From 2a037fedd9411a903d7c4f673007edd47476d6aa Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Tue, 1 Jun 2021 15:22:03 -0400 Subject: [PATCH 1/6] chore: delete unused protos (#154) --- google/cloud/dlp_v2/proto/dlp.proto | 4379 ----------------------- google/cloud/dlp_v2/proto/storage.proto | 740 ---- 2 files changed, 5119 deletions(-) delete mode 100644 google/cloud/dlp_v2/proto/dlp.proto delete mode 100644 google/cloud/dlp_v2/proto/storage.proto diff --git a/google/cloud/dlp_v2/proto/dlp.proto b/google/cloud/dlp_v2/proto/dlp.proto deleted file mode 100644 index 3fb0c219..00000000 --- a/google/cloud/dlp_v2/proto/dlp.proto +++ /dev/null @@ -1,4379 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2; - -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/privacy/dlp/v2/storage.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/timestamp.proto"; -import "google/rpc/status.proto"; -import "google/type/date.proto"; -import "google/type/dayofweek.proto"; -import "google/type/timeofday.proto"; -import "google/api/annotations.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpProto"; -option java_package = "com.google.privacy.dlp.v2"; -option php_namespace = "Google\\Cloud\\Dlp\\V2"; -option ruby_package = "Google::Cloud::Dlp::V2"; -option (google.api.resource_definition) = { - type: "dlp.googleapis.com/DlpContent" - pattern: "projects/{project}/dlpContent" - pattern: "projects/{project}/locations/{location}/dlpContent" -}; -option (google.api.resource_definition) = { - type: "dlp.googleapis.com/OrganizationLocation" - pattern: "organizations/{organization}/locations/{location}" -}; - -// The Cloud Data Loss Prevention (DLP) API is a service that allows clients -// to detect the presence of Personally Identifiable Information (PII) and other -// privacy-sensitive data in user-supplied, unstructured data streams, like text -// blocks or images. -// The service also includes methods for sensitive data redaction and -// scheduling of data scans on Google Cloud Platform based data sets. -// -// To learn more about concepts and find how-to guides see -// https://cloud.google.com/dlp/docs/. -service DlpService { - option (google.api.default_host) = "dlp.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Finds potentially sensitive info in content. - // This method has limits on input size, processing time, and output size. - // - // When no InfoTypes or CustomInfoTypes are specified in this request, the - // system will automatically choose what detectors to run. By default this may - // be all types, but may change over time as detectors are updated. - // - // For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images - // and https://cloud.google.com/dlp/docs/inspecting-text, - rpc InspectContent(InspectContentRequest) returns (InspectContentResponse) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/content:inspect" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/content:inspect" - body: "*" - } - }; - } - - // Redacts potentially sensitive info from an image. - // This method has limits on input size, processing time, and output size. - // See https://cloud.google.com/dlp/docs/redacting-sensitive-data-images to - // learn more. - // - // When no InfoTypes or CustomInfoTypes are specified in this request, the - // system will automatically choose what detectors to run. By default this may - // be all types, but may change over time as detectors are updated. - rpc RedactImage(RedactImageRequest) returns (RedactImageResponse) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/image:redact" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/image:redact" - body: "*" - } - }; - } - - // De-identifies potentially sensitive info from a ContentItem. - // This method has limits on input size and output size. - // See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to - // learn more. - // - // When no InfoTypes or CustomInfoTypes are specified in this request, the - // system will automatically choose what detectors to run. By default this may - // be all types, but may change over time as detectors are updated. - rpc DeidentifyContent(DeidentifyContentRequest) returns (DeidentifyContentResponse) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/content:deidentify" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/content:deidentify" - body: "*" - } - }; - } - - // Re-identifies content that has been de-identified. - // See - // https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example - // to learn more. - rpc ReidentifyContent(ReidentifyContentRequest) returns (ReidentifyContentResponse) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/content:reidentify" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/content:reidentify" - body: "*" - } - }; - } - - // Returns a list of the sensitive information types that the DLP API - // supports. See https://cloud.google.com/dlp/docs/infotypes-reference to - // learn more. - rpc ListInfoTypes(ListInfoTypesRequest) returns (ListInfoTypesResponse) { - option (google.api.http) = { - get: "/v2/infoTypes" - additional_bindings { - get: "/v2/{parent=locations/*}/infoTypes" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Creates an InspectTemplate for re-using frequently used configuration - // for inspecting content, images, and storage. - // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc CreateInspectTemplate(CreateInspectTemplateRequest) returns (InspectTemplate) { - option (google.api.http) = { - post: "/v2/{parent=organizations/*}/inspectTemplates" - body: "*" - additional_bindings { - post: "/v2/{parent=organizations/*/locations/*}/inspectTemplates" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*}/inspectTemplates" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/inspectTemplates" - body: "*" - } - }; - option (google.api.method_signature) = "parent,inspect_template"; - } - - // Updates the InspectTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc UpdateInspectTemplate(UpdateInspectTemplateRequest) returns (InspectTemplate) { - option (google.api.http) = { - patch: "/v2/{name=organizations/*/inspectTemplates/*}" - body: "*" - additional_bindings { - patch: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/inspectTemplates/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" - body: "*" - } - }; - option (google.api.method_signature) = "name,inspect_template,update_mask"; - } - - // Gets an InspectTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc GetInspectTemplate(GetInspectTemplateRequest) returns (InspectTemplate) { - option (google.api.http) = { - get: "/v2/{name=organizations/*/inspectTemplates/*}" - additional_bindings { - get: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/inspectTemplates/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Lists