # that are highly improbable to exist in your data.
7296 # For example, assuming your data is entered from a regular ASCII keyboard,
7297 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -07007298 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -07007299 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007300 # creating a CustomInfoType, or one of the names listed
7301 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7302 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -07007303 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007304 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007305 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
7306 # referential integrity such that the same identifier in two different
7307 # contexts will be given a distinct surrogate. The context is appended to
7308 # plaintext value being encrypted. On decryption the provided context is
7309 # validated against the value used during encryption. If a context was
7310 # provided during encryption, same context must be provided during decryption
7311 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007312 #
Bu Sun Kim65020912020-05-20 12:08:20 -07007313 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007314 # If the context is set but:
7315 #
7316 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07007317 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007318 #
Bu Sun Kim65020912020-05-20 12:08:20 -07007319 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007320 #
7321 # Note that case (1) is expected when an `InfoTypeTransformation` is
7322 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07007323 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007324 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007325 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
7326 # a key encryption key (KEK) stored by KMS).
7327 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7328 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7329 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007330 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7331 # leaking the key. Choose another type of key if possible.
7332 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7333 },
7334 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7335 # It will be discarded after the request finishes.
7336 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7337 # This is an arbitrary string used to differentiate different keys.
7338 # A unique key is generated per name: two separate `TransientCryptoKey`
7339 # protos share the same generated key if their names are the same.
7340 # When the data crypto key is generated, this name is not used in any way
7341 # (repeating the api call will result in a different key being generated).
7342 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007343 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7344 # The wrapped key must be a 128/192/256 bit key.
7345 # Authorization requires the following IAM permissions when sending a request
7346 # to perform a crypto transformation using a kms-wrapped crypto key:
7347 # dlp.kms.encrypt
7348 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7349 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7350 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007351 },
7352 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007353 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -07007354 # replacement values are dynamically provided by the user for custom behavior,
7355 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
7356 # This can be used on
7357 # data of type: number, long, string, timestamp.
7358 # If the bound `Value` type differs from the type of data being transformed, we
7359 # will first attempt converting the type of the data to be transformed to match
7360 # the type of the bound before comparing.
7361 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07007362 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -07007363 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07007364 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
7365 # the default behavior will be to hyphenate the min-max range.
7366 # Note that for the purposes of inspection or transformation, the number
7367 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7368 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7369 # 123456789, the number of bytes would be counted as 9, even though an
7370 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07007371 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7372 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7373 # and time zone are either specified elsewhere or are not significant. The date
7374 # is relative to the Proleptic Gregorian Calendar. This can represent:
7375 #
7376 # * A full date, with non-zero year, month and day values
7377 # * A month and day value, with a zero year, e.g. an anniversary
7378 # * A year on its own, with zero month and day values
7379 # * A year and month value, with a zero day, e.g. a credit card expiration date
7380 #
7381 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7382 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7383 # a year.
7384 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7385 # month and day.
7386 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7387 # if specifying a year by itself or a year and month where the day is not
7388 # significant.
7389 },
7390 &quot;stringValue&quot;: &quot;A String&quot;, # string
7391 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7392 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7393 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7394 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07007395 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7396 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7397 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007398 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7399 # allow the value 60 if it allows leap-seconds.
7400 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07007401 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007402 &quot;booleanValue&quot;: True or False, # boolean
7403 &quot;floatValue&quot;: 3.14, # float
7404 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
7405 },
7406 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
7407 # used.
7408 # Note that for the purposes of inspection or transformation, the number
7409 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7410 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7411 # 123456789, the number of bytes would be counted as 9, even though an
7412 # int64 only holds up to 8 bytes of data.
7413 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7414 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7415 # and time zone are either specified elsewhere or are not significant. The date
7416 # is relative to the Proleptic Gregorian Calendar. This can represent:
7417 #
7418 # * A full date, with non-zero year, month and day values
7419 # * A month and day value, with a zero year, e.g. an anniversary
7420 # * A year on its own, with zero month and day values
7421 # * A year and month value, with a zero day, e.g. a credit card expiration date
7422 #
7423 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7424 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7425 # a year.
7426 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7427 # month and day.
7428 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7429 # if specifying a year by itself or a year and month where the day is not
7430 # significant.
7431 },
7432 &quot;stringValue&quot;: &quot;A String&quot;, # string
7433 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7434 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7435 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7436 # types are google.type.Date and `google.protobuf.Timestamp`.
7437 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7438 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7439 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
7440 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7441 # allow the value 60 if it allows leap-seconds.
7442 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7443 },
7444 &quot;booleanValue&quot;: True or False, # boolean
7445 &quot;floatValue&quot;: 3.14, # float
7446 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
7447 },
7448 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
7449 # Note that for the purposes of inspection or transformation, the number
7450 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7451 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7452 # 123456789, the number of bytes would be counted as 9, even though an
7453 # int64 only holds up to 8 bytes of data.
7454 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7455 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7456 # and time zone are either specified elsewhere or are not significant. The date
7457 # is relative to the Proleptic Gregorian Calendar. This can represent:
7458 #
7459 # * A full date, with non-zero year, month and day values
7460 # * A month and day value, with a zero year, e.g. an anniversary
7461 # * A year on its own, with zero month and day values
7462 # * A year and month value, with a zero day, e.g. a credit card expiration date
7463 #
7464 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7465 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7466 # a year.
7467 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7468 # month and day.
7469 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7470 # if specifying a year by itself or a year and month where the day is not
7471 # significant.
7472 },
7473 &quot;stringValue&quot;: &quot;A String&quot;, # string
7474 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7475 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7476 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7477 # types are google.type.Date and `google.protobuf.Timestamp`.
7478 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7479 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7480 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
7481 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7482 # allow the value 60 if it allows leap-seconds.
7483 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7484 },
7485 &quot;booleanValue&quot;: True or False, # boolean
7486 &quot;floatValue&quot;: 3.14, # float
7487 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -07007488 },
7489 },
7490 ],
7491 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007492 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
7493 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
7494 # output would be &#x27;My phone number is &#x27;.
7495 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007496 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
7497 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007498 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -07007499 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7500 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007501 # 123456789, the number of bytes would be counted as 9, even though an
7502 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07007503 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7504 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007505 # and time zone are either specified elsewhere or are not significant. The date
7506 # is relative to the Proleptic Gregorian Calendar. This can represent:
7507 #
7508 # * A full date, with non-zero year, month and day values
7509 # * A month and day value, with a zero year, e.g. an anniversary
7510 # * A year on its own, with zero month and day values
7511 # * A year and month value, with a zero day, e.g. a credit card expiration date
7512 #
7513 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07007514 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7515 # a year.
7516 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -07007517 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -07007518 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007519 # if specifying a year by itself or a year and month where the day is not
7520 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07007521 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007522 &quot;stringValue&quot;: &quot;A String&quot;, # string
7523 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7524 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7525 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7526 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07007527 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7528 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7529 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007530 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7531 # allow the value 60 if it allows leap-seconds.
7532 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07007533 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007534 &quot;booleanValue&quot;: True or False, # boolean
7535 &quot;floatValue&quot;: 3.14, # float
7536 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07007537 },
7538 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007539 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
7540 # Bucketing transformation can provide all of this functionality,
7541 # but requires more configuration. This message is provided as a convenience to
7542 # the user for simple bucketing strategies.
7543 #
7544 # The transformed value will be a hyphenated string of
7545 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
7546 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
7547 #
7548 # This can be used on data of type: double, long.
7549 #
7550 # If the bound Value type differs from the type of data
7551 # being transformed, we will first attempt converting the type of the data to
7552 # be transformed to match the type of the bound before comparing.
7553 #
7554 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07007555 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
7556 # grouped together into a single bucket; for example if `upper_bound` = 89,
7557 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
7558 # Note that for the purposes of inspection or transformation, the number
7559 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7560 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7561 # 123456789, the number of bytes would be counted as 9, even though an
7562 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07007563 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7564 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7565 # and time zone are either specified elsewhere or are not significant. The date
7566 # is relative to the Proleptic Gregorian Calendar. This can represent:
7567 #
7568 # * A full date, with non-zero year, month and day values
7569 # * A month and day value, with a zero year, e.g. an anniversary
7570 # * A year on its own, with zero month and day values
7571 # * A year and month value, with a zero day, e.g. a credit card expiration date
7572 #
7573 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7574 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7575 # a year.
7576 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7577 # month and day.
7578 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7579 # if specifying a year by itself or a year and month where the day is not
7580 # significant.
7581 },
7582 &quot;stringValue&quot;: &quot;A String&quot;, # string
7583 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7584 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7585 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7586 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07007587 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7588 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7589 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007590 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7591 # allow the value 60 if it allows leap-seconds.
7592 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07007593 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007594 &quot;booleanValue&quot;: True or False, # boolean
7595 &quot;floatValue&quot;: 3.14, # float
7596 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07007597 },
7598 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
7599 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
7600 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
7601 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007602 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
7603 # grouped together into a single bucket; for example if `lower_bound` = 10,
7604 # then all values less than 10 are replaced with the value &quot;-10&quot;.
7605 # Note that for the purposes of inspection or transformation, the number
7606 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7607 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7608 # 123456789, the number of bytes would be counted as 9, even though an
7609 # int64 only holds up to 8 bytes of data.
7610 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7611 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7612 # and time zone are either specified elsewhere or are not significant. The date
7613 # is relative to the Proleptic Gregorian Calendar. This can represent:
7614 #
7615 # * A full date, with non-zero year, month and day values
7616 # * A month and day value, with a zero year, e.g. an anniversary
7617 # * A year on its own, with zero month and day values
7618 # * A year and month value, with a zero day, e.g. a credit card expiration date
7619 #
7620 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7621 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7622 # a year.
7623 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
7624 # month and day.
7625 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
7626 # if specifying a year by itself or a year and month where the day is not
7627 # significant.
7628 },
7629 &quot;stringValue&quot;: &quot;A String&quot;, # string
7630 &quot;integerValue&quot;: &quot;A String&quot;, # integer
7631 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
7632 # or are specified elsewhere. An API may choose to allow leap seconds. Related
7633 # types are google.type.Date and `google.protobuf.Timestamp`.
7634 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
7635 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
7636 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
7637 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
7638 # allow the value 60 if it allows leap-seconds.
7639 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
7640 },
7641 &quot;booleanValue&quot;: True or False, # boolean
7642 &quot;floatValue&quot;: 3.14, # float
7643 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
7644 },
7645 },
7646 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
7647 # fixed character. Masking can start from the beginning or end of the string.
7648 # This can be used on data of any type (numbers, longs, and so on) and when
7649 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
7650 # type. (This allows you to take a long like 123 and modify it to a string like
7651 # **3.
7652 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
7653 # characters. For example, if the input string is `555-555-5555` and you
7654 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
7655 # returns `***-**5-5555`.
7656 { # Characters to skip when doing deidentification of a value. These will be left
7657 # alone and skipped.
7658 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
7659 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
7660 # punctuation.
7661 },
7662 ],
7663 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
7664 # masked. Skipped characters do not count towards this tally.
7665 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
7666 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
7667 # code or credit card number. This string must have a length of 1. If not
7668 # supplied, this value defaults to `*` for strings, and `0` for digits.
7669 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
7670 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
7671 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
7672 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
7673 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07007674 },
7675 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007676 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
7677 # this transformation to apply to all findings that correspond to
7678 # infoTypes that were requested in `InspectConfig`.
7679 { # Type of information detected by the API.
7680 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
7681 # creating a CustomInfoType, or one of the names listed
7682 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7683 # a built-in type. InfoType names should conform to the pattern
7684 # `[a-zA-Z0-9_]{1,64}`.
7685 },
7686 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07007687 },
7688 ],
7689 },
7690 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
7691 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
7692 # portion of the value.
7693 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
7694 },
7695 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
7696 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
7697 # to learn more.
7698 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
7699 # If set, must also set cryptoKey. If set, shift will be consistent for the
7700 # given context.
7701 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
7702 },
7703 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
7704 # range (inclusive ends). Negative means shift to earlier in time. Must not
7705 # be more than 365250 days (1000 years) each direction.
7706 #
7707 # For example, 3 means shift date to at most 3 days into the future.
7708 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
7709 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
7710 # results in the same shift for the same context and crypto_key. If
7711 # set, must also set context. Can only be applied to table items.
7712 # a key encryption key (KEK) stored by KMS).
7713 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7714 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7715 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007716 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7717 # leaking the key. Choose another type of key if possible.
7718 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7719 },
7720 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7721 # It will be discarded after the request finishes.
7722 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7723 # This is an arbitrary string used to differentiate different keys.
7724 # A unique key is generated per name: two separate `TransientCryptoKey`
7725 # protos share the same generated key if their names are the same.
7726 # When the data crypto key is generated, this name is not used in any way
7727 # (repeating the api call will result in a different key being generated).
7728 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007729 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7730 # The wrapped key must be a 128/192/256 bit key.
7731 # Authorization requires the following IAM permissions when sending a request
7732 # to perform a crypto transformation using a kms-wrapped crypto key:
7733 # dlp.kms.encrypt
7734 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7735 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7736 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007737 },
7738 },
7739 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
7740 },
7741 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
7742 # Uses SHA-256.
7743 # The key size must be either 32 or 64 bytes.
7744 # Outputs a base64 encoded representation of the hashed output
7745 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
7746 # Currently, only string and integer values can be hashed.
7747 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
7748 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
7749 # a key encryption key (KEK) stored by KMS).
7750 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7751 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7752 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007753 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7754 # leaking the key. Choose another type of key if possible.
7755 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7756 },
7757 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7758 # It will be discarded after the request finishes.
7759 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7760 # This is an arbitrary string used to differentiate different keys.
7761 # A unique key is generated per name: two separate `TransientCryptoKey`
7762 # protos share the same generated key if their names are the same.
7763 # When the data crypto key is generated, this name is not used in any way
7764 # (repeating the api call will result in a different key being generated).
7765 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007766 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7767 # The wrapped key must be a 128/192/256 bit key.
7768 # Authorization requires the following IAM permissions when sending a request
7769 # to perform a crypto transformation using a kms-wrapped crypto key:
7770 # dlp.kms.encrypt
7771 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7772 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7773 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007774 },
7775 },
7776 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
7777 # (FPE) with the FFX mode of operation; however when used in the
7778 # `ReidentifyContent` API method, it serves the opposite function by reversing
7779 # the surrogate back into the original identifier. The identifier must be
7780 # encoded as ASCII. For a given crypto key and context, the same identifier
7781 # will be replaced with the same surrogate. Identifiers must be at least two
7782 # characters long. In the case that the identifier is the empty string, it will
7783 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
7784 # more.
7785 #
7786 # Note: We recommend using CryptoDeterministicConfig for all use cases which
7787 # do not require preserving the input alphabet space and size, plus warrant
7788 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07007789 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
7790 # This annotation will be applied to the surrogate by prefixing it with
7791 # the name of the custom infoType followed by the number of
7792 # characters comprising the surrogate. The following scheme defines the
7793 # format: info_type_name(surrogate_character_count):surrogate
7794 #
7795 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
7796 # the surrogate is &#x27;abc&#x27;, the full replacement value
7797 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
7798 #
7799 # This annotation identifies the surrogate when inspecting content using the
7800 # custom infoType
7801 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
7802 # This facilitates reversal of the surrogate when it occurs in free text.
7803 #
7804 # In order for inspection to work properly, the name of this infoType must
7805 # not occur naturally anywhere in your data; otherwise, inspection may
7806 # find a surrogate that does not correspond to an actual identifier.
7807 # Therefore, choose your custom infoType name carefully after considering
7808 # what your data looks like. One way to select a name that has a high chance
7809 # of yielding reliable detection is to include one or more unicode characters
7810 # that are highly improbable to exist in your data.
7811 # For example, assuming your data is entered from a regular ASCII keyboard,
7812 # the symbol with the hex code point 29DD might be used like so:
7813 # ⧝MY_TOKEN_TYPE
7814 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
7815 # creating a CustomInfoType, or one of the names listed
7816 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7817 # a built-in type. InfoType names should conform to the pattern
7818 # `[a-zA-Z0-9_]{1,64}`.
7819 },
7820 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
7821 # identifier in two different contexts won&#x27;t be given the same surrogate. If
7822 # the context is not set, a default tweak will be used.
7823 #
7824 # If the context is set but:
7825 #
7826 # 1. there is no record present when transforming a given value or
7827 # 1. the field is not present when transforming a given value,
7828 #
7829 # a default tweak will be used.
7830 #
7831 # Note that case (1) is expected when an `InfoTypeTransformation` is
7832 # applied to both structured and non-structured `ContentItem`s.
7833 # Currently, the referenced field may be of value type integer or string.
7834 #
7835 # The tweak is constructed as a sequence of bytes in big endian byte order
7836 # such that:
7837 #
7838 # - a 64 bit integer is encoded followed by a single byte of value 1
7839 # - a string is encoded in UTF-8 format followed by a single byte of value 2
7840 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
7841 },
7842 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
7843 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
7844 # a key encryption key (KEK) stored by KMS).
7845 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7846 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7847 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007848 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7849 # leaking the key. Choose another type of key if possible.
7850 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7851 },
7852 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7853 # It will be discarded after the request finishes.
7854 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7855 # This is an arbitrary string used to differentiate different keys.
7856 # A unique key is generated per name: two separate `TransientCryptoKey`
7857 # protos share the same generated key if their names are the same.
7858 # When the data crypto key is generated, this name is not used in any way
7859 # (repeating the api call will result in a different key being generated).
7860 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007861 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7862 # The wrapped key must be a 128/192/256 bit key.
7863 # Authorization requires the following IAM permissions when sending a request
7864 # to perform a crypto transformation using a kms-wrapped crypto key:
7865 # dlp.kms.encrypt
7866 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7867 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7868 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007869 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007870 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
7871 # that the FFX mode natively supports. This happens before/after
7872 # encryption/decryption.
7873 # Each character listed must appear only once.
7874 # Number of characters must be in the range [2, 95].
7875 # This must be encoded as ASCII.
7876 # The order of characters does not matter.
7877 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07007878 },
7879 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
7880 # input. Outputs a base64 encoded representation of the encrypted output.
7881 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
7882 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
7883 # This annotation will be applied to the surrogate by prefixing it with
7884 # the name of the custom info type followed by the number of
7885 # characters comprising the surrogate. The following scheme defines the
7886 # format: {info type name}({surrogate character count}):{surrogate}
7887 #
7888 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
7889 # the surrogate is &#x27;abc&#x27;, the full replacement value
7890 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
7891 #
7892 # This annotation identifies the surrogate when inspecting content using the
7893 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
7894 # surrogate when it occurs in free text.
7895 #
7896 # Note: For record transformations where the entire cell in a table is being
7897 # transformed, surrogates are not mandatory. Surrogates are used to denote
7898 # the location of the token and are necessary for re-identification in free
7899 # form text.
7900 #
7901 # In order for inspection to work properly, the name of this info type must
7902 # not occur naturally anywhere in your data; otherwise, inspection may either
7903 #
7904 # - reverse a surrogate that does not correspond to an actual identifier
7905 # - be unable to parse the surrogate and result in an error
7906 #
7907 # Therefore, choose your custom info type name carefully after considering
7908 # what your data looks like. One way to select a name that has a high chance
7909 # of yielding reliable detection is to include one or more unicode characters
7910 # that are highly improbable to exist in your data.
7911 # For example, assuming your data is entered from a regular ASCII keyboard,
7912 # the symbol with the hex code point 29DD might be used like so:
7913 # ⧝MY_TOKEN_TYPE.
7914 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
7915 # creating a CustomInfoType, or one of the names listed
7916 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
7917 # a built-in type. InfoType names should conform to the pattern
7918 # `[a-zA-Z0-9_]{1,64}`.
7919 },
7920 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
7921 # referential integrity such that the same identifier in two different
7922 # contexts will be given a distinct surrogate. The context is appended to
7923 # plaintext value being encrypted. On decryption the provided context is
7924 # validated against the value used during encryption. If a context was
7925 # provided during encryption, same context must be provided during decryption
7926 # as well.
7927 #
7928 # If the context is not set, plaintext would be used as is for encryption.
7929 # If the context is set but:
7930 #
7931 # 1. there is no record present when transforming a given value or
7932 # 2. the field is not present when transforming a given value,
7933 #
7934 # plaintext would be used as is for encryption.
7935 #
7936 # Note that case (1) is expected when an `InfoTypeTransformation` is
7937 # applied to both structured and non-structured `ContentItem`s.
7938 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
7939 },
7940 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
7941 # a key encryption key (KEK) stored by KMS).
7942 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
7943 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
7944 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07007945 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
7946 # leaking the key. Choose another type of key if possible.
7947 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
7948 },
7949 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
7950 # It will be discarded after the request finishes.
7951 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
7952 # This is an arbitrary string used to differentiate different keys.
7953 # A unique key is generated per name: two separate `TransientCryptoKey`
7954 # protos share the same generated key if their names are the same.
7955 # When the data crypto key is generated, this name is not used in any way
7956 # (repeating the api call will result in a different key being generated).
7957 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07007958 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
7959 # The wrapped key must be a 128/192/256 bit key.
7960 # Authorization requires the following IAM permissions when sending a request
7961 # to perform a crypto transformation using a kms-wrapped crypto key:
7962 # dlp.kms.encrypt
7963 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
7964 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
7965 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007966 },
7967 },
Bu Sun Kim65020912020-05-20 12:08:20 -07007968 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
7969 # replacement values are dynamically provided by the user for custom behavior,
7970 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
7971 # This can be used on
7972 # data of type: number, long, string, timestamp.
7973 # If the bound `Value` type differs from the type of data being transformed, we
7974 # will first attempt converting the type of the data to be transformed to match
7975 # the type of the bound before comparing.
7976 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
7977 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
7978 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07007979 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
7980 # the default behavior will be to hyphenate the min-max range.
7981 # Note that for the purposes of inspection or transformation, the number
7982 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
7983 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
7984 # 123456789, the number of bytes would be counted as 9, even though an
7985 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07007986 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
7987 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
7988 # and time zone are either specified elsewhere or are not significant. The date
7989 # is relative to the Proleptic Gregorian Calendar. This can represent:
7990 #
7991 # * A full date, with non-zero year, month and day values
7992 # * A month and day value, with a zero year, e.g. an anniversary
7993 # * A year on its own, with zero month and day values
7994 # * A year and month value, with a zero day, e.g. a credit card expiration date
7995 #
7996 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
7997 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
7998 # a year.
7999 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8000 # month and day.
8001 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8002 # if specifying a year by itself or a year and month where the day is not
8003 # significant.