InspectTemplates. - // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc ListInspectTemplates(ListInspectTemplatesRequest) returns (ListInspectTemplatesResponse) { - option (google.api.http) = { - get: "/v2/{parent=organizations/*}/inspectTemplates" - additional_bindings { - get: "/v2/{parent=organizations/*/locations/*}/inspectTemplates" - } - additional_bindings { - get: "/v2/{parent=projects/*}/inspectTemplates" - } - additional_bindings { - get: "/v2/{parent=projects/*/locations/*}/inspectTemplates" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Deletes an InspectTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates to learn more. - rpc DeleteInspectTemplate(DeleteInspectTemplateRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2/{name=organizations/*/inspectTemplates/*}" - additional_bindings { - delete: "/v2/{name=organizations/*/locations/*/inspectTemplates/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/inspectTemplates/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/locations/*/inspectTemplates/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Creates a DeidentifyTemplate for re-using frequently used configuration - // for de-identifying content, images, and storage. - // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn - // more. - rpc CreateDeidentifyTemplate(CreateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { - option (google.api.http) = { - post: "/v2/{parent=organizations/*}/deidentifyTemplates" - body: "*" - additional_bindings { - post: "/v2/{parent=organizations/*/locations/*}/deidentifyTemplates" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*}/deidentifyTemplates" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/deidentifyTemplates" - body: "*" - } - }; - option (google.api.method_signature) = "parent,deidentify_template"; - } - - // Updates the DeidentifyTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn - // more. - rpc UpdateDeidentifyTemplate(UpdateDeidentifyTemplateRequest) returns (DeidentifyTemplate) { - option (google.api.http) = { - patch: "/v2/{name=organizations/*/deidentifyTemplates/*}" - body: "*" - additional_bindings { - patch: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/deidentifyTemplates/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" - body: "*" - } - }; - option (google.api.method_signature) = "name,deidentify_template,update_mask"; - } - - // Gets a DeidentifyTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn - // more. - rpc GetDeidentifyTemplate(GetDeidentifyTemplateRequest) returns (DeidentifyTemplate) { - option (google.api.http) = { - get: "/v2/{name=organizations/*/deidentifyTemplates/*}" - additional_bindings { - get: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/deidentifyTemplates/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Lists DeidentifyTemplates. - // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn - // more. - rpc ListDeidentifyTemplates(ListDeidentifyTemplatesRequest) returns (ListDeidentifyTemplatesResponse) { - option (google.api.http) = { - get: "/v2/{parent=organizations/*}/deidentifyTemplates" - additional_bindings { - get: "/v2/{parent=organizations/*/locations/*}/deidentifyTemplates" - } - additional_bindings { - get: "/v2/{parent=projects/*}/deidentifyTemplates" - } - additional_bindings { - get: "/v2/{parent=projects/*/locations/*}/deidentifyTemplates" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Deletes a DeidentifyTemplate. - // See https://cloud.google.com/dlp/docs/creating-templates-deid to learn - // more. - rpc DeleteDeidentifyTemplate(DeleteDeidentifyTemplateRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2/{name=organizations/*/deidentifyTemplates/*}" - additional_bindings { - delete: "/v2/{name=organizations/*/locations/*/deidentifyTemplates/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/deidentifyTemplates/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/locations/*/deidentifyTemplates/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Creates a job trigger to run DLP actions such as scanning storage for - // sensitive information on a set schedule. - // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc CreateJobTrigger(CreateJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/jobTriggers" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/jobTriggers" - body: "*" - } - }; - option (google.api.method_signature) = "parent,job_trigger"; - } - - // Updates a job trigger. - // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc UpdateJobTrigger(UpdateJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { - patch: "/v2/{name=projects/*/jobTriggers/*}" - body: "*" - additional_bindings { - patch: "/v2/{name=projects/*/locations/*/jobTriggers/*}" - body: "*" - } - }; - option (google.api.method_signature) = "name,job_trigger,update_mask"; - } - - // Inspect hybrid content and store findings to a trigger. The inspection - // will be processed asynchronously. To review the findings monitor the - // jobs within the trigger. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - rpc HybridInspectJobTrigger(HybridInspectJobTriggerRequest) returns (HybridInspectResponse) { - option (google.api.http) = { - post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:hybridInspect" - body: "*" - }; - option (google.api.method_signature) = "name"; - } - - // Gets a job trigger. - // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc GetJobTrigger(GetJobTriggerRequest) returns (JobTrigger) { - option (google.api.http) = { - get: "/v2/{name=projects/*/jobTriggers/*}" - additional_bindings { - get: "/v2/{name=projects/*/locations/*/jobTriggers/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Lists job triggers. - // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc ListJobTriggers(ListJobTriggersRequest) returns (ListJobTriggersResponse) { - option (google.api.http) = { - get: "/v2/{parent=projects/*}/jobTriggers" - additional_bindings { - get: "/v2/{parent=projects/*/locations/*}/jobTriggers" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Deletes a job trigger. - // See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more. - rpc DeleteJobTrigger(DeleteJobTriggerRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2/{name=projects/*/jobTriggers/*}" - additional_bindings { - delete: "/v2/{name=projects/*/locations/*/jobTriggers/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Activate a job trigger. Causes the immediate execute of a trigger - // instead of waiting on the trigger event to occur. - rpc ActivateJobTrigger(ActivateJobTriggerRequest) returns (DlpJob) { - option (google.api.http) = { - post: "/v2/{name=projects/*/jobTriggers/*}:activate" - body: "*" - additional_bindings { - post: "/v2/{name=projects/*/locations/*/jobTriggers/*}:activate" - body: "*" - } - }; - } - - // Creates a new job to inspect storage or calculate risk metrics. - // See https://cloud.google.com/dlp/docs/inspecting-storage and - // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. - // - // When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the - // system will automatically choose what detectors to run. By default this may - // be all types, but may change over time as detectors are updated. - rpc CreateDlpJob(CreateDlpJobRequest) returns (DlpJob) { - option (google.api.http) = { - post: "/v2/{parent=projects/*}/dlpJobs" - body: "*" - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/dlpJobs" - body: "*" - } - }; - option (google.api.method_signature) = "parent,inspect_job"; - option (google.api.method_signature) = "parent,risk_job"; - } - - // Lists DlpJobs that match the specified filter in the request. - // See https://cloud.google.com/dlp/docs/inspecting-storage and - // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. - rpc ListDlpJobs(ListDlpJobsRequest) returns (ListDlpJobsResponse) { - option (google.api.http) = { - get: "/v2/{parent=projects/*}/dlpJobs" - additional_bindings { - get: "/v2/{parent=projects/*/locations/*}/dlpJobs" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Gets the latest state of a long-running DlpJob. - // See https://cloud.google.com/dlp/docs/inspecting-storage and - // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. - rpc GetDlpJob(GetDlpJobRequest) returns (DlpJob) { - option (google.api.http) = { - get: "/v2/{name=projects/*/dlpJobs/*}" - additional_bindings { - get: "/v2/{name=projects/*/locations/*/dlpJobs/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Deletes a long-running DlpJob. This method indicates that the client is - // no longer interested in the DlpJob result. The job will be cancelled if - // possible. - // See https://cloud.google.com/dlp/docs/inspecting-storage and - // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. - rpc DeleteDlpJob(DeleteDlpJobRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2/{name=projects/*/dlpJobs/*}" - additional_bindings { - delete: "/v2/{name=projects/*/locations/*/dlpJobs/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Starts asynchronous cancellation on a long-running DlpJob. The server - // makes a best effort to cancel the DlpJob, but success is not - // guaranteed. - // See https://cloud.google.com/dlp/docs/inspecting-storage and - // https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. - rpc CancelDlpJob(CancelDlpJobRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - post: "/v2/{name=projects/*/dlpJobs/*}:cancel" - body: "*" - additional_bindings { - post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:cancel" - body: "*" - } - }; - } - - // Creates a pre-built stored infoType to be used for inspection. - // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to - // learn more. - rpc CreateStoredInfoType(CreateStoredInfoTypeRequest) returns (StoredInfoType) { - option (google.api.http) = { - post: "/v2/{parent=organizations/*}/storedInfoTypes" - body: "*" - additional_bindings { - post: "/v2/{parent=organizations/*/locations/*}/storedInfoTypes" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*}/storedInfoTypes" - body: "*" - } - additional_bindings { - post: "/v2/{parent=projects/*/locations/*}/storedInfoTypes" - body: "*" - } - }; - option (google.api.method_signature) = "parent,config"; - } - - // Updates the stored infoType by creating a new version. The existing version - // will continue to be used until the new version is ready. - // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to - // learn more. - rpc UpdateStoredInfoType(UpdateStoredInfoTypeRequest) returns (StoredInfoType) { - option (google.api.http) = { - patch: "/v2/{name=organizations/*/storedInfoTypes/*}" - body: "*" - additional_bindings { - patch: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/storedInfoTypes/*}" - body: "*" - } - additional_bindings { - patch: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" - body: "*" - } - }; - option (google.api.method_signature) = "name,config,update_mask"; - } - - // Gets a stored infoType. - // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to - // learn more. - rpc GetStoredInfoType(GetStoredInfoTypeRequest) returns (StoredInfoType) { - option (google.api.http) = { - get: "/v2/{name=organizations/*/storedInfoTypes/*}" - additional_bindings { - get: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/storedInfoTypes/*}" - } - additional_bindings { - get: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Lists stored infoTypes. - // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to - // learn more. - rpc ListStoredInfoTypes(ListStoredInfoTypesRequest) returns (ListStoredInfoTypesResponse) { - option (google.api.http) = { - get: "/v2/{parent=organizations/*}/storedInfoTypes" - additional_bindings { - get: "/v2/{parent=organizations/*/locations/*}/storedInfoTypes" - } - additional_bindings { - get: "/v2/{parent=projects/*}/storedInfoTypes" - } - additional_bindings { - get: "/v2/{parent=projects/*/locations/*}/storedInfoTypes" - } - }; - option (google.api.method_signature) = "parent"; - } - - // Deletes a stored infoType. - // See https://cloud.google.com/dlp/docs/creating-stored-infotypes to - // learn more. - rpc DeleteStoredInfoType(DeleteStoredInfoTypeRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v2/{name=organizations/*/storedInfoTypes/*}" - additional_bindings { - delete: "/v2/{name=organizations/*/locations/*/storedInfoTypes/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/storedInfoTypes/*}" - } - additional_bindings { - delete: "/v2/{name=projects/*/locations/*/storedInfoTypes/*}" - } - }; - option (google.api.method_signature) = "name"; - } - - // Inspect hybrid content and store findings to a job. - // To review the findings inspect the job. Inspection will occur - // asynchronously. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - rpc HybridInspectDlpJob(HybridInspectDlpJobRequest) returns (HybridInspectResponse) { - option (google.api.http) = { - post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:hybridInspect" - body: "*" - }; - option (google.api.method_signature) = "name"; - } - - // Finish a running hybrid DlpJob. Triggers the finalization steps and running - // of any enabled actions that have not yet run. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - rpc FinishDlpJob(FinishDlpJobRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - post: "/v2/{name=projects/*/locations/*/dlpJobs/*}:finish" - body: "*" - }; - } -} - -// List of exclude infoTypes. -message ExcludeInfoTypes { - // InfoType list in ExclusionRule rule drops a finding when it overlaps or - // contained within with a finding of an infoType from this list. For - // example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and - // `exclusion_rule` containing `exclude_info_types.info_types` with - // "EMAIL_ADDRESS" the phone number findings are dropped if they overlap - // with EMAIL_ADDRESS finding. - // That leads to "555-222-2222@example.org" to generate only a single - // finding, namely email address. - repeated InfoType info_types = 1; -} - -// The rule that specifies conditions when findings of infoTypes specified in -// `InspectionRuleSet` are removed from results. -message ExclusionRule { - // Exclusion rule types. - oneof type { - // Dictionary which defines the rule. - CustomInfoType.Dictionary dictionary = 1; - - // Regular expression which defines the rule. - CustomInfoType.Regex regex = 2; - - // Set of infoTypes for which findings would affect this rule. - ExcludeInfoTypes exclude_info_types = 3; - } - - // How the rule is applied, see MatchingType documentation for details. - MatchingType matching_type = 4; -} - -// A single inspection rule to be applied to infoTypes, specified in -// `InspectionRuleSet`. -message InspectionRule { - // Inspection rule types. - oneof type { - // Hotword-based detection rule. - CustomInfoType.DetectionRule.HotwordRule hotword_rule = 1; - - // Exclusion rule. - ExclusionRule exclusion_rule = 2; - } -} - -// Rule set for modifying a set of infoTypes to alter behavior under certain -// circumstances, depending on the specific details of the rules within the set. -message InspectionRuleSet { - // List of infoTypes this rule set is applied to. - repeated InfoType info_types = 1; - - // Set of rules to be applied to infoTypes. The rules are applied in order. - repeated InspectionRule rules = 2; -} - -// Configuration description of the scanning process. -// When used with redactContent only info_types and min_likelihood are currently -// used. -message InspectConfig { - // Configuration to control the number of findings returned. - message FindingLimits { - // Max findings configuration per infoType, per content item or long - // running DlpJob. - message InfoTypeLimit { - // Type of information the findings limit applies to. Only one limit per - // info_type should be provided. If InfoTypeLimit does not have an - // info_type, the DLP API applies the limit against all info_types that - // are found but not specified in another InfoTypeLimit. - InfoType info_type = 1; - - // Max findings limit for the given infoType. - int32 max_findings = 2; - } - - // Max number of findings that will be returned for each item scanned. - // When set within `InspectJobConfig`, - // the maximum returned is 2000 regardless if this is set higher. - // When set within `InspectContentRequest`, this field is ignored. - int32 max_findings_per_item = 1; - - // Max number of findings that will be returned per request/job. - // When set within `InspectContentRequest`, the maximum returned is 2000 - // regardless if this is set higher. - int32 max_findings_per_request = 2; - - // Configuration of findings limit given for specified infoTypes. - repeated InfoTypeLimit max_findings_per_info_type = 3; - } - - // Restricts what info_types to look for. The values must correspond to - // InfoType values returned by ListInfoTypes or listed at - // https://cloud.google.com/dlp/docs/infotypes-reference. - // - // When no InfoTypes or CustomInfoTypes are specified in a request, the - // system may automatically choose what detectors to run. By default this may - // be all types, but may change over time as detectors are updated. - // - // If you need precise control and predictability as to what detectors are - // run you should specify specific InfoTypes listed in the reference, - // otherwise a default list will be used, which may change over time. - repeated InfoType info_types = 1; - - // Only returns findings equal or above this threshold. The default is - // POSSIBLE. - // See https://cloud.google.com/dlp/docs/likelihood to learn more. - Likelihood min_likelihood = 2; - - // Configuration to control the number of findings returned. - FindingLimits limits = 3; - - // When true, a contextual quote from the data that triggered a finding is - // included in the response; see Finding.quote. - bool include_quote = 4; - - // When true, excludes type information of the findings. - bool exclude_info_types = 5; - - // CustomInfoTypes provided by the user. See - // https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. - repeated CustomInfoType custom_info_types = 6; - - // List of options defining data content to scan. - // If empty, text, images, and other content will be included. - repeated ContentOption content_options = 8; - - // Set of rules to apply to the findings for this InspectConfig. - // Exclusion rules, contained in the set are executed in the end, other - // rules are executed in the order they are specified for each info type. - repeated InspectionRuleSet rule_set = 10; -} - -// Container for bytes to inspect or redact. -message ByteContentItem { - // The type of data being sent for inspection. - enum BytesType { - // Unused - BYTES_TYPE_UNSPECIFIED = 0; - - // Any image type. - IMAGE = 6; - - // jpeg - IMAGE_JPEG = 1; - - // bmp - IMAGE_BMP = 2; - - // png - IMAGE_PNG = 3; - - // svg - IMAGE_SVG = 4; - - // plain text - TEXT_UTF8 = 5; - - // docx, docm, dotx, dotm - WORD_DOCUMENT = 7; - - // pdf - PDF = 8; - - // avro - AVRO = 11; - - // csv - CSV = 12; - - // tsv - TSV = 13; - } - - // The type of data stored in the bytes string. Default will be TEXT_UTF8. - BytesType type = 1; - - // Content data to inspect or redact. - bytes data = 2; -} - -// Container structure for the content to inspect. -message ContentItem { - // Data of the item either in the byte array or UTF-8 string form, or table. - oneof data_item { - // String data to inspect or redact. - string value = 3; - - // Structured content for inspection. See - // https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to - // learn more. - Table table = 4; - - // Content data to inspect or redact. Replaces `type` and `data`. - ByteContentItem byte_item = 5; - } -} - -// Structured content to inspect. Up to 50,000 `Value`s per request allowed. -// See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to -// learn more. -message Table { - // Values of the row. - message Row { - // Individual cells. - repeated Value values = 1; - } - - // Headers of the table. - repeated FieldId headers = 1; - - // Rows of the table. - repeated Row rows = 2; -} - -// All the findings for a single scanned item. -message InspectResult { - // List of findings for an item. - repeated Finding findings = 1; - - // If true, then this item might have more findings than were