8004 },
8005 &quot;stringValue&quot;: &quot;A String&quot;, # string
8006 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8007 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8008 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8009 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07008010 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8011 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8012 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008013 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8014 # allow the value 60 if it allows leap-seconds.
8015 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008016 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008017 &quot;booleanValue&quot;: True or False, # boolean
8018 &quot;floatValue&quot;: 3.14, # float
8019 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8020 },
8021 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
8022 # used.
8023 # Note that for the purposes of inspection or transformation, the number
8024 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8025 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8026 # 123456789, the number of bytes would be counted as 9, even though an
8027 # int64 only holds up to 8 bytes of data.
8028 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8029 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8030 # and time zone are either specified elsewhere or are not significant. The date
8031 # is relative to the Proleptic Gregorian Calendar. This can represent:
8032 #
8033 # * A full date, with non-zero year, month and day values
8034 # * A month and day value, with a zero year, e.g. an anniversary
8035 # * A year on its own, with zero month and day values
8036 # * A year and month value, with a zero day, e.g. a credit card expiration date
8037 #
8038 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8039 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8040 # a year.
8041 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8042 # month and day.
8043 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8044 # if specifying a year by itself or a year and month where the day is not
8045 # significant.
8046 },
8047 &quot;stringValue&quot;: &quot;A String&quot;, # string
8048 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8049 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8050 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8051 # types are google.type.Date and `google.protobuf.Timestamp`.
8052 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8053 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8054 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8055 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8056 # allow the value 60 if it allows leap-seconds.
8057 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8058 },
8059 &quot;booleanValue&quot;: True or False, # boolean
8060 &quot;floatValue&quot;: 3.14, # float
8061 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8062 },
8063 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
8064 # Note that for the purposes of inspection or transformation, the number
8065 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8066 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8067 # 123456789, the number of bytes would be counted as 9, even though an
8068 # int64 only holds up to 8 bytes of data.
8069 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8070 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8071 # and time zone are either specified elsewhere or are not significant. The date
8072 # is relative to the Proleptic Gregorian Calendar. This can represent:
8073 #
8074 # * A full date, with non-zero year, month and day values
8075 # * A month and day value, with a zero year, e.g. an anniversary
8076 # * A year on its own, with zero month and day values
8077 # * A year and month value, with a zero day, e.g. a credit card expiration date
8078 #
8079 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8080 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8081 # a year.
8082 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8083 # month and day.
8084 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8085 # if specifying a year by itself or a year and month where the day is not
8086 # significant.
8087 },
8088 &quot;stringValue&quot;: &quot;A String&quot;, # string
8089 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8090 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8091 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8092 # types are google.type.Date and `google.protobuf.Timestamp`.
8093 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8094 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8095 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8096 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8097 # allow the value 60 if it allows leap-seconds.
8098 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8099 },
8100 &quot;booleanValue&quot;: True or False, # boolean
8101 &quot;floatValue&quot;: 3.14, # float
8102 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008103 },
8104 },
Bu Sun Kim65020912020-05-20 12:08:20 -07008105 ],
8106 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008107 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
8108 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
8109 # output would be &#x27;My phone number is &#x27;.
8110 },
Bu Sun Kim65020912020-05-20 12:08:20 -07008111 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
8112 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
8113 # Note that for the purposes of inspection or transformation, the number
8114 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8115 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8116 # 123456789, the number of bytes would be counted as 9, even though an
8117 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07008118 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8119 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8120 # and time zone are either specified elsewhere or are not significant. The date
8121 # is relative to the Proleptic Gregorian Calendar. This can represent:
8122 #
8123 # * A full date, with non-zero year, month and day values
8124 # * A month and day value, with a zero year, e.g. an anniversary
8125 # * A year on its own, with zero month and day values
8126 # * A year and month value, with a zero day, e.g. a credit card expiration date
8127 #
8128 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8129 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8130 # a year.
8131 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8132 # month and day.
8133 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8134 # if specifying a year by itself or a year and month where the day is not
8135 # significant.
8136 },
8137 &quot;stringValue&quot;: &quot;A String&quot;, # string
8138 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8139 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8140 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8141 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07008142 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8143 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8144 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008145 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8146 # allow the value 60 if it allows leap-seconds.
8147 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07008148 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008149 &quot;booleanValue&quot;: True or False, # boolean
8150 &quot;floatValue&quot;: 3.14, # float
8151 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07008152 },
8153 },
Bu Sun Kim65020912020-05-20 12:08:20 -07008154 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
8155 # Bucketing transformation can provide all of this functionality,
8156 # but requires more configuration. This message is provided as a convenience to
8157 # the user for simple bucketing strategies.
8158 #
8159 # The transformed value will be a hyphenated string of
8160 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
8161 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
8162 #
8163 # This can be used on data of type: double, long.
8164 #
8165 # If the bound Value type differs from the type of data
8166 # being transformed, we will first attempt converting the type of the data to
8167 # be transformed to match the type of the bound before comparing.
8168 #
8169 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07008170 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
8171 # grouped together into a single bucket; for example if `upper_bound` = 89,
8172 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
8173 # Note that for the purposes of inspection or transformation, the number
8174 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8175 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8176 # 123456789, the number of bytes would be counted as 9, even though an
8177 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07008178 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8179 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8180 # and time zone are either specified elsewhere or are not significant. The date
8181 # is relative to the Proleptic Gregorian Calendar. This can represent:
8182 #
8183 # * A full date, with non-zero year, month and day values
8184 # * A month and day value, with a zero year, e.g. an anniversary
8185 # * A year on its own, with zero month and day values
8186 # * A year and month value, with a zero day, e.g. a credit card expiration date
8187 #
8188 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8189 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8190 # a year.
8191 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8192 # month and day.
8193 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8194 # if specifying a year by itself or a year and month where the day is not
8195 # significant.
8196 },
8197 &quot;stringValue&quot;: &quot;A String&quot;, # string
8198 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8199 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8200 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8201 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07008202 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8203 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8204 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008205 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8206 # allow the value 60 if it allows leap-seconds.
8207 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07008208 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008209 &quot;booleanValue&quot;: True or False, # boolean
8210 &quot;floatValue&quot;: 3.14, # float
8211 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07008212 },
8213 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
8214 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
8215 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
8216 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008217 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
8218 # grouped together into a single bucket; for example if `lower_bound` = 10,
8219 # then all values less than 10 are replaced with the value &quot;-10&quot;.
8220 # Note that for the purposes of inspection or transformation, the number
8221 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8222 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8223 # 123456789, the number of bytes would be counted as 9, even though an
8224 # int64 only holds up to 8 bytes of data.
8225 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8226 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8227 # and time zone are either specified elsewhere or are not significant. The date
8228 # is relative to the Proleptic Gregorian Calendar. This can represent:
8229 #
8230 # * A full date, with non-zero year, month and day values
8231 # * A month and day value, with a zero year, e.g. an anniversary
8232 # * A year on its own, with zero month and day values
8233 # * A year and month value, with a zero day, e.g. a credit card expiration date
8234 #
8235 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8236 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8237 # a year.
8238 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8239 # month and day.
8240 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8241 # if specifying a year by itself or a year and month where the day is not
8242 # significant.
8243 },
8244 &quot;stringValue&quot;: &quot;A String&quot;, # string
8245 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8246 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8247 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8248 # types are google.type.Date and `google.protobuf.Timestamp`.
8249 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8250 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8251 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8252 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8253 # allow the value 60 if it allows leap-seconds.
8254 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8255 },
8256 &quot;booleanValue&quot;: True or False, # boolean
8257 &quot;floatValue&quot;: 3.14, # float
8258 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8259 },
8260 },
8261 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
8262 # fixed character. Masking can start from the beginning or end of the string.
8263 # This can be used on data of any type (numbers, longs, and so on) and when
8264 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
8265 # type. (This allows you to take a long like 123 and modify it to a string like
8266 # **3.
8267 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
8268 # characters. For example, if the input string is `555-555-5555` and you
8269 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
8270 # returns `***-**5-5555`.
8271 { # Characters to skip when doing deidentification of a value. These will be left
8272 # alone and skipped.
8273 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
8274 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
8275 # punctuation.
8276 },
8277 ],
8278 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
8279 # masked. Skipped characters do not count towards this tally.
8280 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
8281 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
8282 # code or credit card number. This string must have a length of 1. If not
8283 # supplied, this value defaults to `*` for strings, and `0` for digits.
8284 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
8285 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
8286 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
8287 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
8288 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07008289 },
8290 },
8291 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
8292 # given `RecordCondition`. The conditions are allowed to reference fields
8293 # that are not used in the actual transformation.
8294 #
8295 # Example Use Cases:
8296 #
8297 # - Apply a different bucket transformation to an age column if the zip code
8298 # column for the same record is within a specific range.
8299 # - Redact a field if the date of birth field is greater than 85.
8300 # a field.
8301 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
8302 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
8303 # only supported value is `AND`.
8304 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
8305 &quot;conditions&quot;: [ # A collection of conditions.
8306 { # The field type of `value` and `field` do not need to match to be
8307 # considered equal, but not all comparisons are possible.
8308 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
8309 # but all other comparisons are invalid with incompatible types.
8310 # A `value` of type:
8311 #
8312 # - `string` can be compared against all other types
8313 # - `boolean` can only be compared against other booleans
8314 # - `integer` can be compared against doubles or a string if the string value
8315 # can be parsed as an integer.
8316 # - `double` can be compared against integers or a string if the string can
8317 # be parsed as a double.
8318 # - `Timestamp` can be compared against strings in RFC 3339 date string
8319 # format.
8320 # - `TimeOfDay` can be compared against timestamps and strings in the format
8321 # of &#x27;HH:mm:ss&#x27;.
8322 #
8323 # If we fail to compare do to type mismatch, a warning will be given and
8324 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -07008325 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
8326 # Note that for the purposes of inspection or transformation, the number
8327 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8328 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8329 # 123456789, the number of bytes would be counted as 9, even though an
8330 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07008331 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8332 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8333 # and time zone are either specified elsewhere or are not significant. The date
8334 # is relative to the Proleptic Gregorian Calendar. This can represent:
8335 #
8336 # * A full date, with non-zero year, month and day values
8337 # * A month and day value, with a zero year, e.g. an anniversary
8338 # * A year on its own, with zero month and day values
8339 # * A year and month value, with a zero day, e.g. a credit card expiration date
8340 #
8341 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8342 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8343 # a year.
8344 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8345 # month and day.
8346 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8347 # if specifying a year by itself or a year and month where the day is not
8348 # significant.
8349 },
8350 &quot;stringValue&quot;: &quot;A String&quot;, # string
8351 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8352 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8353 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8354 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07008355 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8356 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8357 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008358 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8359 # allow the value 60 if it allows leap-seconds.
8360 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07008361 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008362 &quot;booleanValue&quot;: True or False, # boolean
8363 &quot;floatValue&quot;: 3.14, # float
8364 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07008365 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008366 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
8367 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
8368 },
8369 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008370 },
8371 ],
8372 },
Bu Sun Kim65020912020-05-20 12:08:20 -07008373 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008374 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008375 },
8376 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008377 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
8378 # match any suppression rule are omitted from the output.
8379 { # Configuration to suppress records whose suppression conditions evaluate to
8380 # true.
8381 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
8382 # evaluated to be suppressed from the transformed content.
8383 # a field.
8384 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
8385 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
8386 # only supported value is `AND`.
8387 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
8388 &quot;conditions&quot;: [ # A collection of conditions.
8389 { # The field type of `value` and `field` do not need to match to be
8390 # considered equal, but not all comparisons are possible.
8391 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
8392 # but all other comparisons are invalid with incompatible types.
8393 # A `value` of type:
8394 #
8395 # - `string` can be compared against all other types
8396 # - `boolean` can only be compared against other booleans
8397 # - `integer` can be compared against doubles or a string if the string value
8398 # can be parsed as an integer.
8399 # - `double` can be compared against integers or a string if the string can
8400 # be parsed as a double.
8401 # - `Timestamp` can be compared against strings in RFC 3339 date string
8402 # format.
8403 # - `TimeOfDay` can be compared against timestamps and strings in the format
8404 # of &#x27;HH:mm:ss&#x27;.
8405 #
8406 # If we fail to compare do to type mismatch, a warning will be given and
8407 # the condition will evaluate to false.
8408 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
8409 # Note that for the purposes of inspection or transformation, the number
8410 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8411 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8412 # 123456789, the number of bytes would be counted as 9, even though an
8413 # int64 only holds up to 8 bytes of data.
8414 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8415 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8416 # and time zone are either specified elsewhere or are not significant. The date
8417 # is relative to the Proleptic Gregorian Calendar. This can represent:
8418 #
8419 # * A full date, with non-zero year, month and day values
8420 # * A month and day value, with a zero year, e.g. an anniversary
8421 # * A year on its own, with zero month and day values
8422 # * A year and month value, with a zero day, e.g. a credit card expiration date
8423 #
8424 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8425 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8426 # a year.
8427 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8428 # month and day.
8429 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8430 # if specifying a year by itself or a year and month where the day is not
8431 # significant.
8432 },
8433 &quot;stringValue&quot;: &quot;A String&quot;, # string
8434 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8435 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8436 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8437 # types are google.type.Date and `google.protobuf.Timestamp`.
8438 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8439 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8440 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8441 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8442 # allow the value 60 if it allows leap-seconds.
8443 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8444 },
8445 &quot;booleanValue&quot;: True or False, # boolean
8446 &quot;floatValue&quot;: 3.14, # float
8447 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07008448 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008449 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
8450 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07008451 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008452 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -07008453 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008454 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07008455 },
8456 },
Bu Sun Kim65020912020-05-20 12:08:20 -07008457 },
8458 },
8459 ],
Dan O'Mearadd494642020-05-01 07:42:23 -07008460 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008461 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008462 },
8463 ],
8464 }</pre>
8465</div>
8466
8467<div class="method">
8468 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
8469 <pre>Retrieves the next page of results.
8470
8471Args:
8472 previous_request: The request for the previous page. (required)
8473 previous_response: The response from the request for the previous page. (required)
8474
8475Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -07008476 A request object that you can call &#x27;execute()&#x27; on to request the next
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008477 page. Returns None if there are no more items in the collection.
8478 </pre>
8479</div>
8480
8481<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07008482 <code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008483 <pre>Updates the DeidentifyTemplate.
8484See https://cloud.google.com/dlp/docs/creating-templates-deid to learn
8485more.
8486
8487Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07008488 name: string, Required. Resource name of organization and deidentify template to be updated, for
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008489example `organizations/433245324/deidentifyTemplates/432452342` or
8490projects/project-id/deidentifyTemplates/432452342. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07008491 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008492 The object takes the form of:
8493
8494{ # Request message for UpdateDeidentifyTemplate.
Bu Sun Kim65020912020-05-20 12:08:20 -07008495 &quot;deidentifyTemplate&quot;: { # DeidentifyTemplates contains instructions on how to de-identify content. # New DeidentifyTemplate value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07008496 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07008497 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
8498 #
8499 # The template will have one of the following formats:
8500 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
8501 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
8502 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
8503 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
8504 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
8505 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
8506 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07008507 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
8508 # transformation everywhere.
8509 # apply various `PrimitiveTransformation`s to each finding, where the
8510 # transformation is applied to only values that were identified as a specific
8511 # info_type.
8512 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
8513 # for a given infoType.
8514 { # A transformation to apply to text that is identified as a specific
8515 # info_type.
8516 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
8517 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
8518 # portion of the value.
8519 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
8520 },
8521 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
8522 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
8523 # to learn more.
8524 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
8525 # If set, must also set cryptoKey. If set, shift will be consistent for the
8526 # given context.
8527 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
8528 },
8529 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
8530 # range (inclusive ends). Negative means shift to earlier in time. Must not
8531 # be more than 365250 days (1000 years) each direction.
8532 #
8533 # For example, 3 means shift date to at most 3 days into the future.
8534 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
8535 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
8536 # results in the same shift for the same context and crypto_key. If
8537 # set, must also set context. Can only be applied to table items.
8538 # a key encryption key (KEK) stored by KMS).
8539 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8540 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8541 # unwrap the data crypto key.
8542 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
8543 # leaking the key. Choose another type of key if possible.
8544 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
8545 },
8546 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
8547 # It will be discarded after the request finishes.
8548 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
8549 # This is an arbitrary string used to differentiate different keys.
8550 # A unique key is generated per name: two separate `TransientCryptoKey`
8551 # protos share the same generated key if their names are the same.
8552 # When the data crypto key is generated, this name is not used in any way
8553 # (repeating the api call will result in a different key being generated).
8554 },
8555 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
8556 # The wrapped key must be a 128/192/256 bit key.
8557 # Authorization requires the following IAM permissions when sending a request
8558 # to perform a crypto transformation using a kms-wrapped crypto key:
8559 # dlp.kms.encrypt
8560 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
8561 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
8562 },
8563 },
8564 },
8565 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
8566 },
8567 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
8568 # Uses SHA-256.
8569 # The key size must be either 32 or 64 bytes.
8570 # Outputs a base64 encoded representation of the hashed output
8571 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
8572 # Currently, only string and integer values can be hashed.
8573 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
8574 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
8575 # a key encryption key (KEK) stored by KMS).
8576 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8577 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8578 # unwrap the data crypto key.
8579 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
8580 # leaking the key. Choose another type of key if possible.
8581 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
8582 },
8583 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
8584 # It will be discarded after the request finishes.
8585 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
8586 # This is an arbitrary string used to differentiate different keys.
8587 # A unique key is generated per name: two separate `TransientCryptoKey`
8588 # protos share the same generated key if their names are the same.
8589 # When the data crypto key is generated, this name is not used in any way
8590 # (repeating the api call will result in a different key being generated).
8591 },
8592 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
8593 # The wrapped key must be a 128/192/256 bit key.
8594 # Authorization requires the following IAM permissions when sending a request
8595 # to perform a crypto transformation using a kms-wrapped crypto key:
8596 # dlp.kms.encrypt
8597 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
8598 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
8599 },
8600 },
8601 },
8602 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
8603 # (FPE) with the FFX mode of operation; however when used in the
8604 # `ReidentifyContent` API method, it serves the opposite function by reversing
8605 # the surrogate back into the original identifier. The identifier must be
8606 # encoded as ASCII. For a given crypto key and context, the same identifier
8607 # will be replaced with the same surrogate. Identifiers must be at least two
8608 # characters long. In the case that the identifier is the empty string, it will
8609 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
8610 # more.
8611 #
8612 # Note: We recommend using CryptoDeterministicConfig for all use cases which
8613 # do not require preserving the input alphabet space and size, plus warrant
8614 # referential integrity.
8615 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
8616 # This annotation will be applied to the surrogate by prefixing it with
8617 # the name of the custom infoType followed by the number of
8618 # characters comprising the surrogate. The following scheme defines the
8619 # format: info_type_name(surrogate_character_count):surrogate
8620 #
8621 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
8622 # the surrogate is &#x27;abc&#x27;, the full replacement value
8623 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
8624 #
8625 # This annotation identifies the surrogate when inspecting content using the
8626 # custom infoType
8627 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
8628 # This facilitates reversal of the surrogate when it occurs in free text.
8629 #
8630 # In order for inspection to work properly, the name of this infoType must
8631 # not occur naturally anywhere in your data; otherwise, inspection may
8632 # find a surrogate that does not correspond to an actual identifier.
8633 # Therefore, choose your custom infoType name carefully after considering
8634 # what your data looks like. One way to select a name that has a high chance
8635 # of yielding reliable detection is to include one or more unicode characters
8636 # that are highly improbable to exist in your data.
8637 # For example, assuming your data is entered from a regular ASCII keyboard,
8638 # the symbol with the hex code point 29DD might be used like so:
8639 # ⧝MY_TOKEN_TYPE
8640 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
8641 # creating a CustomInfoType, or one of the names listed
8642 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8643 # a built-in type. InfoType names should conform to the pattern
8644 # `[a-zA-Z0-9_]{1,64}`.
8645 },
8646 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
8647 # identifier in two different contexts won&#x27;t be given the same surrogate. If
8648 # the context is not set, a default tweak will be used.
8649 #
8650 # If the context is set but:
8651 #
8652 # 1. there is no record present when transforming a given value or
8653 # 1. the field is not present when transforming a given value,
8654 #
8655 # a default tweak will be used.
8656 #
8657 # Note that case (1) is expected when an `InfoTypeTransformation` is
8658 # applied to both structured and non-structured `ContentItem`s.
8659 # Currently, the referenced field may be of value type integer or string.
8660 #
8661 # The tweak is constructed as a sequence of bytes in big endian byte order
8662 # such that:
8663 #
8664 # - a 64 bit integer is encoded followed by a single byte of value 1
8665 # - a string is encoded in UTF-8 format followed by a single byte of value 2
8666 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
8667 },
8668 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
8669 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
8670 # a key encryption key (KEK) stored by KMS).
8671 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8672 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8673 # unwrap the data crypto key.
8674 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
8675 # leaking the key. Choose another type of key if possible.
8676 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
8677 },
8678 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
8679 # It will be discarded after the request finishes.
8680 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
8681 # This is an arbitrary string used to differentiate different keys.
8682 # A unique key is generated per name: two separate `TransientCryptoKey`
8683 # protos share the same generated key if their names are the same.
8684 # When the data crypto key is generated, this name is not used in any way
8685 # (repeating the api call will result in a different key being generated).
8686 },
8687 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
8688 # The wrapped key must be a 128/192/256 bit key.
8689 # Authorization requires the following IAM permissions when sending a request
8690 # to perform a crypto transformation using a kms-wrapped crypto key:
8691 # dlp.kms.encrypt
8692 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
8693 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
8694 },
8695 },
8696 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
8697 # that the FFX mode natively supports. This happens before/after
8698 # encryption/decryption.
8699 # Each character listed must appear only once.
8700 # Number of characters must be in the range [2, 95].
8701 # This must be encoded as ASCII.
8702 # The order of characters does not matter.
8703 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
8704 },
8705 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
8706 # input. Outputs a base64 encoded representation of the encrypted output.
8707 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
8708 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
8709 # This annotation will be applied to the surrogate by prefixing it with
8710 # the name of the custom info type followed by the number of
8711 # characters comprising the surrogate. The following scheme defines the
8712 # format: {info type name}({surrogate character count}):{surrogate}
8713 #
8714 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
8715 # the surrogate is &#x27;abc&#x27;, the full replacement value
8716 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
8717 #
8718 # This annotation identifies the surrogate when inspecting content using the
8719 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
8720 # surrogate when it occurs in free text.
8721 #
8722 # Note: For record transformations where the entire cell in a table is being
8723 # transformed, surrogates are not mandatory. Surrogates are used to denote
8724 # the location of the token and are necessary for re-identification in free
8725 # form text.
8726 #
8727 # In order for inspection to work properly, the name of this info type must
8728 # not occur naturally anywhere in your data; otherwise, inspection may either
8729 #
8730 # - reverse a surrogate that does not correspond to an actual identifier
8731 # - be unable to parse the surrogate and result in an error
8732 #
8733 # Therefore, choose your custom info type name carefully after considering
8734 # what your data looks like. One way to select a name that has a high chance
8735 # of yielding reliable detection is to include one or more unicode characters
8736 # that are highly improbable to exist in your data.
8737 # For example, assuming your data is entered from a regular ASCII keyboard,
8738 # the symbol with the hex code point 29DD might be used like so:
8739 # ⧝MY_TOKEN_TYPE.
8740 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
8741 # creating a CustomInfoType, or one of the names listed
8742 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
8743 # a built-in type. InfoType names should conform to the pattern
8744 # `[a-zA-Z0-9_]{1,64}`.
8745 },
8746 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
8747 # referential integrity such that the same identifier in two different
8748 # contexts will be given a distinct surrogate. The context is appended to
8749 # plaintext value being encrypted. On decryption the provided context is
8750 # validated against the value used during encryption. If a context was
8751 # provided during encryption, same context must be provided during decryption
8752 # as well.
8753 #
8754 # If the context is not set, plaintext would be used as is for encryption.
8755 # If the context is set but:
8756 #
8757 # 1. there is no record present when transforming a given value or
8758 # 2. the field is not present when transforming a given value,
8759 #
8760 # plaintext would be used as is for encryption.
8761 #
8762 # Note that case (1) is expected when an `InfoTypeTransformation` is
8763 # applied to both structured and non-structured `ContentItem`s.
8764 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
8765 },
8766 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
8767 # a key encryption key (KEK) stored by KMS).
8768 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
8769 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
8770 # unwrap the data crypto key.
8771 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
8772 # leaking the key. Choose another type of key if possible.
8773 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
8774 },
8775 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
8776 # It will be discarded after the request finishes.
8777 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
8778 # This is an arbitrary string used to differentiate different keys.
8779 # A unique key is generated per name: two separate `TransientCryptoKey`
8780 # protos share the same generated key if their names are the same.
8781 # When the data crypto key is generated, this name is not used in any way
8782 # (repeating the api call will result in a different key being generated).
8783 },
8784 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
8785 # The wrapped key must be a 128/192/256 bit key.
8786 # Authorization requires the following IAM permissions when sending a request
8787 # to perform a crypto transformation using a kms-wrapped crypto key:
8788 # dlp.kms.encrypt
8789 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
8790 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
8791 },
8792 },
8793 },
8794 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
8795 # replacement values are dynamically provided by the user for custom behavior,
8796 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
8797 # This can be used on
8798 # data of type: number, long, string, timestamp.
8799 # If the bound `Value` type differs from the type of data being transformed, we
8800 # will first attempt converting the type of the data to be transformed to match
8801 # the type of the bound before comparing.
8802 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
8803 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
8804 { # Bucket is represented as a range, along with replacement values.
8805 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
8806 # the default behavior will be to hyphenate the min-max range.
8807 # Note that for the purposes of inspection or transformation, the number
8808 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8809 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8810 # 123456789, the number of bytes would be counted as 9, even though an
8811 # int64 only holds up to 8 bytes of data.
8812 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8813 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8814 # and time zone are either specified elsewhere or are not significant. The date
8815 # is relative to the Proleptic Gregorian Calendar. This can represent:
8816 #
8817 # * A full date, with non-zero year, month and day values
8818 # * A month and day value, with a zero year, e.g. an anniversary
8819 # * A year on its own, with zero month and day values
8820 # * A year and month value, with a zero day, e.g. a credit card expiration date
8821 #
8822 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8823 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8824 # a year.
8825 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8826 # month and day.
8827 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8828 # if specifying a year by itself or a year and month where the day is not
8829 # significant.
8830 },
8831 &quot;stringValue&quot;: &quot;A String&quot;, # string
8832 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8833 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8834 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8835 # types are google.type.Date and `google.protobuf.Timestamp`.
8836 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8837 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8838 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8839 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8840 # allow the value 60 if it allows leap-seconds.
8841 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8842 },
8843 &quot;booleanValue&quot;: True or False, # boolean
8844 &quot;floatValue&quot;: 3.14, # float
8845 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8846 },
8847 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
8848 # used.
8849 # Note that for the purposes of inspection or transformation, the number
8850 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8851 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8852 # 123456789, the number of bytes would be counted as 9, even though an
8853 # int64 only holds up to 8 bytes of data.
8854 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8855 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8856 # and time zone are either specified elsewhere or are not significant. The date
8857 # is relative to the Proleptic Gregorian Calendar. This can represent:
8858 #
8859 # * A full date, with non-zero year, month and day values
8860 # * A month and day value, with a zero year, e.g. an anniversary
8861 # * A year on its own, with zero month and day values
8862 # * A year and month value, with a zero day, e.g. a credit card expiration date
8863 #
8864 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8865 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8866 # a year.
8867 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8868 # month and day.
8869 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8870 # if specifying a year by itself or a year and month where the day is not
8871 # significant.
8872 },
8873 &quot;stringValue&quot;: &quot;A String&quot;, # string
8874 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8875 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8876 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8877 # types are google.type.Date and `google.protobuf.Timestamp`.
8878 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8879 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8880 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8881 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8882 # allow the value 60 if it allows leap-seconds.
8883 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8884 },
8885 &quot;booleanValue&quot;: True or False, # boolean
8886 &quot;floatValue&quot;: 3.14, # float
8887 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8888 },
8889 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
8890 # Note that for the purposes of inspection or transformation, the number
8891 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8892 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8893 # 123456789, the number of bytes would be counted as 9, even though an
8894 # int64 only holds up to 8 bytes of data.
8895 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8896 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8897 # and time zone are either specified elsewhere or are not significant. The date
8898 # is relative to the Proleptic Gregorian Calendar. This can represent:
8899 #
8900 # * A full date, with non-zero year, month and day values
8901 # * A month and day value, with a zero year, e.g. an anniversary
8902 # * A year on its own, with zero month and day values
8903 # * A year and month value, with a zero day, e.g. a credit card expiration date
8904 #
8905 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8906 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8907 # a year.
8908 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8909 # month and day.
8910 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8911 # if specifying a year by itself or a year and month where the day is not
8912 # significant.
8913 },
8914 &quot;stringValue&quot;: &quot;A String&quot;, # string
8915 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8916 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8917 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8918 # types are google.type.Date and `google.protobuf.Timestamp`.
8919 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8920 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8921 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8922 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8923 # allow the value 60 if it allows leap-seconds.
8924 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8925 },
8926 &quot;booleanValue&quot;: True or False, # boolean
8927 &quot;floatValue&quot;: 3.14, # float
8928 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8929 },
8930 },
8931 ],
8932 },
8933 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
8934 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
8935 # output would be &#x27;My phone number is &#x27;.
8936 },
8937 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
8938 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
8939 # Note that for the purposes of inspection or transformation, the number
8940 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
8941 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
8942 # 123456789, the number of bytes would be counted as 9, even though an
8943 # int64 only holds up to 8 bytes of data.
8944 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
8945 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
8946 # and time zone are either specified elsewhere or are not significant. The date
8947 # is relative to the Proleptic Gregorian Calendar. This can represent:
8948 #
8949 # * A full date, with non-zero year, month and day values
8950 # * A month and day value, with a zero year, e.g. an anniversary
8951 # * A year on its own, with zero month and day values
8952 # * A year and month value, with a zero day, e.g. a credit card expiration date
8953 #
8954 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
8955 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
8956 # a year.
8957 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
8958 # month and day.
8959 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
8960 # if specifying a year by itself or a year and month where the day is not
8961 # significant.
8962 },
8963 &quot;stringValue&quot;: &quot;A String&quot;, # string
8964 &quot;integerValue&quot;: &quot;A String&quot;, # integer
8965 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
8966 # or are specified elsewhere. An API may choose to allow leap seconds. Related
8967 # types are google.type.Date and `google.protobuf.Timestamp`.
8968 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
8969 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
8970 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
8971 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
8972 # allow the value 60 if it allows leap-seconds.
8973 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
8974 },
8975 &quot;booleanValue&quot;: True or False, # boolean
8976 &quot;floatValue&quot;: 3.14, # float
8977 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
8978 },
8979 },
8980 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
8981 # Bucketing transformation can provide all of this functionality,
8982 # but requires more configuration. This message is provided as a convenience to
8983 # the user for simple bucketing strategies.
8984 #
8985 # The transformed value will be a hyphenated string of
8986 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
8987 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
8988 #
8989 # This can be used on data of type: double, long.
8990 #
8991 # If the bound Value type differs from the type of data
8992 # being transformed, we will first attempt converting the type of the data to
8993 # be transformed to match the type of the bound before comparing.
8994 #
8995 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
8996 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
8997 # grouped together into a single bucket; for example if `upper_bound` = 89,
8998 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
8999 # Note that for the purposes of inspection or transformation, the number
9000 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9001 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9002 # 123456789, the number of bytes would be counted as 9, even though an
9003 # int64 only holds up to 8 bytes of data.
9004 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9005 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9006 # and time zone are either specified elsewhere or are not significant. The date
9007 # is relative to the Proleptic Gregorian Calendar. This can represent:
9008 #
9009 # * A full date, with non-zero year, month and day values
9010 # * A month and day value, with a zero year, e.g. an anniversary
9011 # * A year on its own, with zero month and day values
9012 # * A year and month value, with a zero day, e.g. a credit card expiration date
9013 #
9014 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9015 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9016 # a year.
9017 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9018 # month and day.
9019 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9020 # if specifying a year by itself or a year and month where the day is not
9021 # significant.
9022 },
9023 &quot;stringValue&quot;: &quot;A String&quot;, # string
9024 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9025 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9026 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9027 # types are google.type.Date and `google.protobuf.Timestamp`.
9028 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9029 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9030 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
9031 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9032 # allow the value 60 if it allows leap-seconds.
9033 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9034 },
9035 &quot;booleanValue&quot;: True or False, # boolean
9036 &quot;floatValue&quot;: 3.14, # float
9037 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
9038 },
9039 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
9040 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
9041 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
9042 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
9043 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
9044 # grouped together into a single bucket; for example if `lower_bound` = 10,
9045 # then all values less than 10 are replaced with the value &quot;-10&quot;.
9046 # Note that for the purposes of inspection or transformation, the number
9047 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9048 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9049 # 123456789, the number of bytes would be counted as 9, even though an
9050 # int64 only holds up to 8 bytes of data.
9051 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9052 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9053 # and time zone are either specified elsewhere or are not significant. The date
9054 # is relative to the Proleptic Gregorian Calendar. This can represent:
9055 #
9056 # * A full date, with non-zero year, month and day values
9057 # * A month and day value, with a zero year, e.g. an anniversary
9058 # * A year on its own, with zero month and day values
9059 # * A year and month value, with a zero day, e.g. a credit card expiration date
9060 #
9061 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9062 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9063 # a year.
9064 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9065 # month and day.
9066 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9067 # if specifying a year by itself or a year and month where the day is not
9068 # significant.
9069 },
9070 &quot;stringValue&quot;: &quot;A String&quot;, # string
9071 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9072 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9073 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9074 # types are google.type.Date and `google.protobuf.Timestamp`.
9075 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9076 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9077 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
9078 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9079 # allow the value 60 if it allows leap-seconds.
9080 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9081 },
9082 &quot;booleanValue&quot;: True or False, # boolean
9083 &quot;floatValue&quot;: 3.14, # float
9084 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
9085 },
9086 },
9087 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
9088 # fixed character. Masking can start from the beginning or end of the string.
9089 # This can be used on data of any type (numbers, longs, and so on) and when
9090 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
9091 # type. (This allows you to take a long like 123 and modify it to a string like
9092 # **3.
9093 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
9094 # characters. For example, if the input string is `555-555-5555` and you
9095 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
9096 # returns `***-**5-5555`.
9097 { # Characters to skip when doing deidentification of a value. These will be left
9098 # alone and skipped.
9099 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
9100 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
9101 # punctuation.
9102 },
9103 ],
9104 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
9105 # masked. Skipped characters do not count towards this tally.
9106 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
9107 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
9108 # code or credit card number. This string must have a length of 1. If not
9109 # supplied, this value defaults to `*` for strings, and `0` for digits.
9110 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
9111 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
9112 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
9113 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
9114 # is `true`, then the string `12345` is masked as `12***`.
9115 },
9116 },
9117 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
9118 # this transformation to apply to all findings that correspond to
9119 # infoTypes that were requested in `InspectConfig`.
9120 { # Type of information detected by the API.
9121 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
9122 # creating a CustomInfoType, or one of the names listed
9123 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9124 # a built-in type. InfoType names should conform to the pattern
9125 # `[a-zA-Z0-9_]{1,64}`.
9126 },
9127 ],
9128 },
9129 ],
9130 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009131 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
9132 # mode is `TransformationErrorHandling.ThrowError`.
9133 # transformation error occurs when the requested transformation is incompatible
9134 # with the data. For example, trying to de-identify an IP address using a
9135 # `DateShift` transformation would result in a transformation error, since date
9136 # info cannot be extracted from an IP address.
9137 # Information about any incompatible transformations, and how they were
9138 # handled, is returned in the response as part of the
9139 # `TransformationOverviews`.
9140 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
9141 },
9142 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
9143 # cause an error. For example, if a `DateShift` transformation were applied
9144 # an an IP address, this mode would leave the IP address unchanged in the
9145 # response.
9146 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009147 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009148 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009149 # specific locations within structured datasets, such as transforming
9150 # a column within a table.
9151 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -07009152 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009153 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -07009154 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -07009155 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -07009156 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -07009157 },
9158 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07009159 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009160 # transform content that matches an `InfoType`.
9161 # apply various `PrimitiveTransformation`s to each finding, where the
9162 # transformation is applied to only values that were identified as a specific
9163 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07009164 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -07009165 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009166 { # A transformation to apply to text that is identified as a specific
9167 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -07009168 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
9169 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
9170 # portion of the value.
9171 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
9172 },
9173 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
9174 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
9175 # to learn more.
9176 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
9177 # If set, must also set cryptoKey. If set, shift will be consistent for the
9178 # given context.
9179 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
9180 },
9181 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
9182 # range (inclusive ends). Negative means shift to earlier in time. Must not
9183 # be more than 365250 days (1000 years) each direction.
9184 #
9185 # For example, 3 means shift date to at most 3 days into the future.
9186 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
9187 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
9188 # results in the same shift for the same context and crypto_key. If
9189 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009190 # a key encryption key (KEK) stored by KMS).
9191 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9192 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9193 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009194 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009195 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -07009196 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009197 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009198 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009199 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -07009200 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009201 # This is an arbitrary string used to differentiate different keys.
9202 # A unique key is generated per name: two separate `TransientCryptoKey`
9203 # protos share the same generated key if their names are the same.
9204 # When the data crypto key is generated, this name is not used in any way
9205 # (repeating the api call will result in a different key being generated).
9206 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009207 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9208 # The wrapped key must be a 128/192/256 bit key.
9209 # Authorization requires the following IAM permissions when sending a request
9210 # to perform a crypto transformation using a kms-wrapped crypto key:
9211 # dlp.kms.encrypt
9212 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9213 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9214 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009215 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009216 },
9217 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
9218 },
9219 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
9220 # Uses SHA-256.
9221 # The key size must be either 32 or 64 bytes.
9222 # Outputs a base64 encoded representation of the hashed output
9223 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
9224 # Currently, only string and integer values can be hashed.
9225 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
9226 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
9227 # a key encryption key (KEK) stored by KMS).
9228 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9229 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9230 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009231 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9232 # leaking the key. Choose another type of key if possible.
9233 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9234 },
9235 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9236 # It will be discarded after the request finishes.
9237 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9238 # This is an arbitrary string used to differentiate different keys.
9239 # A unique key is generated per name: two separate `TransientCryptoKey`
9240 # protos share the same generated key if their names are the same.
9241 # When the data crypto key is generated, this name is not used in any way
9242 # (repeating the api call will result in a different key being generated).
9243 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009244 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9245 # The wrapped key must be a 128/192/256 bit key.
9246 # Authorization requires the following IAM permissions when sending a request
9247 # to perform a crypto transformation using a kms-wrapped crypto key:
9248 # dlp.kms.encrypt
9249 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9250 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9251 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009252 },
9253 },
9254 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
9255 # (FPE) with the FFX mode of operation; however when used in the
9256 # `ReidentifyContent` API method, it serves the opposite function by reversing
9257 # the surrogate back into the original identifier. The identifier must be
9258 # encoded as ASCII. For a given crypto key and context, the same identifier
9259 # will be replaced with the same surrogate. Identifiers must be at least two
9260 # characters long. In the case that the identifier is the empty string, it will
9261 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
9262 # more.
9263 #
9264 # Note: We recommend using CryptoDeterministicConfig for all use cases which
9265 # do not require preserving the input alphabet space and size, plus warrant
9266 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07009267 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
9268 # This annotation will be applied to the surrogate by prefixing it with
9269 # the name of the custom infoType followed by the number of
9270 # characters comprising the surrogate. The following scheme defines the
9271 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009272 #
Bu Sun Kim65020912020-05-20 12:08:20 -07009273 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
9274 # the surrogate is &#x27;abc&#x27;, the full replacement value
9275 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
9276 #
9277 # This annotation identifies the surrogate when inspecting content using the
9278 # custom infoType
9279 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
9280 # This facilitates reversal of the surrogate when it occurs in free text.
9281 #
9282 # In order for inspection to work properly, the name of this infoType must
9283 # not occur naturally anywhere in your data; otherwise, inspection may
9284 # find a surrogate that does not correspond to an actual identifier.
9285 # Therefore, choose your custom infoType name carefully after considering
9286 # what your data looks like. One way to select a name that has a high chance
9287 # of yielding reliable detection is to include one or more unicode characters
9288 # that are highly improbable to exist in your data.
9289 # For example, assuming your data is entered from a regular ASCII keyboard,
9290 # the symbol with the hex code point 29DD might be used like so:
9291 # ⧝MY_TOKEN_TYPE
9292 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
9293 # creating a CustomInfoType, or one of the names listed
9294 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9295 # a built-in type. InfoType names should conform to the pattern
9296 # `[a-zA-Z0-9_]{1,64}`.
9297 },
9298 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
9299 # identifier in two different contexts won&#x27;t be given the same surrogate. If
9300 # the context is not set, a default tweak will be used.
9301 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009302 # If the context is set but:
9303 #
9304 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07009305 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009306 #
Bu Sun Kim65020912020-05-20 12:08:20 -07009307 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009308 #
9309 # Note that case (1) is expected when an `InfoTypeTransformation` is
9310 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07009311 # Currently, the referenced field may be of value type integer or string.
9312 #
9313 # The tweak is constructed as a sequence of bytes in big endian byte order
9314 # such that:
9315 #
9316 # - a 64 bit integer is encoded followed by a single byte of value 1
9317 # - a string is encoded in UTF-8 format followed by a single byte of value 2
9318 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009319 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009320 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
9321 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
9322 # a key encryption key (KEK) stored by KMS).
9323 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9324 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9325 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009326 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9327 # leaking the key. Choose another type of key if possible.
9328 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9329 },
9330 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9331 # It will be discarded after the request finishes.
9332 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9333 # This is an arbitrary string used to differentiate different keys.
9334 # A unique key is generated per name: two separate `TransientCryptoKey`
9335 # protos share the same generated key if their names are the same.
9336 # When the data crypto key is generated, this name is not used in any way
9337 # (repeating the api call will result in a different key being generated).
9338 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009339 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9340 # The wrapped key must be a 128/192/256 bit key.
9341 # Authorization requires the following IAM permissions when sending a request
9342 # to perform a crypto transformation using a kms-wrapped crypto key:
9343 # dlp.kms.encrypt
9344 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9345 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9346 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009347 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009348 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
9349 # that the FFX mode natively supports. This happens before/after
9350 # encryption/decryption.
9351 # Each character listed must appear only once.
9352 # Number of characters must be in the range [2, 95].
9353 # This must be encoded as ASCII.
9354 # The order of characters does not matter.
9355 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07009356 },
9357 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
9358 # input. Outputs a base64 encoded representation of the encrypted output.
9359 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
9360 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009361 # This annotation will be applied to the surrogate by prefixing it with
9362 # the name of the custom info type followed by the number of
9363 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -07009364 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009365 #
Bu Sun Kim65020912020-05-20 12:08:20 -07009366 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
9367 # the surrogate is &#x27;abc&#x27;, the full replacement value
9368 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009369 #
9370 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -07009371 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009372 # surrogate when it occurs in free text.
9373 #
Dan O'Mearadd494642020-05-01 07:42:23 -07009374 # Note: For record transformations where the entire cell in a table is being
9375 # transformed, surrogates are not mandatory. Surrogates are used to denote
9376 # the location of the token and are necessary for re-identification in free
9377 # form text.
9378 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009379 # In order for inspection to work properly, the name of this info type must
9380 # not occur naturally anywhere in your data; otherwise, inspection may either
9381 #
9382 # - reverse a surrogate that does not correspond to an actual identifier
9383 # - be unable to parse the surrogate and result in an error
9384 #
9385 # Therefore, choose your custom info type name carefully after considering
9386 # what your data looks like. One way to select a name that has a high chance
9387 # of yielding reliable detection is to include one or more unicode characters
9388 # that are highly improbable to exist in your data.
9389 # For example, assuming your data is entered from a regular ASCII keyboard,
9390 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -07009391 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -07009392 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009393 # creating a CustomInfoType, or one of the names listed
9394 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9395 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -07009396 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009397 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009398 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
9399 # referential integrity such that the same identifier in two different
9400 # contexts will be given a distinct surrogate. The context is appended to
9401 # plaintext value being encrypted. On decryption the provided context is
9402 # validated against the value used during encryption. If a context was
9403 # provided during encryption, same context must be provided during decryption
9404 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009405 #
Bu Sun Kim65020912020-05-20 12:08:20 -07009406 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009407 # If the context is set but:
9408 #
9409 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -07009410 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009411 #
Bu Sun Kim65020912020-05-20 12:08:20 -07009412 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009413 #
9414 # Note that case (1) is expected when an `InfoTypeTransformation` is
9415 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -07009416 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009417 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009418 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
9419 # a key encryption key (KEK) stored by KMS).