returned, - // and the findings returned are an arbitrary subset of all findings. - // The findings list might be truncated because the input items were too - // large, or because the server reached the maximum amount of resources - // allowed for a single API call. For best results, divide the input into - // smaller batches. - bool findings_truncated = 2; -} - -// Represents a piece of potentially sensitive content. -message Finding { - option (google.api.resource) = { - type: "dlp.googleapis.com/Finding" - pattern: "projects/{project}/locations/{location}/findings/{finding}" - }; - - // Resource name in format - // projects/{project}/locations/{location}/findings/{finding} Populated only - // when viewing persisted findings. - string name = 14; - - // The content that was found. Even if the content is not textual, it - // may be converted to a textual representation here. - // Provided if `include_quote` is true and the finding is - // less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes - // in length, the quote may be omitted. - string quote = 1; - - // The type of content that might have been found. - // Provided if `excluded_types` is false. - InfoType info_type = 2; - - // Confidence of how likely it is that the `info_type` is correct. - Likelihood likelihood = 3; - - // Where the content was found. - Location location = 4; - - // Timestamp when finding was detected. - google.protobuf.Timestamp create_time = 6; - - // Contains data parsed from quotes. Only populated if include_quote was set - // to true and a supported infoType was requested. Currently supported - // infoTypes: DATE, DATE_OF_BIRTH and TIME. - QuoteInfo quote_info = 7; - - // The job that stored the finding. - string resource_name = 8 [(google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - }]; - - // Job trigger name, if applicable, for this finding. - string trigger_name = 9 [(google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - }]; - - // The labels associated with this `Finding`. - // - // Label keys must be between 1 and 63 characters long and must conform - // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. - // - // Label values must be between 0 and 63 characters long and must conform - // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - // - // No more than 10 labels can be associated with a given finding. - // - // Examples: - // * `"environment" : "production"` - // * `"pipeline" : "etl"` - map labels = 10; - - // Time the job started that produced this finding. - google.protobuf.Timestamp job_create_time = 11; - - // The job that stored the finding. - string job_name = 13 [(google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - }]; -} - -// Specifies the location of the finding. -message Location { - // Zero-based byte offsets delimiting the finding. - // These are relative to the finding's containing element. - // Note that when the content is not textual, this references - // the UTF-8 encoded textual representation of the content. - // Omitted if content is an image. - Range byte_range = 1; - - // Unicode character offsets delimiting the finding. - // These are relative to the finding's containing element. - // Provided when the content is text. - Range codepoint_range = 2; - - // List of nested objects pointing to the precise location of the finding - // within the file or record. - repeated ContentLocation content_locations = 7; - - // Information about the container where this finding occurred, if available. - Container container = 8; -} - -// Precise location of the finding within a document, record, image, or metadata -// container. -message ContentLocation { - // Name of the container where the finding is located. - // The top level name is the source file name or table name. Names of some - // common storage containers are formatted as follows: - // - // * BigQuery tables: `{project_id}:{dataset_id}.{table_id}` - // * Cloud Storage files: `gs://{bucket}/{path}` - // * Datastore namespace: {namespace} - // - // Nested names could be absent if the embedded object has no string - // identifier (for an example an image contained within a document). - string container_name = 1; - - // Type of the container within the file with location of the finding. - oneof location { - // Location within a row or record of a database table. - RecordLocation record_location = 2; - - // Location within an image's pixels. - ImageLocation image_location = 3; - - // Location data for document files. - DocumentLocation document_location = 5; - - // Location within the metadata for inspected content. - MetadataLocation metadata_location = 8; - } - - // Findings container modification timestamp, if applicable. - // For Google Cloud Storage contains last file modification timestamp. - // For BigQuery table contains last_modified_time property. - // For Datastore - not populated. - google.protobuf.Timestamp container_timestamp = 6; - - // Findings container version, if available - // ("generation" for Google Cloud Storage). - string container_version = 7; -} - -// Metadata Location -message MetadataLocation { - // Type of metadata containing the finding. - MetadataType type = 1; - - // Label of the piece of metadata containing the finding, for example - - // latitude, author, caption. - oneof label { - // Storage metadata. - StorageMetadataLabel storage_label = 3; - } -} - -// Storage metadata label to indicate which metadata entry contains findings. -message StorageMetadataLabel { - string key = 1; -} - -// Location of a finding within a document. -message DocumentLocation { - // Offset of the line, from the beginning of the file, where the finding - // is located. - int64 file_offset = 1; -} - -// Location of a finding within a row or record. -message RecordLocation { - // Key of the finding. - RecordKey record_key = 1; - - // Field id of the field containing the finding. - FieldId field_id = 2; - - // Location within a `ContentItem.Table`. - TableLocation table_location = 3; -} - -// Location of a finding within a table. -message TableLocation { - // The zero-based index of the row where the finding is located. Only - // populated for resources that have a natural ordering, not BigQuery. In - // BigQuery, to identify the row a finding came from, populate - // BigQueryOptions.identifying_fields with your primary key column names and - // when you store the findings the value of those columns will be stored - // inside of Finding. - int64 row_index = 1; -} - -// Represents a container that may contain DLP findings. -// Examples of a container include a file, table, or database record. -message Container { - // Container type, for example BigQuery or Google Cloud Storage. - string type = 1; - - // Project where the finding was found. - // Can be different from