9420 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9421 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9422 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009423 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9424 # leaking the key. Choose another type of key if possible.
9425 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9426 },
9427 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9428 # It will be discarded after the request finishes.
9429 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9430 # This is an arbitrary string used to differentiate different keys.
9431 # A unique key is generated per name: two separate `TransientCryptoKey`
9432 # protos share the same generated key if their names are the same.
9433 # When the data crypto key is generated, this name is not used in any way
9434 # (repeating the api call will result in a different key being generated).
9435 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009436 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9437 # The wrapped key must be a 128/192/256 bit key.
9438 # Authorization requires the following IAM permissions when sending a request
9439 # to perform a crypto transformation using a kms-wrapped crypto key:
9440 # dlp.kms.encrypt
9441 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9442 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9443 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009444 },
9445 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009446 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -07009447 # replacement values are dynamically provided by the user for custom behavior,
9448 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
9449 # This can be used on
9450 # data of type: number, long, string, timestamp.
9451 # If the bound `Value` type differs from the type of data being transformed, we
9452 # will first attempt converting the type of the data to be transformed to match
9453 # the type of the bound before comparing.
9454 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07009455 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -07009456 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -07009457 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
9458 # the default behavior will be to hyphenate the min-max range.
9459 # Note that for the purposes of inspection or transformation, the number
9460 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9461 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9462 # 123456789, the number of bytes would be counted as 9, even though an
9463 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07009464 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9465 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9466 # and time zone are either specified elsewhere or are not significant. The date
9467 # is relative to the Proleptic Gregorian Calendar. This can represent:
9468 #
9469 # * A full date, with non-zero year, month and day values
9470 # * A month and day value, with a zero year, e.g. an anniversary
9471 # * A year on its own, with zero month and day values
9472 # * A year and month value, with a zero day, e.g. a credit card expiration date
9473 #
9474 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9475 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9476 # a year.
9477 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9478 # month and day.
9479 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9480 # if specifying a year by itself or a year and month where the day is not
9481 # significant.
9482 },
9483 &quot;stringValue&quot;: &quot;A String&quot;, # string
9484 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9485 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9486 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9487 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07009488 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9489 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9490 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009491 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9492 # allow the value 60 if it allows leap-seconds.
9493 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07009494 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009495 &quot;booleanValue&quot;: True or False, # boolean
9496 &quot;floatValue&quot;: 3.14, # float
9497 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
9498 },
9499 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
9500 # used.
9501 # Note that for the purposes of inspection or transformation, the number
9502 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9503 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9504 # 123456789, the number of bytes would be counted as 9, even though an
9505 # int64 only holds up to 8 bytes of data.
9506 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9507 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9508 # and time zone are either specified elsewhere or are not significant. The date
9509 # is relative to the Proleptic Gregorian Calendar. This can represent:
9510 #
9511 # * A full date, with non-zero year, month and day values
9512 # * A month and day value, with a zero year, e.g. an anniversary
9513 # * A year on its own, with zero month and day values
9514 # * A year and month value, with a zero day, e.g. a credit card expiration date
9515 #
9516 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9517 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9518 # a year.
9519 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9520 # month and day.
9521 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9522 # if specifying a year by itself or a year and month where the day is not
9523 # significant.
9524 },
9525 &quot;stringValue&quot;: &quot;A String&quot;, # string
9526 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9527 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9528 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9529 # types are google.type.Date and `google.protobuf.Timestamp`.
9530 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9531 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9532 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
9533 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9534 # allow the value 60 if it allows leap-seconds.
9535 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9536 },
9537 &quot;booleanValue&quot;: True or False, # boolean
9538 &quot;floatValue&quot;: 3.14, # float
9539 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
9540 },
9541 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
9542 # Note that for the purposes of inspection or transformation, the number
9543 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9544 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9545 # 123456789, the number of bytes would be counted as 9, even though an
9546 # int64 only holds up to 8 bytes of data.
9547 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9548 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9549 # and time zone are either specified elsewhere or are not significant. The date
9550 # is relative to the Proleptic Gregorian Calendar. This can represent:
9551 #
9552 # * A full date, with non-zero year, month and day values
9553 # * A month and day value, with a zero year, e.g. an anniversary
9554 # * A year on its own, with zero month and day values
9555 # * A year and month value, with a zero day, e.g. a credit card expiration date
9556 #
9557 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9558 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9559 # a year.
9560 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9561 # month and day.
9562 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9563 # if specifying a year by itself or a year and month where the day is not
9564 # significant.
9565 },
9566 &quot;stringValue&quot;: &quot;A String&quot;, # string
9567 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9568 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9569 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9570 # types are google.type.Date and `google.protobuf.Timestamp`.
9571 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9572 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9573 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
9574 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9575 # allow the value 60 if it allows leap-seconds.
9576 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9577 },
9578 &quot;booleanValue&quot;: True or False, # boolean
9579 &quot;floatValue&quot;: 3.14, # float
9580 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -07009581 },
9582 },
9583 ],
9584 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009585 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
9586 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
9587 # output would be &#x27;My phone number is &#x27;.
9588 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009589 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
9590 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009591 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -07009592 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9593 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009594 # 123456789, the number of bytes would be counted as 9, even though an
9595 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07009596 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9597 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009598 # and time zone are either specified elsewhere or are not significant. The date
9599 # is relative to the Proleptic Gregorian Calendar. This can represent:
9600 #
9601 # * A full date, with non-zero year, month and day values
9602 # * A month and day value, with a zero year, e.g. an anniversary
9603 # * A year on its own, with zero month and day values
9604 # * A year and month value, with a zero day, e.g. a credit card expiration date
9605 #
9606 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07009607 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9608 # a year.
9609 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -07009610 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -07009611 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009612 # if specifying a year by itself or a year and month where the day is not
9613 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07009614 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009615 &quot;stringValue&quot;: &quot;A String&quot;, # string
9616 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9617 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9618 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9619 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07009620 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9621 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9622 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009623 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9624 # allow the value 60 if it allows leap-seconds.
9625 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07009626 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009627 &quot;booleanValue&quot;: True or False, # boolean
9628 &quot;floatValue&quot;: 3.14, # float
9629 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07009630 },
9631 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009632 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
9633 # Bucketing transformation can provide all of this functionality,
9634 # but requires more configuration. This message is provided as a convenience to
9635 # the user for simple bucketing strategies.
9636 #
9637 # The transformed value will be a hyphenated string of
9638 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
9639 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
9640 #
9641 # This can be used on data of type: double, long.
9642 #
9643 # If the bound Value type differs from the type of data
9644 # being transformed, we will first attempt converting the type of the data to
9645 # be transformed to match the type of the bound before comparing.
9646 #
9647 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -07009648 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
9649 # grouped together into a single bucket; for example if `upper_bound` = 89,
9650 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
9651 # Note that for the purposes of inspection or transformation, the number
9652 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9653 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9654 # 123456789, the number of bytes would be counted as 9, even though an
9655 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -07009656 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9657 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9658 # and time zone are either specified elsewhere or are not significant. The date
9659 # is relative to the Proleptic Gregorian Calendar. This can represent:
9660 #
9661 # * A full date, with non-zero year, month and day values
9662 # * A month and day value, with a zero year, e.g. an anniversary
9663 # * A year on its own, with zero month and day values
9664 # * A year and month value, with a zero day, e.g. a credit card expiration date
9665 #
9666 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9667 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9668 # a year.
9669 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9670 # month and day.
9671 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9672 # if specifying a year by itself or a year and month where the day is not
9673 # significant.
9674 },
9675 &quot;stringValue&quot;: &quot;A String&quot;, # string
9676 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9677 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9678 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9679 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -07009680 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9681 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9682 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009683 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9684 # allow the value 60 if it allows leap-seconds.
9685 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -07009686 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009687 &quot;booleanValue&quot;: True or False, # boolean
9688 &quot;floatValue&quot;: 3.14, # float
9689 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -07009690 },
9691 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
9692 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
9693 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
9694 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009695 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
9696 # grouped together into a single bucket; for example if `lower_bound` = 10,
9697 # then all values less than 10 are replaced with the value &quot;-10&quot;.
9698 # Note that for the purposes of inspection or transformation, the number
9699 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
9700 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
9701 # 123456789, the number of bytes would be counted as 9, even though an
9702 # int64 only holds up to 8 bytes of data.
9703 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
9704 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
9705 # and time zone are either specified elsewhere or are not significant. The date
9706 # is relative to the Proleptic Gregorian Calendar. This can represent:
9707 #
9708 # * A full date, with non-zero year, month and day values
9709 # * A month and day value, with a zero year, e.g. an anniversary
9710 # * A year on its own, with zero month and day values
9711 # * A year and month value, with a zero day, e.g. a credit card expiration date
9712 #
9713 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
9714 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
9715 # a year.
9716 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
9717 # month and day.
9718 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
9719 # if specifying a year by itself or a year and month where the day is not
9720 # significant.
9721 },
9722 &quot;stringValue&quot;: &quot;A String&quot;, # string
9723 &quot;integerValue&quot;: &quot;A String&quot;, # integer
9724 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
9725 # or are specified elsewhere. An API may choose to allow leap seconds. Related
9726 # types are google.type.Date and `google.protobuf.Timestamp`.
9727 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
9728 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
9729 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
9730 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
9731 # allow the value 60 if it allows leap-seconds.
9732 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
9733 },
9734 &quot;booleanValue&quot;: True or False, # boolean
9735 &quot;floatValue&quot;: 3.14, # float
9736 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
9737 },
9738 },
9739 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
9740 # fixed character. Masking can start from the beginning or end of the string.
9741 # This can be used on data of any type (numbers, longs, and so on) and when
9742 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
9743 # type. (This allows you to take a long like 123 and modify it to a string like
9744 # **3.
9745 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
9746 # characters. For example, if the input string is `555-555-5555` and you
9747 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
9748 # returns `***-**5-5555`.
9749 { # Characters to skip when doing deidentification of a value. These will be left
9750 # alone and skipped.
9751 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
9752 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
9753 # punctuation.
9754 },
9755 ],
9756 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
9757 # masked. Skipped characters do not count towards this tally.
9758 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
9759 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
9760 # code or credit card number. This string must have a length of 1. If not
9761 # supplied, this value defaults to `*` for strings, and `0` for digits.
9762 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
9763 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
9764 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
9765 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
9766 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -07009767 },
9768 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009769 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
9770 # this transformation to apply to all findings that correspond to
9771 # infoTypes that were requested in `InspectConfig`.
9772 { # Type of information detected by the API.
9773 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
9774 # creating a CustomInfoType, or one of the names listed
9775 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9776 # a built-in type. InfoType names should conform to the pattern
9777 # `[a-zA-Z0-9_]{1,64}`.
9778 },
9779 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07009780 },
9781 ],
9782 },
9783 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
9784 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
9785 # portion of the value.
9786 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
9787 },
9788 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
9789 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
9790 # to learn more.
9791 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
9792 # If set, must also set cryptoKey. If set, shift will be consistent for the
9793 # given context.
9794 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
9795 },
9796 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
9797 # range (inclusive ends). Negative means shift to earlier in time. Must not
9798 # be more than 365250 days (1000 years) each direction.
9799 #
9800 # For example, 3 means shift date to at most 3 days into the future.
9801 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
9802 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
9803 # results in the same shift for the same context and crypto_key. If
9804 # set, must also set context. Can only be applied to table items.
9805 # a key encryption key (KEK) stored by KMS).
9806 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9807 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9808 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009809 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9810 # leaking the key. Choose another type of key if possible.
9811 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9812 },
9813 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9814 # It will be discarded after the request finishes.
9815 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9816 # This is an arbitrary string used to differentiate different keys.
9817 # A unique key is generated per name: two separate `TransientCryptoKey`
9818 # protos share the same generated key if their names are the same.
9819 # When the data crypto key is generated, this name is not used in any way
9820 # (repeating the api call will result in a different key being generated).
9821 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009822 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9823 # The wrapped key must be a 128/192/256 bit key.
9824 # Authorization requires the following IAM permissions when sending a request
9825 # to perform a crypto transformation using a kms-wrapped crypto key:
9826 # dlp.kms.encrypt
9827 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9828 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9829 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009830 },
9831 },
9832 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
9833 },
9834 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
9835 # Uses SHA-256.
9836 # The key size must be either 32 or 64 bytes.
9837 # Outputs a base64 encoded representation of the hashed output
9838 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
9839 # Currently, only string and integer values can be hashed.
9840 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
9841 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
9842 # a key encryption key (KEK) stored by KMS).
9843 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9844 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9845 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009846 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9847 # leaking the key. Choose another type of key if possible.
9848 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9849 },
9850 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9851 # It will be discarded after the request finishes.
9852 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9853 # This is an arbitrary string used to differentiate different keys.
9854 # A unique key is generated per name: two separate `TransientCryptoKey`
9855 # protos share the same generated key if their names are the same.
9856 # When the data crypto key is generated, this name is not used in any way
9857 # (repeating the api call will result in a different key being generated).
9858 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009859 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9860 # The wrapped key must be a 128/192/256 bit key.
9861 # Authorization requires the following IAM permissions when sending a request
9862 # to perform a crypto transformation using a kms-wrapped crypto key:
9863 # dlp.kms.encrypt
9864 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9865 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9866 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009867 },
9868 },
9869 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
9870 # (FPE) with the FFX mode of operation; however when used in the
9871 # `ReidentifyContent` API method, it serves the opposite function by reversing
9872 # the surrogate back into the original identifier. The identifier must be
9873 # encoded as ASCII. For a given crypto key and context, the same identifier
9874 # will be replaced with the same surrogate. Identifiers must be at least two
9875 # characters long. In the case that the identifier is the empty string, it will
9876 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
9877 # more.
9878 #
9879 # Note: We recommend using CryptoDeterministicConfig for all use cases which
9880 # do not require preserving the input alphabet space and size, plus warrant
9881 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -07009882 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
9883 # This annotation will be applied to the surrogate by prefixing it with
9884 # the name of the custom infoType followed by the number of
9885 # characters comprising the surrogate. The following scheme defines the
9886 # format: info_type_name(surrogate_character_count):surrogate
9887 #
9888 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
9889 # the surrogate is &#x27;abc&#x27;, the full replacement value
9890 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
9891 #
9892 # This annotation identifies the surrogate when inspecting content using the
9893 # custom infoType
9894 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
9895 # This facilitates reversal of the surrogate when it occurs in free text.
9896 #
9897 # In order for inspection to work properly, the name of this infoType must
9898 # not occur naturally anywhere in your data; otherwise, inspection may
9899 # find a surrogate that does not correspond to an actual identifier.
9900 # Therefore, choose your custom infoType name carefully after considering
9901 # what your data looks like. One way to select a name that has a high chance
9902 # of yielding reliable detection is to include one or more unicode characters
9903 # that are highly improbable to exist in your data.
9904 # For example, assuming your data is entered from a regular ASCII keyboard,
9905 # the symbol with the hex code point 29DD might be used like so:
9906 # ⧝MY_TOKEN_TYPE
9907 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
9908 # creating a CustomInfoType, or one of the names listed
9909 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
9910 # a built-in type. InfoType names should conform to the pattern
9911 # `[a-zA-Z0-9_]{1,64}`.
9912 },
9913 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
9914 # identifier in two different contexts won&#x27;t be given the same surrogate. If
9915 # the context is not set, a default tweak will be used.
9916 #
9917 # If the context is set but:
9918 #
9919 # 1. there is no record present when transforming a given value or
9920 # 1. the field is not present when transforming a given value,
9921 #
9922 # a default tweak will be used.
9923 #
9924 # Note that case (1) is expected when an `InfoTypeTransformation` is
9925 # applied to both structured and non-structured `ContentItem`s.
9926 # Currently, the referenced field may be of value type integer or string.
9927 #
9928 # The tweak is constructed as a sequence of bytes in big endian byte order
9929 # such that:
9930 #
9931 # - a 64 bit integer is encoded followed by a single byte of value 1
9932 # - a string is encoded in UTF-8 format followed by a single byte of value 2
9933 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
9934 },
9935 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
9936 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
9937 # a key encryption key (KEK) stored by KMS).
9938 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
9939 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
9940 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -07009941 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
9942 # leaking the key. Choose another type of key if possible.
9943 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
9944 },
9945 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
9946 # It will be discarded after the request finishes.
9947 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
9948 # This is an arbitrary string used to differentiate different keys.
9949 # A unique key is generated per name: two separate `TransientCryptoKey`
9950 # protos share the same generated key if their names are the same.
9951 # When the data crypto key is generated, this name is not used in any way
9952 # (repeating the api call will result in a different key being generated).
9953 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009954 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
9955 # The wrapped key must be a 128/192/256 bit key.
9956 # Authorization requires the following IAM permissions when sending a request
9957 # to perform a crypto transformation using a kms-wrapped crypto key:
9958 # dlp.kms.encrypt
9959 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
9960 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
9961 },
Bu Sun Kim65020912020-05-20 12:08:20 -07009962 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07009963 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
9964 # that the FFX mode natively supports. This happens before/after
9965 # encryption/decryption.
9966 # Each character listed must appear only once.
9967 # Number of characters must be in the range [2, 95].
9968 # This must be encoded as ASCII.
9969 # The order of characters does not matter.
9970 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -07009971 },
9972 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
9973 # input. Outputs a base64 encoded representation of the encrypted output.
9974 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
9975 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
9976 # This annotation will be applied to the surrogate by prefixing it with
9977 # the name of the custom info type followed by the number of
9978 # characters comprising the surrogate. The following scheme defines the
9979 # format: {info type name}({surrogate character count}):{surrogate}
9980 #
9981 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
9982 # the surrogate is &#x27;abc&#x27;, the full replacement value
9983 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
9984 #
9985 # This annotation identifies the surrogate when inspecting content using the
9986 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
9987 # surrogate when it occurs in free text.
9988 #
9989 # Note: For record transformations where the entire cell in a table is being
9990 # transformed, surrogates are not mandatory. Surrogates are used to denote
9991 # the location of the token and are necessary for re-identification in free
9992 # form text.
9993 #
9994 # In order for inspection to work properly, the name of this info type must
9995 # not occur naturally anywhere in your data; otherwise, inspection may either
9996 #
9997 # - reverse a surrogate that does not correspond to an actual identifier
9998 # - be unable to parse the surrogate and result in an error
9999 #
10000 # Therefore, choose your custom info type name carefully after considering
10001 # what your data looks like. One way to select a name that has a high chance
10002 # of yielding reliable detection is to include one or more unicode characters
10003 # that are highly improbable to exist in your data.
10004 # For example, assuming your data is entered from a regular ASCII keyboard,
10005 # the symbol with the hex code point 29DD might be used like so:
10006 # ⧝MY_TOKEN_TYPE.
10007 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
10008 # creating a CustomInfoType, or one of the names listed
10009 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
10010 # a built-in type. InfoType names should conform to the pattern
10011 # `[a-zA-Z0-9_]{1,64}`.
10012 },
10013 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
10014 # referential integrity such that the same identifier in two different
10015 # contexts will be given a distinct surrogate. The context is appended to
10016 # plaintext value being encrypted. On decryption the provided context is
10017 # validated against the value used during encryption. If a context was
10018 # provided during encryption, same context must be provided during decryption
10019 # as well.
10020 #
10021 # If the context is not set, plaintext would be used as is for encryption.
10022 # If the context is set but:
10023 #
10024 # 1. there is no record present when transforming a given value or
10025 # 2. the field is not present when transforming a given value,
10026 #
10027 # plaintext would be used as is for encryption.
10028 #
10029 # Note that case (1) is expected when an `InfoTypeTransformation` is
10030 # applied to both structured and non-structured `ContentItem`s.
10031 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
10032 },
10033 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
10034 # a key encryption key (KEK) stored by KMS).
10035 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
10036 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
10037 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070010038 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
10039 # leaking the key. Choose another type of key if possible.
10040 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
10041 },
10042 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
10043 # It will be discarded after the request finishes.
10044 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
10045 # This is an arbitrary string used to differentiate different keys.
10046 # A unique key is generated per name: two separate `TransientCryptoKey`
10047 # protos share the same generated key if their names are the same.
10048 # When the data crypto key is generated, this name is not used in any way
10049 # (repeating the api call will result in a different key being generated).
10050 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010051 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
10052 # The wrapped key must be a 128/192/256 bit key.
10053 # Authorization requires the following IAM permissions when sending a request
10054 # to perform a crypto transformation using a kms-wrapped crypto key:
10055 # dlp.kms.encrypt
10056 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
10057 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
10058 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010059 },
10060 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010061 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
10062 # replacement values are dynamically provided by the user for custom behavior,
10063 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
10064 # This can be used on
10065 # data of type: number, long, string, timestamp.
10066 # If the bound `Value` type differs from the type of data being transformed, we
10067 # will first attempt converting the type of the data to be transformed to match
10068 # the type of the bound before comparing.
10069 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
10070 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
10071 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -070010072 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
10073 # the default behavior will be to hyphenate the min-max range.
10074 # Note that for the purposes of inspection or transformation, the number
10075 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10076 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10077 # 123456789, the number of bytes would be counted as 9, even though an
10078 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070010079 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10080 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10081 # and time zone are either specified elsewhere or are not significant. The date
10082 # is relative to the Proleptic Gregorian Calendar. This can represent:
10083 #
10084 # * A full date, with non-zero year, month and day values
10085 # * A month and day value, with a zero year, e.g. an anniversary
10086 # * A year on its own, with zero month and day values
10087 # * A year and month value, with a zero day, e.g. a credit card expiration date
10088 #
10089 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10090 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10091 # a year.
10092 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10093 # month and day.
10094 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10095 # if specifying a year by itself or a year and month where the day is not
10096 # significant.
10097 },
10098 &quot;stringValue&quot;: &quot;A String&quot;, # string
10099 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10100 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10101 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10102 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070010103 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10104 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10105 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010106 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10107 # allow the value 60 if it allows leap-seconds.
10108 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010109 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010110 &quot;booleanValue&quot;: True or False, # boolean
10111 &quot;floatValue&quot;: 3.14, # float
10112 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
10113 },
10114 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
10115 # used.
10116 # Note that for the purposes of inspection or transformation, the number
10117 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10118 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10119 # 123456789, the number of bytes would be counted as 9, even though an
10120 # int64 only holds up to 8 bytes of data.
10121 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10122 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10123 # and time zone are either specified elsewhere or are not significant. The date
10124 # is relative to the Proleptic Gregorian Calendar. This can represent:
10125 #
10126 # * A full date, with non-zero year, month and day values
10127 # * A month and day value, with a zero year, e.g. an anniversary
10128 # * A year on its own, with zero month and day values
10129 # * A year and month value, with a zero day, e.g. a credit card expiration date
10130 #
10131 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10132 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10133 # a year.
10134 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10135 # month and day.
10136 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10137 # if specifying a year by itself or a year and month where the day is not
10138 # significant.
10139 },
10140 &quot;stringValue&quot;: &quot;A String&quot;, # string
10141 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10142 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10143 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10144 # types are google.type.Date and `google.protobuf.Timestamp`.
10145 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10146 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10147 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10148 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10149 # allow the value 60 if it allows leap-seconds.
10150 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10151 },
10152 &quot;booleanValue&quot;: True or False, # boolean
10153 &quot;floatValue&quot;: 3.14, # float
10154 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
10155 },
10156 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
10157 # Note that for the purposes of inspection or transformation, the number
10158 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10159 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10160 # 123456789, the number of bytes would be counted as 9, even though an
10161 # int64 only holds up to 8 bytes of data.
10162 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10163 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10164 # and time zone are either specified elsewhere or are not significant. The date
10165 # is relative to the Proleptic Gregorian Calendar. This can represent:
10166 #
10167 # * A full date, with non-zero year, month and day values
10168 # * A month and day value, with a zero year, e.g. an anniversary
10169 # * A year on its own, with zero month and day values
10170 # * A year and month value, with a zero day, e.g. a credit card expiration date
10171 #
10172 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10173 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10174 # a year.
10175 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10176 # month and day.
10177 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10178 # if specifying a year by itself or a year and month where the day is not
10179 # significant.
10180 },
10181 &quot;stringValue&quot;: &quot;A String&quot;, # string
10182 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10183 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10184 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10185 # types are google.type.Date and `google.protobuf.Timestamp`.
10186 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10187 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10188 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10189 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10190 # allow the value 60 if it allows leap-seconds.
10191 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10192 },
10193 &quot;booleanValue&quot;: True or False, # boolean
10194 &quot;floatValue&quot;: 3.14, # float
10195 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010196 },
10197 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010198 ],
10199 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010200 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
10201 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
10202 # output would be &#x27;My phone number is &#x27;.
10203 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010204 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
10205 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
10206 # Note that for the purposes of inspection or transformation, the number
10207 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10208 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10209 # 123456789, the number of bytes would be counted as 9, even though an
10210 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070010211 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10212 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10213 # and time zone are either specified elsewhere or are not significant. The date
10214 # is relative to the Proleptic Gregorian Calendar. This can represent:
10215 #
10216 # * A full date, with non-zero year, month and day values
10217 # * A month and day value, with a zero year, e.g. an anniversary
10218 # * A year on its own, with zero month and day values
10219 # * A year and month value, with a zero day, e.g. a credit card expiration date
10220 #
10221 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10222 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10223 # a year.
10224 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10225 # month and day.
10226 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10227 # if specifying a year by itself or a year and month where the day is not
10228 # significant.
10229 },
10230 &quot;stringValue&quot;: &quot;A String&quot;, # string
10231 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10232 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10233 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10234 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070010235 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10236 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10237 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010238 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10239 # allow the value 60 if it allows leap-seconds.
10240 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070010241 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010242 &quot;booleanValue&quot;: True or False, # boolean
10243 &quot;floatValue&quot;: 3.14, # float
10244 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070010245 },
10246 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010247 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
10248 # Bucketing transformation can provide all of this functionality,
10249 # but requires more configuration. This message is provided as a convenience to
10250 # the user for simple bucketing strategies.
10251 #
10252 # The transformed value will be a hyphenated string of
10253 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
10254 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
10255 #
10256 # This can be used on data of type: double, long.
10257 #
10258 # If the bound Value type differs from the type of data
10259 # being transformed, we will first attempt converting the type of the data to
10260 # be transformed to match the type of the bound before comparing.
10261 #
10262 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -070010263 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
10264 # grouped together into a single bucket; for example if `upper_bound` = 89,
10265 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
10266 # Note that for the purposes of inspection or transformation, the number
10267 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10268 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10269 # 123456789, the number of bytes would be counted as 9, even though an
10270 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070010271 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10272 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10273 # and time zone are either specified elsewhere or are not significant. The date
10274 # is relative to the Proleptic Gregorian Calendar. This can represent:
10275 #
10276 # * A full date, with non-zero year, month and day values
10277 # * A month and day value, with a zero year, e.g. an anniversary
10278 # * A year on its own, with zero month and day values
10279 # * A year and month value, with a zero day, e.g. a credit card expiration date
10280 #
10281 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10282 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10283 # a year.
10284 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10285 # month and day.
10286 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10287 # if specifying a year by itself or a year and month where the day is not
10288 # significant.
10289 },
10290 &quot;stringValue&quot;: &quot;A String&quot;, # string
10291 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10292 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10293 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10294 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070010295 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10296 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10297 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010298 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10299 # allow the value 60 if it allows leap-seconds.
10300 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070010301 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010302 &quot;booleanValue&quot;: True or False, # boolean
10303 &quot;floatValue&quot;: 3.14, # float
10304 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070010305 },
10306 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
10307 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
10308 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
10309 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010310 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
10311 # grouped together into a single bucket; for example if `lower_bound` = 10,
10312 # then all values less than 10 are replaced with the value &quot;-10&quot;.
10313 # Note that for the purposes of inspection or transformation, the number
10314 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10315 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10316 # 123456789, the number of bytes would be counted as 9, even though an
10317 # int64 only holds up to 8 bytes of data.
10318 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10319 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10320 # and time zone are either specified elsewhere or are not significant. The date
10321 # is relative to the Proleptic Gregorian Calendar. This can represent:
10322 #
10323 # * A full date, with non-zero year, month and day values
10324 # * A month and day value, with a zero year, e.g. an anniversary
10325 # * A year on its own, with zero month and day values
10326 # * A year and month value, with a zero day, e.g. a credit card expiration date
10327 #
10328 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10329 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10330 # a year.
10331 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10332 # month and day.
10333 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10334 # if specifying a year by itself or a year and month where the day is not
10335 # significant.
10336 },
10337 &quot;stringValue&quot;: &quot;A String&quot;, # string
10338 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10339 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10340 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10341 # types are google.type.Date and `google.protobuf.Timestamp`.
10342 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10343 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10344 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10345 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10346 # allow the value 60 if it allows leap-seconds.
10347 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10348 },
10349 &quot;booleanValue&quot;: True or False, # boolean
10350 &quot;floatValue&quot;: 3.14, # float
10351 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
10352 },
10353 },
10354 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
10355 # fixed character. Masking can start from the beginning or end of the string.
10356 # This can be used on data of any type (numbers, longs, and so on) and when
10357 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
10358 # type. (This allows you to take a long like 123 and modify it to a string like
10359 # **3.
10360 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
10361 # characters. For example, if the input string is `555-555-5555` and you
10362 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
10363 # returns `***-**5-5555`.
10364 { # Characters to skip when doing deidentification of a value. These will be left
10365 # alone and skipped.
10366 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
10367 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
10368 # punctuation.
10369 },
10370 ],
10371 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
10372 # masked. Skipped characters do not count towards this tally.
10373 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
10374 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
10375 # code or credit card number. This string must have a length of 1. If not
10376 # supplied, this value defaults to `*` for strings, and `0` for digits.
10377 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
10378 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
10379 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
10380 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
10381 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -070010382 },
10383 },
10384 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
10385 # given `RecordCondition`. The conditions are allowed to reference fields
10386 # that are not used in the actual transformation.
10387 #
10388 # Example Use Cases:
10389 #
10390 # - Apply a different bucket transformation to an age column if the zip code
10391 # column for the same record is within a specific range.
10392 # - Redact a field if the date of birth field is greater than 85.
10393 # a field.
10394 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
10395 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
10396 # only supported value is `AND`.
10397 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
10398 &quot;conditions&quot;: [ # A collection of conditions.
10399 { # The field type of `value` and `field` do not need to match to be
10400 # considered equal, but not all comparisons are possible.
10401 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
10402 # but all other comparisons are invalid with incompatible types.
10403 # A `value` of type:
10404 #
10405 # - `string` can be compared against all other types
10406 # - `boolean` can only be compared against other booleans
10407 # - `integer` can be compared against doubles or a string if the string value
10408 # can be parsed as an integer.
10409 # - `double` can be compared against integers or a string if the string can
10410 # be parsed as a double.
10411 # - `Timestamp` can be compared against strings in RFC 3339 date string
10412 # format.
10413 # - `TimeOfDay` can be compared against timestamps and strings in the format
10414 # of &#x27;HH:mm:ss&#x27;.
10415 #
10416 # If we fail to compare do to type mismatch, a warning will be given and
10417 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -070010418 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
10419 # Note that for the purposes of inspection or transformation, the number
10420 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10421 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10422 # 123456789, the number of bytes would be counted as 9, even though an
10423 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070010424 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10425 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10426 # and time zone are either specified elsewhere or are not significant. The date
10427 # is relative to the Proleptic Gregorian Calendar. This can represent:
10428 #
10429 # * A full date, with non-zero year, month and day values
10430 # * A month and day value, with a zero year, e.g. an anniversary
10431 # * A year on its own, with zero month and day values
10432 # * A year and month value, with a zero day, e.g. a credit card expiration date
10433 #
10434 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10435 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10436 # a year.
10437 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10438 # month and day.
10439 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10440 # if specifying a year by itself or a year and month where the day is not
10441 # significant.
10442 },
10443 &quot;stringValue&quot;: &quot;A String&quot;, # string
10444 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10445 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10446 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10447 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070010448 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10449 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10450 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010451 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10452 # allow the value 60 if it allows leap-seconds.
10453 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070010454 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010455 &quot;booleanValue&quot;: True or False, # boolean
10456 &quot;floatValue&quot;: 3.14, # float
10457 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070010458 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010459 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
10460 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
10461 },
10462 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010463 },
10464 ],
10465 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010466 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010467 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010468 },
10469 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010470 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
10471 # match any suppression rule are omitted from the output.
10472 { # Configuration to suppress records whose suppression conditions evaluate to
10473 # true.
10474 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
10475 # evaluated to be suppressed from the transformed content.
10476 # a field.
10477 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
10478 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
10479 # only supported value is `AND`.
10480 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
10481 &quot;conditions&quot;: [ # A collection of conditions.
10482 { # The field type of `value` and `field` do not need to match to be
10483 # considered equal, but not all comparisons are possible.
10484 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
10485 # but all other comparisons are invalid with incompatible types.
10486 # A `value` of type:
10487 #
10488 # - `string` can be compared against all other types
10489 # - `boolean` can only be compared against other booleans
10490 # - `integer` can be compared against doubles or a string if the string value
10491 # can be parsed as an integer.
10492 # - `double` can be compared against integers or a string if the string can
10493 # be parsed as a double.
10494 # - `Timestamp` can be compared against strings in RFC 3339 date string
10495 # format.
10496 # - `TimeOfDay` can be compared against timestamps and strings in the format
10497 # of &#x27;HH:mm:ss&#x27;.
10498 #
10499 # If we fail to compare do to type mismatch, a warning will be given and
10500 # the condition will evaluate to false.
10501 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
10502 # Note that for the purposes of inspection or transformation, the number
10503 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10504 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10505 # 123456789, the number of bytes would be counted as 9, even though an
10506 # int64 only holds up to 8 bytes of data.
10507 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10508 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10509 # and time zone are either specified elsewhere or are not significant. The date
10510 # is relative to the Proleptic Gregorian Calendar. This can represent:
10511 #
10512 # * A full date, with non-zero year, month and day values
10513 # * A month and day value, with a zero year, e.g. an anniversary
10514 # * A year on its own, with zero month and day values
10515 # * A year and month value, with a zero day, e.g. a credit card expiration date
10516 #
10517 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10518 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10519 # a year.
10520 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10521 # month and day.
10522 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10523 # if specifying a year by itself or a year and month where the day is not
10524 # significant.
10525 },
10526 &quot;stringValue&quot;: &quot;A String&quot;, # string
10527 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10528 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10529 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10530 # types are google.type.Date and `google.protobuf.Timestamp`.
10531 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10532 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10533 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10534 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10535 # allow the value 60 if it allows leap-seconds.
10536 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10537 },
10538 &quot;booleanValue&quot;: True or False, # boolean
10539 &quot;floatValue&quot;: 3.14, # float
10540 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070010541 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010542 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
10543 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -070010544 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010545 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -070010546 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010547 ],
Bu Sun Kim65020912020-05-20 12:08:20 -070010548 },
10549 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010550 },
10551 },
10552 ],
Dan O'Mearadd494642020-05-01 07:42:23 -070010553 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010554 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010555 },
Bu Sun Kim65020912020-05-20 12:08:20 -070010556 &quot;updateMask&quot;: &quot;A String&quot;, # Mask to control which fields get updated.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010557 }
10558
10559 x__xgafv: string, V1 error format.
10560 Allowed values
10561 1 - v1 error format
10562 2 - v2 error format
10563
10564Returns:
10565 An object of the form:
10566
Dan O'Mearadd494642020-05-01 07:42:23 -070010567 { # DeidentifyTemplates contains instructions on how to de-identify content.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070010568 # See https://cloud.google.com/dlp/docs/concepts-templates to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -070010569 &quot;name&quot;: &quot;A String&quot;, # Output only. The template name.
10570 #
10571 # The template will have one of the following formats:
10572 # `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR
10573 # `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`
10574 &quot;description&quot;: &quot;A String&quot;, # Short description (max 256 chars).
10575 &quot;displayName&quot;: &quot;A String&quot;, # Display name (max 256 chars).
10576 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The creation timestamp of an inspectTemplate.
10577 &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The last update timestamp of an inspectTemplate.
10578 &quot;deidentifyConfig&quot;: { # The configuration that controls how the data will change. # ///////////// // The core content of the template // ///////////////
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070010579 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text
10580 # transformation everywhere.
10581 # apply various `PrimitiveTransformation`s to each finding, where the
10582 # transformation is applied to only values that were identified as a specific
10583 # info_type.
10584 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
10585 # for a given infoType.
10586 { # A transformation to apply to text that is identified as a specific
10587 # info_type.
10588 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
10589 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
10590 # portion of the value.
10591 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
10592 },
10593 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
10594 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
10595 # to learn more.
10596 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
10597 # If set, must also set cryptoKey. If set, shift will be consistent for the
10598 # given context.
10599 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
10600 },
10601 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
10602 # range (inclusive ends). Negative means shift to earlier in time. Must not
10603 # be more than 365250 days (1000 years) each direction.
10604 #
10605 # For example, 3 means shift date to at most 3 days into the future.
10606 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
10607 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
10608 # results in the same shift for the same context and crypto_key. If
10609 # set, must also set context. Can only be applied to table items.
10610 # a key encryption key (KEK) stored by KMS).
10611 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
10612 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
10613 # unwrap the data crypto key.
10614 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
10615 # leaking the key. Choose another type of key if possible.
10616 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
10617 },
10618 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
10619 # It will be discarded after the request finishes.
10620 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
10621 # This is an arbitrary string used to differentiate different keys.
10622 # A unique key is generated per name: two separate `TransientCryptoKey`
10623 # protos share the same generated key if their names are the same.
10624 # When the data crypto key is generated, this name is not used in any way
10625 # (repeating the api call will result in a different key being generated).
10626 },
10627 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
10628 # The wrapped key must be a 128/192/256 bit key.
10629 # Authorization requires the following IAM permissions when sending a request
10630 # to perform a crypto transformation using a kms-wrapped crypto key:
10631 # dlp.kms.encrypt
10632 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
10633 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
10634 },
10635 },
10636 },
10637 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
10638 },
10639 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
10640 # Uses SHA-256.
10641 # The key size must be either 32 or 64 bytes.
10642 # Outputs a base64 encoded representation of the hashed output
10643 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
10644 # Currently, only string and integer values can be hashed.
10645 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
10646 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
10647 # a key encryption key (KEK) stored by KMS).
10648 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
10649 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
10650 # unwrap the data crypto key.
10651 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
10652 # leaking the key. Choose another type of key if possible.
10653 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
10654 },
10655 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
10656 # It will be discarded after the request finishes.
10657 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
10658 # This is an arbitrary string used to differentiate different keys.
10659 # A unique key is generated per name: two separate `TransientCryptoKey`
10660 # protos share the same generated key if their names are the same.
10661 # When the data crypto key is generated, this name is not used in any way
10662 # (repeating the api call will result in a different key being generated).
10663 },
10664 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
10665 # The wrapped key must be a 128/192/256 bit key.
10666 # Authorization requires the following IAM permissions when sending a request
10667 # to perform a crypto transformation using a kms-wrapped crypto key:
10668 # dlp.kms.encrypt
10669 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
10670 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
10671 },
10672 },
10673 },
10674 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
10675 # (FPE) with the FFX mode of operation; however when used in the
10676 # `ReidentifyContent` API method, it serves the opposite function by reversing
10677 # the surrogate back into the original identifier. The identifier must be
10678 # encoded as ASCII. For a given crypto key and context, the same identifier
10679 # will be replaced with the same surrogate. Identifiers must be at least two
10680 # characters long. In the case that the identifier is the empty string, it will
10681 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
10682 # more.
10683 #
10684 # Note: We recommend using CryptoDeterministicConfig for all use cases which
10685 # do not require preserving the input alphabet space and size, plus warrant
10686 # referential integrity.
10687 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
10688 # This annotation will be applied to the surrogate by prefixing it with
10689 # the name of the custom infoType followed by the number of
10690 # characters comprising the surrogate. The following scheme defines the
10691 # format: info_type_name(surrogate_character_count):surrogate
10692 #
10693 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
10694 # the surrogate is &#x27;abc&#x27;, the full replacement value
10695 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
10696 #
10697 # This annotation identifies the surrogate when inspecting content using the
10698 # custom infoType
10699 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
10700 # This facilitates reversal of the surrogate when it occurs in free text.
10701 #
10702 # In order for inspection to work properly, the name of this infoType must
10703 # not occur naturally anywhere in your data; otherwise, inspection may
10704 # find a surrogate that does not correspond to an actual identifier.
10705 # Therefore, choose your custom infoType name carefully after considering
10706 # what your data looks like. One way to select a name that has a high chance
10707 # of yielding reliable detection is to include one or more unicode characters
10708 # that are highly improbable to exist in your data.
10709 # For example, assuming your data is entered from a regular ASCII keyboard,
10710 # the symbol with the hex code point 29DD might be used like so:
10711 # ⧝MY_TOKEN_TYPE
10712 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
10713 # creating a CustomInfoType, or one of the names listed
10714 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
10715 # a built-in type. InfoType names should conform to the pattern
10716 # `[a-zA-Z0-9_]{1,64}`.
10717 },
10718 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
10719 # identifier in two different contexts won&#x27;t be given the same surrogate. If
10720 # the context is not set, a default tweak will be used.
10721 #
10722 # If the context is set but:
10723 #
10724 # 1. there is no record present when transforming a given value or
10725 # 1. the field is not present when transforming a given value,
10726 #
10727 # a default tweak will be used.
10728 #
10729 # Note that case (1) is expected when an `InfoTypeTransformation` is
10730 # applied to both structured and non-structured `ContentItem`s.
10731 # Currently, the referenced field may be of value type integer or string.
10732 #
10733 # The tweak is constructed as a sequence of bytes in big endian byte order
10734 # such that:
10735 #
10736 # - a 64 bit integer is encoded followed by a single byte of value 1
10737 # - a string is encoded in UTF-8 format followed by a single byte of value 2
10738 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
10739 },
10740 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
10741 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
10742 # a key encryption key (KEK) stored by KMS).
10743 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
10744 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
10745 # unwrap the data crypto key.
10746 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
10747 # leaking the key. Choose another type of key if possible.
10748 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
10749 },
10750 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
10751 # It will be discarded after the request finishes.
10752 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
10753 # This is an arbitrary string used to differentiate different keys.
10754 # A unique key is generated per name: two separate `TransientCryptoKey`
10755 # protos share the same generated key if their names are the same.
10756 # When the data crypto key is generated, this name is not used in any way
10757 # (repeating the api call will result in a different key being generated).
10758 },
10759 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
10760 # The wrapped key must be a 128/192/256 bit key.
10761 # Authorization requires the following IAM permissions when sending a request
10762 # to perform a crypto transformation using a kms-wrapped crypto key:
10763 # dlp.kms.encrypt
10764 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
10765 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
10766 },
10767 },
10768 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
10769 # that the FFX mode natively supports. This happens before/after
10770 # encryption/decryption.
10771 # Each character listed must appear only once.
10772 # Number of characters must be in the range [2, 95].
10773 # This must be encoded as ASCII.
10774 # The order of characters does not matter.
10775 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
10776 },
10777 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
10778 # input. Outputs a base64 encoded representation of the encrypted output.
10779 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
10780 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
10781 # This annotation will be applied to the surrogate by prefixing it with
10782 # the name of the custom info type followed by the number of
10783 # characters comprising the surrogate. The following scheme defines the
10784 # format: {info type name}({surrogate character count}):{surrogate}
10785 #
10786 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
10787 # the surrogate is &#x27;abc&#x27;, the full replacement value
10788 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
10789 #
10790 # This annotation identifies the surrogate when inspecting content using the
10791 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
10792 # surrogate when it occurs in free text.
10793 #
10794 # Note: For record transformations where the entire cell in a table is being
10795 # transformed, surrogates are not mandatory. Surrogates are used to denote
10796 # the location of the token and are necessary for re-identification in free
10797 # form text.
10798 #
10799 # In order for inspection to work properly, the name of this info type must
10800 # not occur naturally anywhere in your data; otherwise, inspection may either
10801 #
10802 # - reverse a surrogate that does not correspond to an actual identifier
10803 # - be unable to parse the surrogate and result in an error
10804 #
10805 # Therefore, choose your custom info type name carefully after considering
10806 # what your data looks like. One way to select a name that has a high chance
10807 # of yielding reliable detection is to include one or more unicode characters
10808 # that are highly improbable to exist in your data.
10809 # For example, assuming your data is entered from a regular ASCII keyboard,
10810 # the symbol with the hex code point 29DD might be used like so:
10811 # ⧝MY_TOKEN_TYPE.
10812 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
10813 # creating a CustomInfoType, or one of the names listed
10814 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
10815 # a built-in type. InfoType names should conform to the pattern
10816 # `[a-zA-Z0-9_]{1,64}`.
10817 },
10818 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
10819 # referential integrity such that the same identifier in two different
10820 # contexts will be given a distinct surrogate. The context is appended to
10821 # plaintext value being encrypted. On decryption the provided context is
10822 # validated against the value used during encryption. If a context was
10823 # provided during encryption, same context must be provided during decryption
10824 # as well.