the project that owns the finding. - string project_id = 2; - - // A string representation of the full container name. - // Examples: - // - BigQuery: 'Project:DataSetId.TableId' - // - Google Cloud Storage: 'gs://Bucket/folders/filename.txt' - string full_path = 3; - - // The root of the container. - // Examples: - // - For BigQuery table `project_id:dataset_id.table_id`, the root is - // `dataset_id` - // - For Google Cloud Storage file `gs://bucket/folder/filename.txt`, the root - // is `gs://bucket` - string root_path = 4; - - // The rest of the path after the root. - // Examples: - // - For BigQuery table `project_id:dataset_id.table_id`, the relative path is - // `table_id` - // - Google Cloud Storage file `gs://bucket/folder/filename.txt`, the relative - // path is `folder/filename.txt` - string relative_path = 5; - - // Findings container modification timestamp, if applicable. - // For Google Cloud Storage contains last file modification timestamp. - // For BigQuery table contains last_modified_time property. - // For Datastore - not populated. - google.protobuf.Timestamp update_time = 6; - - // Findings container version, if available - // ("generation" for Google Cloud Storage). - string version = 7; -} - -// Generic half-open interval [start, end) -message Range { - // Index of the first character of the range (inclusive). - int64 start = 1; - - // Index of the last character of the range (exclusive). - int64 end = 2; -} - -// Location of the finding within an image. -message ImageLocation { - // Bounding boxes locating the pixels within the image containing the finding. - repeated BoundingBox bounding_boxes = 1; -} - -// Bounding box encompassing detected text within an image. -message BoundingBox { - // Top coordinate of the bounding box. (0,0) is upper left. - int32 top = 1; - - // Left coordinate of the bounding box. (0,0) is upper left. - int32 left = 2; - - // Width of the bounding box in pixels. - int32 width = 3; - - // Height of the bounding box in pixels. - int32 height = 4; -} - -// Request to search for potentially sensitive info in an image and redact it -// by covering it with a colored rectangle. -message RedactImageRequest { - // Configuration for determining how redaction of images should occur. - message ImageRedactionConfig { - // Type of information to redact from images. - oneof target { - // Only one per info_type should be provided per request. If not - // specified, and redact_all_text is false, the DLP API will redact all - // text that it matches against all info_types that are found, but not - // specified in another ImageRedactionConfig. - InfoType info_type = 1; - - // If true, all text found in the image, regardless whether it matches an - // info_type, is redacted. Only one should be provided. - bool redact_all_text = 2; - } - - // The color to use when redacting content from an image. If not specified, - // the default is black. - Color redaction_color = 3; - } - - // Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [(google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpContent" - }]; - - // Deprecated. This field has no effect. - string location_id = 8; - - // Configuration for the inspector. - InspectConfig inspect_config = 2; - - // The configuration for specifying what content to redact from images. - repeated ImageRedactionConfig image_redaction_configs = 5; - - // Whether the response should include findings along with the redacted - // image. - bool include_findings = 6; - - // The content must be PNG, JPEG, SVG or BMP. - ByteContentItem byte_item = 7; -} - -// Represents a color in the RGB color space. -message Color { - // The amount of red in the color as a value in the interval [0, 1]. - float red = 1; - - // The amount of green in the color as a value in the interval [0, 1]. - float green = 2; - - // The amount of blue in the color as a value in the interval [0, 1]. - float blue = 3; -} - -// Results of redacting an image. -message RedactImageResponse { - // The redacted image. The type will be the same as the original image. - bytes redacted_image = 1; - - // If an image was being inspected and the InspectConfig's include_quote was - // set to true, then this field will include all text, if any, that was found - // in the image. - string extracted_text = 2; - - // The findings. Populated when include_findings in the request is true. - InspectResult inspect_result = 3; -} - -// Request to de-identify a list of items. -message DeidentifyContentRequest { - // Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [(google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpContent" - }]; - - // Configuration for the de-identification of the content item. - // Items specified here will override the template referenced by the - // deidentify_template_name argument. - DeidentifyConfig deidentify_config = 2; - - // Configuration for the inspector. - // Items specified here will override the template referenced by the - // inspect_template_name argument. - InspectConfig inspect_config = 3; - - // The item to de-identify. Will be treated as text. - ContentItem item = 4; - - // Template to use. Any configuration directly specified in - // inspect_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 5; - - // Template to use. Any configuration directly specified in - // deidentify_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string deidentify_template_name = 6; - - // Deprecated. This field has no effect. - string location_id = 7; -} - -// Results of de-identifying a ContentItem. -message DeidentifyContentResponse { - // The de-identified item. - ContentItem item = 1; - - // An overview of the changes that were made on the `item`. - TransformationOverview overview = 2; -} - -// Request to re-identify an item. -message ReidentifyContentRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpContent" - } - ]; - - // Configuration for the re-identification of the content item. - // This field shares the same proto message type that is used for - // de-identification, however its usage here is for the reversal of the - // previous de-identification. Re-identification is performed by examining - // the transformations used to de-identify the items and executing the - // reverse. This requires that only reversible transformations - // be provided here. The reversible transformations are: - // - // - `CryptoDeterministicConfig` - // - `CryptoReplaceFfxFpeConfig` - DeidentifyConfig reidentify_config = 2; - - // Configuration for the inspector. - InspectConfig inspect_config = 3; - - // The item to re-identify. Will be treated as text. - ContentItem item = 4; - - // Template to use. Any configuration directly specified in - // `inspect_config` will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 