10825 #
10826 # If the context is not set, plaintext would be used as is for encryption.
10827 # If the context is set but:
10828 #
10829 # 1. there is no record present when transforming a given value or
10830 # 2. the field is not present when transforming a given value,
10831 #
10832 # plaintext would be used as is for encryption.
10833 #
10834 # Note that case (1) is expected when an `InfoTypeTransformation` is
10835 # applied to both structured and non-structured `ContentItem`s.
10836 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
10837 },
10838 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
10839 # a key encryption key (KEK) stored by KMS).
10840 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
10841 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
10842 # unwrap the data crypto key.
10843 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
10844 # leaking the key. Choose another type of key if possible.
10845 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
10846 },
10847 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
10848 # It will be discarded after the request finishes.
10849 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
10850 # This is an arbitrary string used to differentiate different keys.
10851 # A unique key is generated per name: two separate `TransientCryptoKey`
10852 # protos share the same generated key if their names are the same.
10853 # When the data crypto key is generated, this name is not used in any way
10854 # (repeating the api call will result in a different key being generated).
10855 },
10856 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
10857 # The wrapped key must be a 128/192/256 bit key.
10858 # Authorization requires the following IAM permissions when sending a request
10859 # to perform a crypto transformation using a kms-wrapped crypto key:
10860 # dlp.kms.encrypt
10861 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
10862 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
10863 },
10864 },
10865 },
10866 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
10867 # replacement values are dynamically provided by the user for custom behavior,
10868 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
10869 # This can be used on
10870 # data of type: number, long, string, timestamp.
10871 # If the bound `Value` type differs from the type of data being transformed, we
10872 # will first attempt converting the type of the data to be transformed to match
10873 # the type of the bound before comparing.
10874 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
10875 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
10876 { # Bucket is represented as a range, along with replacement values.
10877 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
10878 # the default behavior will be to hyphenate the min-max range.
10879 # Note that for the purposes of inspection or transformation, the number
10880 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10881 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10882 # 123456789, the number of bytes would be counted as 9, even though an
10883 # int64 only holds up to 8 bytes of data.
10884 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10885 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10886 # and time zone are either specified elsewhere or are not significant. The date
10887 # is relative to the Proleptic Gregorian Calendar. This can represent:
10888 #
10889 # * A full date, with non-zero year, month and day values
10890 # * A month and day value, with a zero year, e.g. an anniversary
10891 # * A year on its own, with zero month and day values
10892 # * A year and month value, with a zero day, e.g. a credit card expiration date
10893 #
10894 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10895 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10896 # a year.
10897 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10898 # month and day.
10899 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10900 # if specifying a year by itself or a year and month where the day is not
10901 # significant.
10902 },
10903 &quot;stringValue&quot;: &quot;A String&quot;, # string
10904 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10905 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10906 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10907 # types are google.type.Date and `google.protobuf.Timestamp`.
10908 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10909 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10910 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10911 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10912 # allow the value 60 if it allows leap-seconds.
10913 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10914 },
10915 &quot;booleanValue&quot;: True or False, # boolean
10916 &quot;floatValue&quot;: 3.14, # float
10917 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
10918 },
10919 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
10920 # used.
10921 # Note that for the purposes of inspection or transformation, the number
10922 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10923 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10924 # 123456789, the number of bytes would be counted as 9, even though an
10925 # int64 only holds up to 8 bytes of data.
10926 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10927 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10928 # and time zone are either specified elsewhere or are not significant. The date
10929 # is relative to the Proleptic Gregorian Calendar. This can represent:
10930 #
10931 # * A full date, with non-zero year, month and day values
10932 # * A month and day value, with a zero year, e.g. an anniversary
10933 # * A year on its own, with zero month and day values
10934 # * A year and month value, with a zero day, e.g. a credit card expiration date
10935 #
10936 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10937 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10938 # a year.
10939 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10940 # month and day.
10941 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10942 # if specifying a year by itself or a year and month where the day is not
10943 # significant.
10944 },
10945 &quot;stringValue&quot;: &quot;A String&quot;, # string
10946 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10947 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10948 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10949 # types are google.type.Date and `google.protobuf.Timestamp`.
10950 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10951 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10952 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10953 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10954 # allow the value 60 if it allows leap-seconds.
10955 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10956 },
10957 &quot;booleanValue&quot;: True or False, # boolean
10958 &quot;floatValue&quot;: 3.14, # float
10959 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
10960 },
10961 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
10962 # Note that for the purposes of inspection or transformation, the number
10963 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
10964 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
10965 # 123456789, the number of bytes would be counted as 9, even though an
10966 # int64 only holds up to 8 bytes of data.
10967 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
10968 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
10969 # and time zone are either specified elsewhere or are not significant. The date
10970 # is relative to the Proleptic Gregorian Calendar. This can represent:
10971 #
10972 # * A full date, with non-zero year, month and day values
10973 # * A month and day value, with a zero year, e.g. an anniversary
10974 # * A year on its own, with zero month and day values
10975 # * A year and month value, with a zero day, e.g. a credit card expiration date
10976 #
10977 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
10978 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
10979 # a year.
10980 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
10981 # month and day.
10982 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
10983 # if specifying a year by itself or a year and month where the day is not
10984 # significant.
10985 },
10986 &quot;stringValue&quot;: &quot;A String&quot;, # string
10987 &quot;integerValue&quot;: &quot;A String&quot;, # integer
10988 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
10989 # or are specified elsewhere. An API may choose to allow leap seconds. Related
10990 # types are google.type.Date and `google.protobuf.Timestamp`.
10991 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
10992 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
10993 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
10994 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
10995 # allow the value 60 if it allows leap-seconds.
10996 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
10997 },
10998 &quot;booleanValue&quot;: True or False, # boolean
10999 &quot;floatValue&quot;: 3.14, # float
11000 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11001 },
11002 },
11003 ],
11004 },
11005 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
11006 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
11007 # output would be &#x27;My phone number is &#x27;.
11008 },
11009 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
11010 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
11011 # Note that for the purposes of inspection or transformation, the number
11012 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11013 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11014 # 123456789, the number of bytes would be counted as 9, even though an
11015 # int64 only holds up to 8 bytes of data.
11016 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11017 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11018 # and time zone are either specified elsewhere or are not significant. The date
11019 # is relative to the Proleptic Gregorian Calendar. This can represent:
11020 #
11021 # * A full date, with non-zero year, month and day values
11022 # * A month and day value, with a zero year, e.g. an anniversary
11023 # * A year on its own, with zero month and day values
11024 # * A year and month value, with a zero day, e.g. a credit card expiration date
11025 #
11026 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11027 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11028 # a year.
11029 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11030 # month and day.
11031 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11032 # if specifying a year by itself or a year and month where the day is not
11033 # significant.
11034 },
11035 &quot;stringValue&quot;: &quot;A String&quot;, # string
11036 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11037 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11038 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11039 # types are google.type.Date and `google.protobuf.Timestamp`.
11040 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11041 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11042 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11043 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11044 # allow the value 60 if it allows leap-seconds.
11045 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11046 },
11047 &quot;booleanValue&quot;: True or False, # boolean
11048 &quot;floatValue&quot;: 3.14, # float
11049 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11050 },
11051 },
11052 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
11053 # Bucketing transformation can provide all of this functionality,
11054 # but requires more configuration. This message is provided as a convenience to
11055 # the user for simple bucketing strategies.
11056 #
11057 # The transformed value will be a hyphenated string of
11058 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
11059 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
11060 #
11061 # This can be used on data of type: double, long.
11062 #
11063 # If the bound Value type differs from the type of data
11064 # being transformed, we will first attempt converting the type of the data to
11065 # be transformed to match the type of the bound before comparing.
11066 #
11067 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
11068 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
11069 # grouped together into a single bucket; for example if `upper_bound` = 89,
11070 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
11071 # Note that for the purposes of inspection or transformation, the number
11072 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11073 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11074 # 123456789, the number of bytes would be counted as 9, even though an
11075 # int64 only holds up to 8 bytes of data.
11076 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11077 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11078 # and time zone are either specified elsewhere or are not significant. The date
11079 # is relative to the Proleptic Gregorian Calendar. This can represent:
11080 #
11081 # * A full date, with non-zero year, month and day values
11082 # * A month and day value, with a zero year, e.g. an anniversary
11083 # * A year on its own, with zero month and day values
11084 # * A year and month value, with a zero day, e.g. a credit card expiration date
11085 #
11086 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11087 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11088 # a year.
11089 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11090 # month and day.
11091 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11092 # if specifying a year by itself or a year and month where the day is not
11093 # significant.
11094 },
11095 &quot;stringValue&quot;: &quot;A String&quot;, # string
11096 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11097 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11098 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11099 # types are google.type.Date and `google.protobuf.Timestamp`.
11100 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11101 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11102 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11103 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11104 # allow the value 60 if it allows leap-seconds.
11105 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11106 },
11107 &quot;booleanValue&quot;: True or False, # boolean
11108 &quot;floatValue&quot;: 3.14, # float
11109 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11110 },
11111 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
11112 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
11113 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
11114 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
11115 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
11116 # grouped together into a single bucket; for example if `lower_bound` = 10,
11117 # then all values less than 10 are replaced with the value &quot;-10&quot;.
11118 # Note that for the purposes of inspection or transformation, the number
11119 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11120 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11121 # 123456789, the number of bytes would be counted as 9, even though an
11122 # int64 only holds up to 8 bytes of data.
11123 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11124 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11125 # and time zone are either specified elsewhere or are not significant. The date
11126 # is relative to the Proleptic Gregorian Calendar. This can represent:
11127 #
11128 # * A full date, with non-zero year, month and day values
11129 # * A month and day value, with a zero year, e.g. an anniversary
11130 # * A year on its own, with zero month and day values
11131 # * A year and month value, with a zero day, e.g. a credit card expiration date
11132 #
11133 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11134 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11135 # a year.
11136 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11137 # month and day.
11138 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11139 # if specifying a year by itself or a year and month where the day is not
11140 # significant.
11141 },
11142 &quot;stringValue&quot;: &quot;A String&quot;, # string
11143 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11144 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11145 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11146 # types are google.type.Date and `google.protobuf.Timestamp`.
11147 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11148 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11149 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11150 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11151 # allow the value 60 if it allows leap-seconds.
11152 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11153 },
11154 &quot;booleanValue&quot;: True or False, # boolean
11155 &quot;floatValue&quot;: 3.14, # float
11156 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11157 },
11158 },
11159 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
11160 # fixed character. Masking can start from the beginning or end of the string.
11161 # This can be used on data of any type (numbers, longs, and so on) and when
11162 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
11163 # type. (This allows you to take a long like 123 and modify it to a string like
11164 # **3.
11165 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
11166 # characters. For example, if the input string is `555-555-5555` and you
11167 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
11168 # returns `***-**5-5555`.
11169 { # Characters to skip when doing deidentification of a value. These will be left
11170 # alone and skipped.
11171 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
11172 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
11173 # punctuation.
11174 },
11175 ],
11176 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
11177 # masked. Skipped characters do not count towards this tally.
11178 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
11179 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
11180 # code or credit card number. This string must have a length of 1. If not
11181 # supplied, this value defaults to `*` for strings, and `0` for digits.
11182 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
11183 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
11184 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
11185 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
11186 # is `true`, then the string `12345` is masked as `12***`.
11187 },
11188 },
11189 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
11190 # this transformation to apply to all findings that correspond to
11191 # infoTypes that were requested in `InspectConfig`.
11192 { # Type of information detected by the API.
11193 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
11194 # creating a CustomInfoType, or one of the names listed
11195 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
11196 # a built-in type. InfoType names should conform to the pattern
11197 # `[a-zA-Z0-9_]{1,64}`.
11198 },
11199 ],
11200 },
11201 ],
11202 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011203 &quot;transformationErrorHandling&quot;: { # How to handle transformation errors during de-identification. A # Mode for handling transformation errors. If left unspecified, the default
11204 # mode is `TransformationErrorHandling.ThrowError`.
11205 # transformation error occurs when the requested transformation is incompatible
11206 # with the data. For example, trying to de-identify an IP address using a
11207 # `DateShift` transformation would result in a transformation error, since date
11208 # info cannot be extracted from an IP address.
11209 # Information about any incompatible transformations, and how they were
11210 # handled, is returned in the response as part of the
11211 # `TransformationOverviews`.
11212 &quot;throwError&quot;: { # Throw an error and fail the request when a transformation error occurs. # Throw an error
11213 },
11214 &quot;leaveUntransformed&quot;: { # Skips the data without modifying it if the requested transformation would # Ignore errors
11215 # cause an error. For example, if a `DateShift` transformation were applied
11216 # an an IP address, this mode would leave the IP address unchanged in the
11217 # response.
11218 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011219 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011220 &quot;recordTransformations&quot;: { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011221 # specific locations within structured datasets, such as transforming
11222 # a column within a table.
11223 # table.
Bu Sun Kim65020912020-05-20 12:08:20 -070011224 &quot;fieldTransformations&quot;: [ # Transform the record by applying various field transformations.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011225 { # The transformation to apply to the field.
Bu Sun Kim65020912020-05-20 12:08:20 -070011226 &quot;fields&quot;: [ # Required. Input field(s) to apply the transformation to.
Dan O'Mearadd494642020-05-01 07:42:23 -070011227 { # General identifier of a data field in a storage service.
Bu Sun Kim65020912020-05-20 12:08:20 -070011228 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Dan O'Mearadd494642020-05-01 07:42:23 -070011229 },
11230 ],
Bu Sun Kim65020912020-05-20 12:08:20 -070011231 &quot;infoTypeTransformations&quot;: { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011232 # transform content that matches an `InfoType`.
11233 # apply various `PrimitiveTransformation`s to each finding, where the
11234 # transformation is applied to only values that were identified as a specific
11235 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -070011236 &quot;transformations&quot;: [ # Required. Transformation for each infoType. Cannot specify more than one
Dan O'Mearadd494642020-05-01 07:42:23 -070011237 # for a given infoType.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011238 { # A transformation to apply to text that is identified as a specific
11239 # info_type.
Bu Sun Kim65020912020-05-20 12:08:20 -070011240 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Required. Primitive transformation to apply to the infoType.
11241 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
11242 # portion of the value.
11243 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
11244 },
11245 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
11246 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
11247 # to learn more.
11248 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
11249 # If set, must also set cryptoKey. If set, shift will be consistent for the
11250 # given context.
11251 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
11252 },
11253 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
11254 # range (inclusive ends). Negative means shift to earlier in time. Must not
11255 # be more than 365250 days (1000 years) each direction.
11256 #
11257 # For example, 3 means shift date to at most 3 days into the future.
11258 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
11259 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
11260 # results in the same shift for the same context and crypto_key. If
11261 # set, must also set context. Can only be applied to table items.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011262 # a key encryption key (KEK) stored by KMS).
11263 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11264 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11265 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011266 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011267 # leaking the key. Choose another type of key if possible.
Bu Sun Kim65020912020-05-20 12:08:20 -070011268 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011269 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011270 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011271 # It will be discarded after the request finishes.
Bu Sun Kim65020912020-05-20 12:08:20 -070011272 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011273 # This is an arbitrary string used to differentiate different keys.
11274 # A unique key is generated per name: two separate `TransientCryptoKey`
11275 # protos share the same generated key if their names are the same.
11276 # When the data crypto key is generated, this name is not used in any way
11277 # (repeating the api call will result in a different key being generated).
11278 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011279 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11280 # The wrapped key must be a 128/192/256 bit key.
11281 # Authorization requires the following IAM permissions when sending a request
11282 # to perform a crypto transformation using a kms-wrapped crypto key:
11283 # dlp.kms.encrypt
11284 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11285 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11286 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011287 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011288 },
11289 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
11290 },
11291 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
11292 # Uses SHA-256.
11293 # The key size must be either 32 or 64 bytes.
11294 # Outputs a base64 encoded representation of the hashed output
11295 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
11296 # Currently, only string and integer values can be hashed.
11297 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
11298 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
11299 # a key encryption key (KEK) stored by KMS).
11300 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11301 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11302 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011303 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
11304 # leaking the key. Choose another type of key if possible.
11305 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
11306 },
11307 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
11308 # It will be discarded after the request finishes.
11309 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
11310 # This is an arbitrary string used to differentiate different keys.
11311 # A unique key is generated per name: two separate `TransientCryptoKey`
11312 # protos share the same generated key if their names are the same.
11313 # When the data crypto key is generated, this name is not used in any way
11314 # (repeating the api call will result in a different key being generated).
11315 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011316 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11317 # The wrapped key must be a 128/192/256 bit key.
11318 # Authorization requires the following IAM permissions when sending a request
11319 # to perform a crypto transformation using a kms-wrapped crypto key:
11320 # dlp.kms.encrypt
11321 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11322 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11323 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011324 },
11325 },
11326 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
11327 # (FPE) with the FFX mode of operation; however when used in the
11328 # `ReidentifyContent` API method, it serves the opposite function by reversing
11329 # the surrogate back into the original identifier. The identifier must be
11330 # encoded as ASCII. For a given crypto key and context, the same identifier
11331 # will be replaced with the same surrogate. Identifiers must be at least two
11332 # characters long. In the case that the identifier is the empty string, it will
11333 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
11334 # more.
11335 #
11336 # Note: We recommend using CryptoDeterministicConfig for all use cases which
11337 # do not require preserving the input alphabet space and size, plus warrant
11338 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -070011339 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
11340 # This annotation will be applied to the surrogate by prefixing it with
11341 # the name of the custom infoType followed by the number of
11342 # characters comprising the surrogate. The following scheme defines the
11343 # format: info_type_name(surrogate_character_count):surrogate
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011344 #
Bu Sun Kim65020912020-05-20 12:08:20 -070011345 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
11346 # the surrogate is &#x27;abc&#x27;, the full replacement value
11347 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
11348 #
11349 # This annotation identifies the surrogate when inspecting content using the
11350 # custom infoType
11351 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
11352 # This facilitates reversal of the surrogate when it occurs in free text.
11353 #
11354 # In order for inspection to work properly, the name of this infoType must
11355 # not occur naturally anywhere in your data; otherwise, inspection may
11356 # find a surrogate that does not correspond to an actual identifier.
11357 # Therefore, choose your custom infoType name carefully after considering
11358 # what your data looks like. One way to select a name that has a high chance
11359 # of yielding reliable detection is to include one or more unicode characters
11360 # that are highly improbable to exist in your data.
11361 # For example, assuming your data is entered from a regular ASCII keyboard,
11362 # the symbol with the hex code point 29DD might be used like so:
11363 # ⧝MY_TOKEN_TYPE
11364 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
11365 # creating a CustomInfoType, or one of the names listed
11366 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
11367 # a built-in type. InfoType names should conform to the pattern
11368 # `[a-zA-Z0-9_]{1,64}`.
11369 },
11370 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
11371 # identifier in two different contexts won&#x27;t be given the same surrogate. If
11372 # the context is not set, a default tweak will be used.
11373 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011374 # If the context is set but:
11375 #
11376 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -070011377 # 1. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011378 #
Bu Sun Kim65020912020-05-20 12:08:20 -070011379 # a default tweak will be used.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011380 #
11381 # Note that case (1) is expected when an `InfoTypeTransformation` is
11382 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -070011383 # Currently, the referenced field may be of value type integer or string.
11384 #
11385 # The tweak is constructed as a sequence of bytes in big endian byte order
11386 # such that:
11387 #
11388 # - a 64 bit integer is encoded followed by a single byte of value 1
11389 # - a string is encoded in UTF-8 format followed by a single byte of value 2
11390 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011391 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011392 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
11393 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
11394 # a key encryption key (KEK) stored by KMS).
11395 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11396 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11397 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011398 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
11399 # leaking the key. Choose another type of key if possible.
11400 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
11401 },
11402 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
11403 # It will be discarded after the request finishes.
11404 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
11405 # This is an arbitrary string used to differentiate different keys.
11406 # A unique key is generated per name: two separate `TransientCryptoKey`
11407 # protos share the same generated key if their names are the same.
11408 # When the data crypto key is generated, this name is not used in any way
11409 # (repeating the api call will result in a different key being generated).
11410 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011411 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11412 # The wrapped key must be a 128/192/256 bit key.
11413 # Authorization requires the following IAM permissions when sending a request
11414 # to perform a crypto transformation using a kms-wrapped crypto key:
11415 # dlp.kms.encrypt
11416 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11417 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11418 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011419 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011420 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
11421 # that the FFX mode natively supports. This happens before/after
11422 # encryption/decryption.
11423 # Each character listed must appear only once.
11424 # Number of characters must be in the range [2, 95].
11425 # This must be encoded as ASCII.
11426 # The order of characters does not matter.
11427 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -070011428 },
11429 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
11430 # input. Outputs a base64 encoded representation of the encrypted output.
11431 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
11432 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011433 # This annotation will be applied to the surrogate by prefixing it with
11434 # the name of the custom info type followed by the number of
11435 # characters comprising the surrogate. The following scheme defines the
Dan O'Mearadd494642020-05-01 07:42:23 -070011436 # format: {info type name}({surrogate character count}):{surrogate}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011437 #
Bu Sun Kim65020912020-05-20 12:08:20 -070011438 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
11439 # the surrogate is &#x27;abc&#x27;, the full replacement value
11440 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011441 #
11442 # This annotation identifies the surrogate when inspecting content using the
Bu Sun Kim65020912020-05-20 12:08:20 -070011443 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011444 # surrogate when it occurs in free text.
11445 #
Dan O'Mearadd494642020-05-01 07:42:23 -070011446 # Note: For record transformations where the entire cell in a table is being
11447 # transformed, surrogates are not mandatory. Surrogates are used to denote
11448 # the location of the token and are necessary for re-identification in free
11449 # form text.
11450 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011451 # In order for inspection to work properly, the name of this info type must
11452 # not occur naturally anywhere in your data; otherwise, inspection may either
11453 #
11454 # - reverse a surrogate that does not correspond to an actual identifier
11455 # - be unable to parse the surrogate and result in an error
11456 #
11457 # Therefore, choose your custom info type name carefully after considering
11458 # what your data looks like. One way to select a name that has a high chance
11459 # of yielding reliable detection is to include one or more unicode characters
11460 # that are highly improbable to exist in your data.
11461 # For example, assuming your data is entered from a regular ASCII keyboard,
11462 # the symbol with the hex code point 29DD might be used like so:
Dan O'Mearadd494642020-05-01 07:42:23 -070011463 # ⧝MY_TOKEN_TYPE.
Bu Sun Kim65020912020-05-20 12:08:20 -070011464 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011465 # creating a CustomInfoType, or one of the names listed
11466 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
11467 # a built-in type. InfoType names should conform to the pattern
Dan O'Mearadd494642020-05-01 07:42:23 -070011468 # `[a-zA-Z0-9_]{1,64}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011469 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011470 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
11471 # referential integrity such that the same identifier in two different
11472 # contexts will be given a distinct surrogate. The context is appended to
11473 # plaintext value being encrypted. On decryption the provided context is
11474 # validated against the value used during encryption. If a context was
11475 # provided during encryption, same context must be provided during decryption
11476 # as well.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011477 #
Bu Sun Kim65020912020-05-20 12:08:20 -070011478 # If the context is not set, plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011479 # If the context is set but:
11480 #
11481 # 1. there is no record present when transforming a given value or
Bu Sun Kim65020912020-05-20 12:08:20 -070011482 # 2. the field is not present when transforming a given value,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011483 #
Bu Sun Kim65020912020-05-20 12:08:20 -070011484 # plaintext would be used as is for encryption.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011485 #
11486 # Note that case (1) is expected when an `InfoTypeTransformation` is
11487 # applied to both structured and non-structured `ContentItem`s.
Bu Sun Kim65020912020-05-20 12:08:20 -070011488 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011489 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011490 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
11491 # a key encryption key (KEK) stored by KMS).
11492 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11493 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11494 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011495 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
11496 # leaking the key. Choose another type of key if possible.
11497 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
11498 },
11499 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
11500 # It will be discarded after the request finishes.
11501 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
11502 # This is an arbitrary string used to differentiate different keys.
11503 # A unique key is generated per name: two separate `TransientCryptoKey`
11504 # protos share the same generated key if their names are the same.
11505 # When the data crypto key is generated, this name is not used in any way
11506 # (repeating the api call will result in a different key being generated).
11507 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011508 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11509 # The wrapped key must be a 128/192/256 bit key.
11510 # Authorization requires the following IAM permissions when sending a request
11511 # to perform a crypto transformation using a kms-wrapped crypto key:
11512 # dlp.kms.encrypt
11513 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11514 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11515 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011516 },
11517 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011518 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
Dan O'Mearadd494642020-05-01 07:42:23 -070011519 # replacement values are dynamically provided by the user for custom behavior,
11520 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
11521 # This can be used on
11522 # data of type: number, long, string, timestamp.
11523 # If the bound `Value` type differs from the type of data being transformed, we
11524 # will first attempt converting the type of the data to be transformed to match
11525 # the type of the bound before comparing.
11526 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -070011527 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
Dan O'Mearadd494642020-05-01 07:42:23 -070011528 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -070011529 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
11530 # the default behavior will be to hyphenate the min-max range.
11531 # Note that for the purposes of inspection or transformation, the number
11532 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11533 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11534 # 123456789, the number of bytes would be counted as 9, even though an
11535 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070011536 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11537 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11538 # and time zone are either specified elsewhere or are not significant. The date
11539 # is relative to the Proleptic Gregorian Calendar. This can represent:
11540 #
11541 # * A full date, with non-zero year, month and day values
11542 # * A month and day value, with a zero year, e.g. an anniversary
11543 # * A year on its own, with zero month and day values
11544 # * A year and month value, with a zero day, e.g. a credit card expiration date
11545 #
11546 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11547 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11548 # a year.
11549 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11550 # month and day.
11551 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11552 # if specifying a year by itself or a year and month where the day is not
11553 # significant.
11554 },
11555 &quot;stringValue&quot;: &quot;A String&quot;, # string
11556 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11557 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11558 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11559 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070011560 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11561 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11562 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011563 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11564 # allow the value 60 if it allows leap-seconds.
11565 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070011566 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011567 &quot;booleanValue&quot;: True or False, # boolean
11568 &quot;floatValue&quot;: 3.14, # float
11569 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11570 },
11571 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
11572 # used.
11573 # Note that for the purposes of inspection or transformation, the number
11574 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11575 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11576 # 123456789, the number of bytes would be counted as 9, even though an
11577 # int64 only holds up to 8 bytes of data.
11578 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11579 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11580 # and time zone are either specified elsewhere or are not significant. The date
11581 # is relative to the Proleptic Gregorian Calendar. This can represent:
11582 #
11583 # * A full date, with non-zero year, month and day values
11584 # * A month and day value, with a zero year, e.g. an anniversary
11585 # * A year on its own, with zero month and day values
11586 # * A year and month value, with a zero day, e.g. a credit card expiration date
11587 #
11588 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11589 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11590 # a year.
11591 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11592 # month and day.
11593 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11594 # if specifying a year by itself or a year and month where the day is not
11595 # significant.
11596 },
11597 &quot;stringValue&quot;: &quot;A String&quot;, # string
11598 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11599 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11600 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11601 # types are google.type.Date and `google.protobuf.Timestamp`.
11602 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11603 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11604 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11605 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11606 # allow the value 60 if it allows leap-seconds.
11607 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11608 },
11609 &quot;booleanValue&quot;: True or False, # boolean
11610 &quot;floatValue&quot;: 3.14, # float
11611 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11612 },
11613 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
11614 # Note that for the purposes of inspection or transformation, the number
11615 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11616 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11617 # 123456789, the number of bytes would be counted as 9, even though an
11618 # int64 only holds up to 8 bytes of data.
11619 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11620 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11621 # and time zone are either specified elsewhere or are not significant. The date
11622 # is relative to the Proleptic Gregorian Calendar. This can represent:
11623 #
11624 # * A full date, with non-zero year, month and day values
11625 # * A month and day value, with a zero year, e.g. an anniversary
11626 # * A year on its own, with zero month and day values
11627 # * A year and month value, with a zero day, e.g. a credit card expiration date
11628 #
11629 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11630 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11631 # a year.
11632 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11633 # month and day.
11634 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11635 # if specifying a year by itself or a year and month where the day is not
11636 # significant.
11637 },
11638 &quot;stringValue&quot;: &quot;A String&quot;, # string
11639 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11640 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11641 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11642 # types are google.type.Date and `google.protobuf.Timestamp`.
11643 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11644 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11645 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11646 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11647 # allow the value 60 if it allows leap-seconds.
11648 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11649 },
11650 &quot;booleanValue&quot;: True or False, # boolean
11651 &quot;floatValue&quot;: 3.14, # float
11652 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Dan O'Mearadd494642020-05-01 07:42:23 -070011653 },
11654 },
11655 ],
11656 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011657 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
11658 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
11659 # output would be &#x27;My phone number is &#x27;.
11660 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011661 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
11662 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011663 # Note that for the purposes of inspection or transformation, the number
Bu Sun Kim65020912020-05-20 12:08:20 -070011664 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11665 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011666 # 123456789, the number of bytes would be counted as 9, even though an
11667 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070011668 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11669 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011670 # and time zone are either specified elsewhere or are not significant. The date
11671 # is relative to the Proleptic Gregorian Calendar. This can represent:
11672 #
11673 # * A full date, with non-zero year, month and day values
11674 # * A month and day value, with a zero year, e.g. an anniversary
11675 # * A year on its own, with zero month and day values
11676 # * A year and month value, with a zero day, e.g. a credit card expiration date
11677 #
11678 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070011679 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11680 # a year.
11681 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
Dan O'Mearadd494642020-05-01 07:42:23 -070011682 # month and day.
Bu Sun Kim65020912020-05-20 12:08:20 -070011683 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011684 # if specifying a year by itself or a year and month where the day is not
11685 # significant.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070011686 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011687 &quot;stringValue&quot;: &quot;A String&quot;, # string
11688 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11689 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11690 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11691 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070011692 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11693 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11694 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011695 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11696 # allow the value 60 if it allows leap-seconds.
11697 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070011698 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011699 &quot;booleanValue&quot;: True or False, # boolean
11700 &quot;floatValue&quot;: 3.14, # float
11701 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070011702 },
11703 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011704 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
11705 # Bucketing transformation can provide all of this functionality,
11706 # but requires more configuration. This message is provided as a convenience to
11707 # the user for simple bucketing strategies.
11708 #
11709 # The transformed value will be a hyphenated string of
11710 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
11711 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
11712 #
11713 # This can be used on data of type: double, long.
11714 #
11715 # If the bound Value type differs from the type of data
11716 # being transformed, we will first attempt converting the type of the data to
11717 # be transformed to match the type of the bound before comparing.
11718 #
11719 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -070011720 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
11721 # grouped together into a single bucket; for example if `upper_bound` = 89,
11722 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
11723 # Note that for the purposes of inspection or transformation, the number
11724 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11725 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11726 # 123456789, the number of bytes would be counted as 9, even though an
11727 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070011728 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11729 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11730 # and time zone are either specified elsewhere or are not significant. The date
11731 # is relative to the Proleptic Gregorian Calendar. This can represent:
11732 #
11733 # * A full date, with non-zero year, month and day values
11734 # * A month and day value, with a zero year, e.g. an anniversary
11735 # * A year on its own, with zero month and day values
11736 # * A year and month value, with a zero day, e.g. a credit card expiration date
11737 #
11738 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11739 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11740 # a year.
11741 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11742 # month and day.
11743 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11744 # if specifying a year by itself or a year and month where the day is not
11745 # significant.
11746 },
11747 &quot;stringValue&quot;: &quot;A String&quot;, # string
11748 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11749 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11750 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11751 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070011752 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11753 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11754 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011755 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11756 # allow the value 60 if it allows leap-seconds.
11757 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070011758 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011759 &quot;booleanValue&quot;: True or False, # boolean
11760 &quot;floatValue&quot;: 3.14, # float
11761 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070011762 },
11763 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
11764 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
11765 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
11766 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011767 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
11768 # grouped together into a single bucket; for example if `lower_bound` = 10,
11769 # then all values less than 10 are replaced with the value &quot;-10&quot;.
11770 # Note that for the purposes of inspection or transformation, the number
11771 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
11772 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
11773 # 123456789, the number of bytes would be counted as 9, even though an
11774 # int64 only holds up to 8 bytes of data.
11775 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
11776 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
11777 # and time zone are either specified elsewhere or are not significant. The date
11778 # is relative to the Proleptic Gregorian Calendar. This can represent:
11779 #
11780 # * A full date, with non-zero year, month and day values
11781 # * A month and day value, with a zero year, e.g. an anniversary
11782 # * A year on its own, with zero month and day values
11783 # * A year and month value, with a zero day, e.g. a credit card expiration date
11784 #
11785 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
11786 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
11787 # a year.
11788 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
11789 # month and day.
11790 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
11791 # if specifying a year by itself or a year and month where the day is not
11792 # significant.
11793 },
11794 &quot;stringValue&quot;: &quot;A String&quot;, # string
11795 &quot;integerValue&quot;: &quot;A String&quot;, # integer
11796 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
11797 # or are specified elsewhere. An API may choose to allow leap seconds. Related
11798 # types are google.type.Date and `google.protobuf.Timestamp`.
11799 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
11800 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
11801 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
11802 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
11803 # allow the value 60 if it allows leap-seconds.
11804 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
11805 },
11806 &quot;booleanValue&quot;: True or False, # boolean
11807 &quot;floatValue&quot;: 3.14, # float
11808 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
11809 },
11810 },
11811 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
11812 # fixed character. Masking can start from the beginning or end of the string.
11813 # This can be used on data of any type (numbers, longs, and so on) and when
11814 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
11815 # type. (This allows you to take a long like 123 and modify it to a string like
11816 # **3.
11817 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
11818 # characters. For example, if the input string is `555-555-5555` and you
11819 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
11820 # returns `***-**5-5555`.
11821 { # Characters to skip when doing deidentification of a value. These will be left
11822 # alone and skipped.
11823 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
11824 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
11825 # punctuation.
11826 },
11827 ],
11828 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
11829 # masked. Skipped characters do not count towards this tally.
11830 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
11831 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
11832 # code or credit card number. This string must have a length of 1. If not
11833 # supplied, this value defaults to `*` for strings, and `0` for digits.
11834 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
11835 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
11836 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
11837 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
11838 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -070011839 },
11840 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011841 &quot;infoTypes&quot;: [ # InfoTypes to apply the transformation to. An empty list will cause
11842 # this transformation to apply to all findings that correspond to
11843 # infoTypes that were requested in `InspectConfig`.
11844 { # Type of information detected by the API.
11845 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
11846 # creating a CustomInfoType, or one of the names listed
11847 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
11848 # a built-in type. InfoType names should conform to the pattern
11849 # `[a-zA-Z0-9_]{1,64}`.
11850 },
11851 ],
Bu Sun Kim65020912020-05-20 12:08:20 -070011852 },
11853 ],
11854 },
11855 &quot;primitiveTransformation&quot;: { # A rule for transforming a value. # Apply the transformation to the entire field.
11856 &quot;timePartConfig&quot;: { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a # Time extraction
11857 # portion of the value.
11858 &quot;partToExtract&quot;: &quot;A String&quot;, # The part of the time to keep.
11859 },
11860 &quot;dateShiftConfig&quot;: { # Shifts dates by random number of days, with option to be consistent for the # Date Shift
11861 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting
11862 # to learn more.
11863 &quot;context&quot;: { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id.
11864 # If set, must also set cryptoKey. If set, shift will be consistent for the
11865 # given context.
11866 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
11867 },
11868 &quot;upperBoundDays&quot;: 42, # Required. Range of shift in days. Actual shift will be selected at random within this
11869 # range (inclusive ends). Negative means shift to earlier in time. Must not
11870 # be more than 365250 days (1000 years) each direction.
11871 #
11872 # For example, 3 means shift date to at most 3 days into the future.
11873 &quot;lowerBoundDays&quot;: 42, # Required. For example, -5 means shift date to at most 5 days back in the past.
11874 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This
11875 # results in the same shift for the same context and crypto_key. If
11876 # set, must also set context. Can only be applied to table items.
11877 # a key encryption key (KEK) stored by KMS).
11878 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11879 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11880 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011881 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
11882 # leaking the key. Choose another type of key if possible.
11883 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
11884 },
11885 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
11886 # It will be discarded after the request finishes.
11887 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
11888 # This is an arbitrary string used to differentiate different keys.
11889 # A unique key is generated per name: two separate `TransientCryptoKey`
11890 # protos share the same generated key if their names are the same.
11891 # When the data crypto key is generated, this name is not used in any way
11892 # (repeating the api call will result in a different key being generated).
11893 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011894 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11895 # The wrapped key must be a 128/192/256 bit key.
11896 # Authorization requires the following IAM permissions when sending a request
11897 # to perform a crypto transformation using a kms-wrapped crypto key:
11898 # dlp.kms.encrypt
11899 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11900 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11901 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011902 },
11903 },
11904 &quot;replaceWithInfoTypeConfig&quot;: { # Replace each matching finding with the name of the info_type. # Replace with infotype
11905 },
11906 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Crypto
11907 # Uses SHA-256.
11908 # The key size must be either 32 or 64 bytes.
11909 # Outputs a base64 encoded representation of the hashed output
11910 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
11911 # Currently, only string and integer values can be hashed.
11912 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
11913 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function.
11914 # a key encryption key (KEK) stored by KMS).
11915 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
11916 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
11917 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070011918 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
11919 # leaking the key. Choose another type of key if possible.
11920 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
11921 },
11922 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
11923 # It will be discarded after the request finishes.
11924 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
11925 # This is an arbitrary string used to differentiate different keys.
11926 # A unique key is generated per name: two separate `TransientCryptoKey`
11927 # protos share the same generated key if their names are the same.
11928 # When the data crypto key is generated, this name is not used in any way
11929 # (repeating the api call will result in a different key being generated).
11930 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070011931 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
11932 # The wrapped key must be a 128/192/256 bit key.
11933 # Authorization requires the following IAM permissions when sending a request
11934 # to perform a crypto transformation using a kms-wrapped crypto key:
11935 # dlp.kms.encrypt
11936 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
11937 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
11938 },
Bu Sun Kim65020912020-05-20 12:08:20 -070011939 },
11940 },
11941 &quot;cryptoReplaceFfxFpeConfig&quot;: { # Replaces an identifier with a surrogate using Format Preserving Encryption # Ffx-Fpe
11942 # (FPE) with the FFX mode of operation; however when used in the
11943 # `ReidentifyContent` API method, it serves the opposite function by reversing
11944 # the surrogate back into the original identifier. The identifier must be
11945 # encoded as ASCII. For a given crypto key and context, the same identifier
11946 # will be replaced with the same surrogate. Identifiers must be at least two
11947 # characters long. In the case that the identifier is the empty string, it will
11948 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
11949 # more.
11950 #
11951 # Note: We recommend using CryptoDeterministicConfig for all use cases which
11952 # do not require preserving the input alphabet space and size, plus warrant
11953 # referential integrity.
Bu Sun Kim65020912020-05-20 12:08:20 -070011954 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom infoType to annotate the surrogate with.
11955 # This annotation will be applied to the surrogate by prefixing it with
11956 # the name of the custom infoType followed by the number of
11957 # characters comprising the surrogate. The following scheme defines the
11958 # format: info_type_name(surrogate_character_count):surrogate
11959 #
11960 # For example, if the name of custom infoType is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
11961 # the surrogate is &#x27;abc&#x27;, the full replacement value
11962 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
11963 #
11964 # This annotation identifies the surrogate when inspecting content using the
11965 # custom infoType
11966 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
11967 # This facilitates reversal of the surrogate when it occurs in free text.
11968 #
11969 # In order for inspection to work properly, the name of this infoType must
11970 # not occur naturally anywhere in your data; otherwise, inspection may
11971 # find a surrogate that does not correspond to an actual identifier.
11972 # Therefore, choose your custom infoType name carefully after considering
11973 # what your data looks like. One way to select a name that has a high chance
11974 # of yielding reliable detection is to include one or more unicode characters
11975 # that are highly improbable to exist in your data.
11976 # For example, assuming your data is entered from a regular ASCII keyboard,
11977 # the symbol with the hex code point 29DD might be used like so:
11978 # ⧝MY_TOKEN_TYPE
11979 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
11980 # creating a CustomInfoType, or one of the names listed
11981 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
11982 # a built-in type. InfoType names should conform to the pattern
11983 # `[a-zA-Z0-9_]{1,64}`.
11984 },
11985 &quot;context&quot;: { # General identifier of a data field in a storage service. # The &#x27;tweak&#x27;, a context may be used for higher security since the same
11986 # identifier in two different contexts won&#x27;t be given the same surrogate. If
11987 # the context is not set, a default tweak will be used.
11988 #
11989 # If the context is set but:
11990 #
11991 # 1. there is no record present when transforming a given value or
11992 # 1. the field is not present when transforming a given value,
11993 #
11994 # a default tweak will be used.
11995 #
11996 # Note that case (1) is expected when an `InfoTypeTransformation` is
11997 # applied to both structured and non-structured `ContentItem`s.
11998 # Currently, the referenced field may be of value type integer or string.
11999 #
12000 # The tweak is constructed as a sequence of bytes in big endian byte order
12001 # such that:
12002 #
12003 # - a 64 bit integer is encoded followed by a single byte of value 1
12004 # - a string is encoded in UTF-8 format followed by a single byte of value 2
12005 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
12006 },
12007 &quot;radix&quot;: 42, # The native way to select the alphabet. Must be in the range [2, 95].
12008 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # Required. The key used by the encryption algorithm.
12009 # a key encryption key (KEK) stored by KMS).
12010 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
12011 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
12012 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070012013 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
12014 # leaking the key. Choose another type of key if possible.
12015 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
12016 },
12017 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
12018 # It will be discarded after the request finishes.
12019 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
12020 # This is an arbitrary string used to differentiate different keys.
12021 # A unique key is generated per name: two separate `TransientCryptoKey`
12022 # protos share the same generated key if their names are the same.
12023 # When the data crypto key is generated, this name is not used in any way
12024 # (repeating the api call will result in a different key being generated).
12025 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012026 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
12027 # The wrapped key must be a 128/192/256 bit key.
12028 # Authorization requires the following IAM permissions when sending a request
12029 # to perform a crypto transformation using a kms-wrapped crypto key:
12030 # dlp.kms.encrypt
12031 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
12032 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
12033 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012034 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012035 &quot;customAlphabet&quot;: &quot;A String&quot;, # This is supported by mapping these to the alphanumeric characters
12036 # that the FFX mode natively supports. This happens before/after
12037 # encryption/decryption.
12038 # Each character listed must appear only once.
12039 # Number of characters must be in the range [2, 95].
12040 # This must be encoded as ASCII.
12041 # The order of characters does not matter.
12042 &quot;commonAlphabet&quot;: &quot;A String&quot;, # Common alphabets.
Bu Sun Kim65020912020-05-20 12:08:20 -070012043 },
12044 &quot;cryptoDeterministicConfig&quot;: { # Pseudonymization method that generates deterministic encryption for the given # Deterministic Crypto
12045 # input. Outputs a base64 encoded representation of the encrypted output.
12046 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
12047 &quot;surrogateInfoType&quot;: { # Type of information detected by the API. # The custom info type to annotate the surrogate with.
12048 # This annotation will be applied to the surrogate by prefixing it with
12049 # the name of the custom info type followed by the number of
12050 # characters comprising the surrogate. The following scheme defines the
12051 # format: {info type name}({surrogate character count}):{surrogate}
12052 #
12053 # For example, if the name of custom info type is &#x27;MY_TOKEN_INFO_TYPE&#x27; and
12054 # the surrogate is &#x27;abc&#x27;, the full replacement value
12055 # will be: &#x27;MY_TOKEN_INFO_TYPE(3):abc&#x27;
12056 #
12057 # This annotation identifies the surrogate when inspecting content using the
12058 # custom info type &#x27;Surrogate&#x27;. This facilitates reversal of the
12059 # surrogate when it occurs in free text.
12060 #
12061 # Note: For record transformations where the entire cell in a table is being
12062 # transformed, surrogates are not mandatory. Surrogates are used to denote
12063 # the location of the token and are necessary for re-identification in free
12064 # form text.
12065 #
12066 # In order for inspection to work properly, the name of this info type must
12067 # not occur naturally anywhere in your data; otherwise, inspection may either
12068 #
12069 # - reverse a surrogate that does not correspond to an actual identifier
12070 # - be unable to parse the surrogate and result in an error
12071 #
12072 # Therefore, choose your custom info type name carefully after considering
12073 # what your data looks like. One way to select a name that has a high chance
12074 # of yielding reliable detection is to include one or more unicode characters
12075 # that are highly improbable to exist in your data.