5; - - // Template to use. References an instance of `DeidentifyTemplate`. - // Any configuration directly specified in `reidentify_config` or - // `inspect_config` will override those set in the template. The - // `DeidentifyTemplate` used must include only reversible transformations. - // Singular fields that are set in this request will replace their - // corresponding fields in the template. Repeated fields are appended. - // Singular sub-messages and groups are recursively merged. - string reidentify_template_name = 6; - - // Deprecated. This field has no effect. - string location_id = 7; -} - -// Results of re-identifying a item. -message ReidentifyContentResponse { - // The re-identified item. - ContentItem item = 1; - - // An overview of the changes that were made to the `item`. - TransformationOverview overview = 2; -} - -// Request to search for potentially sensitive info in a ContentItem. -message InspectContentRequest { - // Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [(google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpContent" - }]; - - // Configuration for the inspector. What specified here will override - // the template referenced by the inspect_template_name argument. - InspectConfig inspect_config = 2; - - // The item to inspect. - ContentItem item = 3; - - // Template to use. Any configuration directly specified in - // inspect_config will override those set in the template. Singular fields - // that are set in this request will replace their corresponding fields in the - // template. Repeated fields are appended. Singular sub-messages and groups - // are recursively merged. - string inspect_template_name = 4; - - // Deprecated. This field has no effect. - string location_id = 5; -} - -// Results of inspecting an item. -message InspectContentResponse { - // The findings. - InspectResult result = 1; -} - -// Cloud repository for storing output. -message OutputStorageConfig { - // Predefined schemas for storing findings. - // Only for use with external storage. - enum OutputSchema { - // Unused. - OUTPUT_SCHEMA_UNSPECIFIED = 0; - - // Basic schema including only `info_type`, `quote`, `certainty`, and - // `timestamp`. - BASIC_COLUMNS = 1; - - // Schema tailored to findings from scanning Google Cloud Storage. - GCS_COLUMNS = 2; - - // Schema tailored to findings from scanning Google Datastore. - DATASTORE_COLUMNS = 3; - - // Schema tailored to findings from scanning Google BigQuery. - BIG_QUERY_COLUMNS = 4; - - // Schema containing all columns. - ALL_COLUMNS = 5; - } - - // Output storage types. - oneof type { - // Store findings in an existing table or a new table in an existing - // dataset. If table_id is not set a new one will be generated - // for you with the following format: - // dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for - // generating the date details. - // - // For Inspect, each column in an existing output table must have the same - // name, type, and mode of a field in the `Finding` object. - // - // For Risk, an existing output table should be the output of a previous - // Risk analysis job run on the same source table, with the same privacy - // metric and quasi-identifiers. Risk jobs that analyze the same table but - // compute a different privacy metric, or use different sets of - // quasi-identifiers, cannot store their results in the same table. - BigQueryTable table = 1; - } - - // Schema used for writing the findings for Inspect jobs. This field is only - // used for Inspect and must be unspecified for Risk jobs. Columns are derived - // from the `Finding` object. If appending to an existing table, any columns - // from the predefined schema that are missing will be added. No columns in - // the existing table will be deleted. - // - // If unspecified, then all available columns will be used for a new table or - // an (existing) table with no schema, and no changes will be made to an - // existing table that has a schema. - // Only for use with external storage. - OutputSchema output_schema = 3; -} - -// Statistics regarding a specific InfoType. -message InfoTypeStats { - // The type of finding this stat is for. - InfoType info_type = 1; - - // Number of findings for this infoType. - int64 count = 2; -} - -// The results of an inspect DataSource job. -message InspectDataSourceDetails { - // Snapshot of the inspection configuration. - message RequestedOptions { - // If run with an InspectTemplate, a snapshot of its state at the time of - // this run. - InspectTemplate snapshot_inspect_template = 1; - - // Inspect config. - InspectJobConfig job_config = 3; - } - - // All result fields mentioned below are updated while the job is processing. - message Result { - // Total size in bytes that were processed. - int64 processed_bytes = 1; - - // Estimate of the number of bytes to process. - int64 total_estimated_bytes = 2; - - // Statistics of how many instances of each info type were found during - // inspect job. - repeated InfoTypeStats info_type_stats = 3; - - // Statistics related to the processing of hybrid inspect. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - HybridInspectStatistics hybrid_stats = 7; - } - - // The configuration used for this job. - RequestedOptions requested_options = 2; - - // A summary of the outcome of this inspect job. - Result result = 3; -} - -// Statistics related to processing hybrid inspect requests. -message HybridInspectStatistics { - // The number of hybrid inspection requests processed within this job. - int64 processed_count = 1; - - // The number of hybrid inspection requests aborted because the job ran - // out of quota or was ended before they could be processed. - int64 aborted_count = 2; - - // The number of hybrid requests currently being processed. Only populated - // when called via method `getDlpJob`. - // A burst of traffic may cause hybrid inspect requests to be enqueued. - // Processing will take place as quickly as possible, but resource limitations - // may impact how long a request is enqueued for. - int64 pending_count = 3; -} - -// InfoType description. -message InfoTypeDescription { - // Internal name of the infoType. - string name = 1; - - // Human readable form of the infoType name. - string display_name = 2; - - // Which parts of the API supports this InfoType. - repeated InfoTypeSupportedBy supported_by = 3; - - // Description of the infotype. Translated when language is provided in the - // request. - string description = 4; -} - -// Request for the list of infoTypes. -message ListInfoTypesRequest { - // The parent resource name. - // - // The format of this value is as follows: - // - // locations/LOCATION_ID - string parent = 4; - - // BCP-47 language code for localized infoType friendly - // names. If omitted, or if localized