12076 # For example, assuming your data is entered from a regular ASCII keyboard,
12077 # the symbol with the hex code point 29DD might be used like so:
12078 # ⧝MY_TOKEN_TYPE.
12079 &quot;name&quot;: &quot;A String&quot;, # Name of the information type. Either a name of your choosing when
12080 # creating a CustomInfoType, or one of the names listed
12081 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying
12082 # a built-in type. InfoType names should conform to the pattern
12083 # `[a-zA-Z0-9_]{1,64}`.
12084 },
12085 &quot;context&quot;: { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining
12086 # referential integrity such that the same identifier in two different
12087 # contexts will be given a distinct surrogate. The context is appended to
12088 # plaintext value being encrypted. On decryption the provided context is
12089 # validated against the value used during encryption. If a context was
12090 # provided during encryption, same context must be provided during decryption
12091 # as well.
12092 #
12093 # If the context is not set, plaintext would be used as is for encryption.
12094 # If the context is set but:
12095 #
12096 # 1. there is no record present when transforming a given value or
12097 # 2. the field is not present when transforming a given value,
12098 #
12099 # plaintext would be used as is for encryption.
12100 #
12101 # Note that case (1) is expected when an `InfoTypeTransformation` is
12102 # applied to both structured and non-structured `ContentItem`s.
12103 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
12104 },
12105 &quot;cryptoKey&quot;: { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function.
12106 # a key encryption key (KEK) stored by KMS).
12107 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate
12108 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot
12109 # unwrap the data crypto key.
Bu Sun Kim65020912020-05-20 12:08:20 -070012110 &quot;unwrapped&quot;: { # Using raw keys is prone to security risks due to accidentally # Unwrapped crypto key
12111 # leaking the key. Choose another type of key if possible.
12112 &quot;key&quot;: &quot;A String&quot;, # Required. A 128/192/256 bit key.
12113 },
12114 &quot;transient&quot;: { # Use this to have a random data crypto key generated. # Transient crypto key
12115 # It will be discarded after the request finishes.
12116 &quot;name&quot;: &quot;A String&quot;, # Required. Name of the key.
12117 # This is an arbitrary string used to differentiate different keys.
12118 # A unique key is generated per name: two separate `TransientCryptoKey`
12119 # protos share the same generated key if their names are the same.
12120 # When the data crypto key is generated, this name is not used in any way
12121 # (repeating the api call will result in a different key being generated).
12122 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012123 &quot;kmsWrapped&quot;: { # Include to use an existing data crypto key wrapped by KMS. # Kms wrapped key
12124 # The wrapped key must be a 128/192/256 bit key.
12125 # Authorization requires the following IAM permissions when sending a request
12126 # to perform a crypto transformation using a kms-wrapped crypto key:
12127 # dlp.kms.encrypt
12128 &quot;cryptoKeyName&quot;: &quot;A String&quot;, # Required. The resource name of the KMS CryptoKey to use for unwrapping.
12129 &quot;wrappedKey&quot;: &quot;A String&quot;, # Required. The wrapped data crypto key.
12130 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012131 },
12132 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012133 &quot;bucketingConfig&quot;: { # Generalization function that buckets values based on ranges. The ranges and # Bucketing
12134 # replacement values are dynamically provided by the user for custom behavior,
12135 # such as 1-30 -&gt; LOW 31-65 -&gt; MEDIUM 66-100 -&gt; HIGH
12136 # This can be used on
12137 # data of type: number, long, string, timestamp.
12138 # If the bound `Value` type differs from the type of data being transformed, we
12139 # will first attempt converting the type of the data to be transformed to match
12140 # the type of the bound before comparing.
12141 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
12142 &quot;buckets&quot;: [ # Set of buckets. Ranges must be non-overlapping.
12143 { # Bucket is represented as a range, along with replacement values.
Bu Sun Kim65020912020-05-20 12:08:20 -070012144 &quot;replacementValue&quot;: { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided
12145 # the default behavior will be to hyphenate the min-max range.
12146 # Note that for the purposes of inspection or transformation, the number
12147 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12148 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12149 # 123456789, the number of bytes would be counted as 9, even though an
12150 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070012151 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12152 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12153 # and time zone are either specified elsewhere or are not significant. The date
12154 # is relative to the Proleptic Gregorian Calendar. This can represent:
12155 #
12156 # * A full date, with non-zero year, month and day values
12157 # * A month and day value, with a zero year, e.g. an anniversary
12158 # * A year on its own, with zero month and day values
12159 # * A year and month value, with a zero day, e.g. a credit card expiration date
12160 #
12161 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12162 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12163 # a year.
12164 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12165 # month and day.
12166 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12167 # if specifying a year by itself or a year and month where the day is not
12168 # significant.
12169 },
12170 &quot;stringValue&quot;: &quot;A String&quot;, # string
12171 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12172 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12173 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12174 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070012175 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12176 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12177 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012178 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12179 # allow the value 60 if it allows leap-seconds.
12180 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012181 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012182 &quot;booleanValue&quot;: True or False, # boolean
12183 &quot;floatValue&quot;: 3.14, # float
12184 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
12185 },
12186 &quot;min&quot;: { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if
12187 # used.
12188 # Note that for the purposes of inspection or transformation, the number
12189 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12190 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12191 # 123456789, the number of bytes would be counted as 9, even though an
12192 # int64 only holds up to 8 bytes of data.
12193 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12194 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12195 # and time zone are either specified elsewhere or are not significant. The date
12196 # is relative to the Proleptic Gregorian Calendar. This can represent:
12197 #
12198 # * A full date, with non-zero year, month and day values
12199 # * A month and day value, with a zero year, e.g. an anniversary
12200 # * A year on its own, with zero month and day values
12201 # * A year and month value, with a zero day, e.g. a credit card expiration date
12202 #
12203 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12204 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12205 # a year.
12206 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12207 # month and day.
12208 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12209 # if specifying a year by itself or a year and month where the day is not
12210 # significant.
12211 },
12212 &quot;stringValue&quot;: &quot;A String&quot;, # string
12213 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12214 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12215 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12216 # types are google.type.Date and `google.protobuf.Timestamp`.
12217 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12218 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12219 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
12220 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12221 # allow the value 60 if it allows leap-seconds.
12222 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
12223 },
12224 &quot;booleanValue&quot;: True or False, # boolean
12225 &quot;floatValue&quot;: 3.14, # float
12226 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
12227 },
12228 &quot;max&quot;: { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min.
12229 # Note that for the purposes of inspection or transformation, the number
12230 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12231 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12232 # 123456789, the number of bytes would be counted as 9, even though an
12233 # int64 only holds up to 8 bytes of data.
12234 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12235 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12236 # and time zone are either specified elsewhere or are not significant. The date
12237 # is relative to the Proleptic Gregorian Calendar. This can represent:
12238 #
12239 # * A full date, with non-zero year, month and day values
12240 # * A month and day value, with a zero year, e.g. an anniversary
12241 # * A year on its own, with zero month and day values
12242 # * A year and month value, with a zero day, e.g. a credit card expiration date
12243 #
12244 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12245 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12246 # a year.
12247 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12248 # month and day.
12249 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12250 # if specifying a year by itself or a year and month where the day is not
12251 # significant.
12252 },
12253 &quot;stringValue&quot;: &quot;A String&quot;, # string
12254 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12255 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12256 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12257 # types are google.type.Date and `google.protobuf.Timestamp`.
12258 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12259 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12260 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
12261 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12262 # allow the value 60 if it allows leap-seconds.
12263 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
12264 },
12265 &quot;booleanValue&quot;: True or False, # boolean
12266 &quot;floatValue&quot;: 3.14, # float
12267 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012268 },
12269 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012270 ],
12271 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012272 &quot;redactConfig&quot;: { # Redact a given value. For example, if used with an `InfoTypeTransformation` # Redact
12273 # transforming PHONE_NUMBER, and input &#x27;My phone number is 206-555-0123&#x27;, the
12274 # output would be &#x27;My phone number is &#x27;.
12275 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012276 &quot;replaceConfig&quot;: { # Replace each input value with a given `Value`. # Replace
12277 &quot;newValue&quot;: { # Set of primitive values supported by the system. # Value to replace it with.
12278 # Note that for the purposes of inspection or transformation, the number
12279 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12280 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12281 # 123456789, the number of bytes would be counted as 9, even though an
12282 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070012283 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12284 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12285 # and time zone are either specified elsewhere or are not significant. The date
12286 # is relative to the Proleptic Gregorian Calendar. This can represent:
12287 #
12288 # * A full date, with non-zero year, month and day values
12289 # * A month and day value, with a zero year, e.g. an anniversary
12290 # * A year on its own, with zero month and day values
12291 # * A year and month value, with a zero day, e.g. a credit card expiration date
12292 #
12293 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12294 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12295 # a year.
12296 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12297 # month and day.
12298 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12299 # if specifying a year by itself or a year and month where the day is not
12300 # significant.
12301 },
12302 &quot;stringValue&quot;: &quot;A String&quot;, # string
12303 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12304 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12305 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12306 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070012307 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12308 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12309 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012310 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12311 # allow the value 60 if it allows leap-seconds.
12312 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070012313 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012314 &quot;booleanValue&quot;: True or False, # boolean
12315 &quot;floatValue&quot;: 3.14, # float
12316 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070012317 },
12318 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012319 &quot;fixedSizeBucketingConfig&quot;: { # Buckets values based on fixed size ranges. The # Fixed size bucketing
12320 # Bucketing transformation can provide all of this functionality,
12321 # but requires more configuration. This message is provided as a convenience to
12322 # the user for simple bucketing strategies.
12323 #
12324 # The transformed value will be a hyphenated string of
12325 # {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20
12326 # all values that are within this bucket will be replaced with &quot;10-20&quot;.
12327 #
12328 # This can be used on data of type: double, long.
12329 #
12330 # If the bound Value type differs from the type of data
12331 # being transformed, we will first attempt converting the type of the data to
12332 # be transformed to match the type of the bound before comparing.
12333 #
12334 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
Bu Sun Kim65020912020-05-20 12:08:20 -070012335 &quot;upperBound&quot;: { # Set of primitive values supported by the system. # Required. Upper bound value of buckets. All values greater than upper_bound are
12336 # grouped together into a single bucket; for example if `upper_bound` = 89,
12337 # then all values greater than 89 are replaced with the value &quot;89+&quot;.
12338 # Note that for the purposes of inspection or transformation, the number
12339 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12340 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12341 # 123456789, the number of bytes would be counted as 9, even though an
12342 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070012343 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12344 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12345 # and time zone are either specified elsewhere or are not significant. The date
12346 # is relative to the Proleptic Gregorian Calendar. This can represent:
12347 #
12348 # * A full date, with non-zero year, month and day values
12349 # * A month and day value, with a zero year, e.g. an anniversary
12350 # * A year on its own, with zero month and day values
12351 # * A year and month value, with a zero day, e.g. a credit card expiration date
12352 #
12353 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12354 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12355 # a year.
12356 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12357 # month and day.
12358 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12359 # if specifying a year by itself or a year and month where the day is not
12360 # significant.
12361 },
12362 &quot;stringValue&quot;: &quot;A String&quot;, # string
12363 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12364 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12365 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12366 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070012367 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12368 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12369 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012370 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12371 # allow the value 60 if it allows leap-seconds.
12372 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070012373 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012374 &quot;booleanValue&quot;: True or False, # boolean
12375 &quot;floatValue&quot;: 3.14, # float
12376 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070012377 },
12378 &quot;bucketSize&quot;: 3.14, # Required. Size of each bucket (except for minimum and maximum buckets). So if
12379 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the
12380 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60,
12381 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012382 &quot;lowerBound&quot;: { # Set of primitive values supported by the system. # Required. Lower bound value of buckets. All values less than `lower_bound` are
12383 # grouped together into a single bucket; for example if `lower_bound` = 10,
12384 # then all values less than 10 are replaced with the value &quot;-10&quot;.
12385 # Note that for the purposes of inspection or transformation, the number
12386 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12387 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12388 # 123456789, the number of bytes would be counted as 9, even though an
12389 # int64 only holds up to 8 bytes of data.
12390 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12391 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12392 # and time zone are either specified elsewhere or are not significant. The date
12393 # is relative to the Proleptic Gregorian Calendar. This can represent:
12394 #
12395 # * A full date, with non-zero year, month and day values
12396 # * A month and day value, with a zero year, e.g. an anniversary
12397 # * A year on its own, with zero month and day values
12398 # * A year and month value, with a zero day, e.g. a credit card expiration date
12399 #
12400 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12401 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12402 # a year.
12403 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12404 # month and day.
12405 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12406 # if specifying a year by itself or a year and month where the day is not
12407 # significant.
12408 },
12409 &quot;stringValue&quot;: &quot;A String&quot;, # string
12410 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12411 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12412 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12413 # types are google.type.Date and `google.protobuf.Timestamp`.
12414 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12415 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12416 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
12417 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12418 # allow the value 60 if it allows leap-seconds.
12419 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
12420 },
12421 &quot;booleanValue&quot;: True or False, # boolean
12422 &quot;floatValue&quot;: 3.14, # float
12423 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
12424 },
12425 },
12426 &quot;characterMaskConfig&quot;: { # Partially mask a string by replacing a given number of characters with a # Mask
12427 # fixed character. Masking can start from the beginning or end of the string.
12428 # This can be used on data of any type (numbers, longs, and so on) and when
12429 # de-identifying structured data we&#x27;ll attempt to preserve the original data&#x27;s
12430 # type. (This allows you to take a long like 123 and modify it to a string like
12431 # **3.
12432 &quot;charactersToIgnore&quot;: [ # When masking a string, items in this list will be skipped when replacing
12433 # characters. For example, if the input string is `555-555-5555` and you
12434 # instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP
12435 # returns `***-**5-5555`.
12436 { # Characters to skip when doing deidentification of a value. These will be left
12437 # alone and skipped.
12438 &quot;charactersToSkip&quot;: &quot;A String&quot;, # Characters to not transform when masking.
12439 &quot;commonCharactersToIgnore&quot;: &quot;A String&quot;, # Common characters to not transform when masking. Useful to avoid removing
12440 # punctuation.
12441 },
12442 ],
12443 &quot;numberToMask&quot;: 42, # Number of characters to mask. If not set, all matching chars will be
12444 # masked. Skipped characters do not count towards this tally.
12445 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to use to mask the sensitive values&amp;mdash;for example, `*` for an
12446 # alphabetic string such as a name, or `0` for a numeric string such as ZIP
12447 # code or credit card number. This string must have a length of 1. If not
12448 # supplied, this value defaults to `*` for strings, and `0` for digits.
12449 &quot;reverseOrder&quot;: True or False, # Mask characters in reverse order. For example, if `masking_character` is
12450 # `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the
12451 # input string `1234-5678-9012-3456` is masked as `00000000000000-3456`.
12452 # If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order`
12453 # is `true`, then the string `12345` is masked as `12***`.
Bu Sun Kim65020912020-05-20 12:08:20 -070012454 },
12455 },
12456 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the
12457 # given `RecordCondition`. The conditions are allowed to reference fields
12458 # that are not used in the actual transformation.
12459 #
12460 # Example Use Cases:
12461 #
12462 # - Apply a different bucket transformation to an age column if the zip code
12463 # column for the same record is within a specific range.
12464 # - Redact a field if the date of birth field is greater than 85.
12465 # a field.
12466 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
12467 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
12468 # only supported value is `AND`.
12469 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
12470 &quot;conditions&quot;: [ # A collection of conditions.
12471 { # The field type of `value` and `field` do not need to match to be
12472 # considered equal, but not all comparisons are possible.
12473 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
12474 # but all other comparisons are invalid with incompatible types.
12475 # A `value` of type:
12476 #
12477 # - `string` can be compared against all other types
12478 # - `boolean` can only be compared against other booleans
12479 # - `integer` can be compared against doubles or a string if the string value
12480 # can be parsed as an integer.
12481 # - `double` can be compared against integers or a string if the string can
12482 # be parsed as a double.
12483 # - `Timestamp` can be compared against strings in RFC 3339 date string
12484 # format.
12485 # - `TimeOfDay` can be compared against timestamps and strings in the format
12486 # of &#x27;HH:mm:ss&#x27;.
12487 #
12488 # If we fail to compare do to type mismatch, a warning will be given and
12489 # the condition will evaluate to false.
Bu Sun Kim65020912020-05-20 12:08:20 -070012490 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
12491 # Note that for the purposes of inspection or transformation, the number
12492 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12493 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12494 # 123456789, the number of bytes would be counted as 9, even though an
12495 # int64 only holds up to 8 bytes of data.
Bu Sun Kim65020912020-05-20 12:08:20 -070012496 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12497 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12498 # and time zone are either specified elsewhere or are not significant. The date
12499 # is relative to the Proleptic Gregorian Calendar. This can represent:
12500 #
12501 # * A full date, with non-zero year, month and day values
12502 # * A month and day value, with a zero year, e.g. an anniversary
12503 # * A year on its own, with zero month and day values
12504 # * A year and month value, with a zero day, e.g. a credit card expiration date
12505 #
12506 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12507 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12508 # a year.
12509 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12510 # month and day.
12511 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12512 # if specifying a year by itself or a year and month where the day is not
12513 # significant.
12514 },
12515 &quot;stringValue&quot;: &quot;A String&quot;, # string
12516 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12517 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12518 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12519 # types are google.type.Date and `google.protobuf.Timestamp`.
Bu Sun Kim65020912020-05-20 12:08:20 -070012520 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12521 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12522 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012523 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12524 # allow the value 60 if it allows leap-seconds.
12525 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
Bu Sun Kim65020912020-05-20 12:08:20 -070012526 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012527 &quot;booleanValue&quot;: True or False, # boolean
12528 &quot;floatValue&quot;: 3.14, # float
12529 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070012530 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012531 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
12532 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
12533 },
12534 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012535 },
12536 ],
12537 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012538 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012539 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012540 },
12541 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012542 &quot;recordSuppressions&quot;: [ # Configuration defining which records get suppressed entirely. Records that
12543 # match any suppression rule are omitted from the output.
12544 { # Configuration to suppress records whose suppression conditions evaluate to
12545 # true.
12546 &quot;condition&quot;: { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being
12547 # evaluated to be suppressed from the transformed content.
12548 # a field.
12549 &quot;expressions&quot;: { # An expression, consisting or an operator and conditions. # An expression.
12550 &quot;logicalOperator&quot;: &quot;A String&quot;, # The operator to apply to the result of conditions. Default and currently
12551 # only supported value is `AND`.
12552 &quot;conditions&quot;: { # A collection of conditions. # Conditions to apply to the expression.
12553 &quot;conditions&quot;: [ # A collection of conditions.
12554 { # The field type of `value` and `field` do not need to match to be
12555 # considered equal, but not all comparisons are possible.
12556 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
12557 # but all other comparisons are invalid with incompatible types.
12558 # A `value` of type:
12559 #
12560 # - `string` can be compared against all other types
12561 # - `boolean` can only be compared against other booleans
12562 # - `integer` can be compared against doubles or a string if the string value
12563 # can be parsed as an integer.
12564 # - `double` can be compared against integers or a string if the string can
12565 # be parsed as a double.
12566 # - `Timestamp` can be compared against strings in RFC 3339 date string
12567 # format.
12568 # - `TimeOfDay` can be compared against timestamps and strings in the format
12569 # of &#x27;HH:mm:ss&#x27;.
12570 #
12571 # If we fail to compare do to type mismatch, a warning will be given and
12572 # the condition will evaluate to false.
12573 &quot;value&quot;: { # Set of primitive values supported by the system. # Value to compare against. [Mandatory, except for `EXISTS` tests.]
12574 # Note that for the purposes of inspection or transformation, the number
12575 # of bytes considered to comprise a &#x27;Value&#x27; is based on its representation
12576 # as a UTF-8 encoded string. For example, if &#x27;integer_value&#x27; is set to
12577 # 123456789, the number of bytes would be counted as 9, even though an
12578 # int64 only holds up to 8 bytes of data.
12579 &quot;timestampValue&quot;: &quot;A String&quot;, # timestamp
12580 &quot;dateValue&quot;: { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # date
12581 # and time zone are either specified elsewhere or are not significant. The date
12582 # is relative to the Proleptic Gregorian Calendar. This can represent:
12583 #
12584 # * A full date, with non-zero year, month and day values
12585 # * A month and day value, with a zero year, e.g. an anniversary
12586 # * A year on its own, with zero month and day values
12587 # * A year and month value, with a zero day, e.g. a credit card expiration date
12588 #
12589 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.
12590 &quot;year&quot;: 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without
12591 # a year.
12592 &quot;month&quot;: 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a
12593 # month and day.
12594 &quot;day&quot;: 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0
12595 # if specifying a year by itself or a year and month where the day is not
12596 # significant.
12597 },
12598 &quot;stringValue&quot;: &quot;A String&quot;, # string
12599 &quot;integerValue&quot;: &quot;A String&quot;, # integer
12600 &quot;timeValue&quot;: { # Represents a time of day. The date and time zone are either not significant # time of day
12601 # or are specified elsewhere. An API may choose to allow leap seconds. Related
12602 # types are google.type.Date and `google.protobuf.Timestamp`.
12603 &quot;hours&quot;: 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose
12604 # to allow the value &quot;24:00:00&quot; for scenarios like business closing time.
12605 &quot;minutes&quot;: 42, # Minutes of hour of day. Must be from 0 to 59.
12606 &quot;seconds&quot;: 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may
12607 # allow the value 60 if it allows leap-seconds.
12608 &quot;nanos&quot;: 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
12609 },
12610 &quot;booleanValue&quot;: True or False, # boolean
12611 &quot;floatValue&quot;: 3.14, # float
12612 &quot;dayOfWeekValue&quot;: &quot;A String&quot;, # day of week
Bu Sun Kim65020912020-05-20 12:08:20 -070012613 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012614 &quot;field&quot;: { # General identifier of a data field in a storage service. # Required. Field within the record this condition is evaluated against.
12615 &quot;name&quot;: &quot;A String&quot;, # Name describing the field.
Bu Sun Kim65020912020-05-20 12:08:20 -070012616 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012617 &quot;operator&quot;: &quot;A String&quot;, # Required. Operator used to compare the field or infoType to the value.
Bu Sun Kim65020912020-05-20 12:08:20 -070012618 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070012619 ],
Bu Sun Kim65020912020-05-20 12:08:20 -070012620 },
12621 },
Bu Sun Kim65020912020-05-20 12:08:20 -070012622 },
12623 },
12624 ],
Dan O'Mearadd494642020-05-01 07:42:23 -070012625 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012626 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070012627 }</pre>
12628</div>
12629
12630</body></html>