strings are not available, - // en-US strings will be returned. - string language_code = 1; - - // filter to only return infoTypes supported by certain parts of the - // API. Defaults to supported_by=INSPECT. - string filter = 2; - - // Deprecated. This field has no effect. - string location_id = 3; -} - -// Response to the ListInfoTypes request. -message ListInfoTypesResponse { - // Set of sensitive infoTypes. - repeated InfoTypeDescription info_types = 1; -} - -// Configuration for a risk analysis job. See -// https://cloud.google.com/dlp/docs/concepts-risk-analysis to learn more. -message RiskAnalysisJobConfig { - // Privacy metric to compute. - PrivacyMetric privacy_metric = 1; - - // Input dataset to compute metrics over. - BigQueryTable source_table = 2; - - // Actions to execute at the completion of the job. Are executed in the order - // provided. - repeated Action actions = 3; -} - -// A column with a semantic tag attached. -message QuasiId { - // Required. Identifies the column. - FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; - - // Semantic tag that identifies what a column contains, to determine which - // statistical model to use to estimate the reidentifiability of each - // value. [required] - oneof tag { - // A column can be tagged with a InfoType to use the relevant public - // dataset as a statistical model of population, if available. We - // currently support US ZIP codes, region codes, ages and genders. - // To programmatically obtain the list of supported InfoTypes, use - // ListInfoTypes with the supported_by=RISK_ANALYSIS filter. - InfoType info_type = 2; - - // A column can be tagged with a custom tag. In this case, the user must - // indicate an auxiliary table that contains statistical information on - // the possible values of this column (below). - string custom_tag = 3; - - // If no semantic tag is indicated, we infer the statistical model from - // the distribution of values in the input data - google.protobuf.Empty inferred = 4; - } -} - -// An auxiliary table containing statistical information on the relative -// frequency of different quasi-identifiers values. It has one or several -// quasi-identifiers columns, and one column that indicates the relative -// frequency of each quasi-identifier tuple. -// If a tuple is present in the data but not in the auxiliary table, the -// corresponding relative frequency is assumed to be zero (and thus, the -// tuple is highly reidentifiable). -message StatisticalTable { - // A quasi-identifier column has a custom_tag, used to know which column - // in the data corresponds to which column in the statistical model. - message QuasiIdentifierField { - // Identifies the column. - FieldId field = 1; - - // A column can be tagged with a custom tag. In this case, the user must - // indicate an auxiliary table that contains statistical information on - // the possible values of this column (below). - string custom_tag = 2; - } - - // Required. Auxiliary table location. - BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; - - // Required. Quasi-identifier columns. - repeated QuasiIdentifierField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The relative frequency column must contain a floating-point number - // between 0 and 1 (inclusive). Null values are assumed to be zero. - FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Privacy metric to compute for reidentification risk analysis. -message PrivacyMetric { - // Compute numerical stats over an individual column, including - // min, max, and quantiles. - message NumericalStatsConfig { - // Field to compute numerical stats on. Supported types are - // integer, float, date, datetime, timestamp, time. - FieldId field = 1; - } - - // Compute numerical stats over an individual column, including - // number of distinct values and value count distribution. - message CategoricalStatsConfig { - // Field to compute categorical stats on. All column types are - // supported except for arrays and structs. However, it may be more - // informative to use NumericalStats when the field type is supported, - // depending on the data. - FieldId field = 1; - } - - // k-anonymity metric, used for analysis of reidentification risk. - message KAnonymityConfig { - // Set of fields to compute k-anonymity over. When multiple fields are - // specified, they are considered a single composite key. Structs and - // repeated data types are not supported; however, nested fields are - // supported so long as they are not structs themselves or nested within - // a repeated field. - repeated FieldId quasi_ids = 1; - - // Message indicating that multiple rows might be associated to a - // single individual. If the same entity_id is associated to multiple - // quasi-identifier tuples over distinct rows, we consider the entire - // collection of tuples as the composite quasi-identifier. This collection - // is a multiset: the order in which the different tuples appear in the - // dataset is ignored, but their frequency is taken into account. - // - // Important note: a maximum of 1000 rows can be associated to a single - // entity ID. If more rows are associated with the same entity ID, some - // might be ignored. - EntityId entity_id = 2; - } - - // l-diversity metric, used for analysis of reidentification risk. - message LDiversityConfig { - // Set of quasi-identifiers indicating how equivalence classes are - // defined for the l-diversity computation. When multiple fields are - // specified, they are considered a single composite key. - repeated FieldId quasi_ids = 1; - - // Sensitive field for computing the l-value. - FieldId sensitive_attribute = 2; - } - - // Reidentifiability metric. This corresponds to a risk model similar to what - // is called "journalist risk" in the literature, except the attack dataset is - // statistically modeled instead of being perfectly known. This can be done - // using publicly available data (like the US Census), or using a custom - // statistical model (indicated as one or several BigQuery tables), or by - // extrapolating from the distribution of values in the input dataset. - message KMapEstimationConfig { - // A column with a semantic tag attached. - message TaggedField { - // Required. Identifies the column. - FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; - - // Semantic tag that identifies what a column contains, to determine which - // statistical model to use to estimate the reidentifiability of each - // value. [required] - oneof tag { - // A column can be tagged with a InfoType to use the relevant public - // dataset as a statistical model of population, if available. We - // currently support US ZIP codes, region codes, ages and genders. - // To programmatically obtain the list of supported InfoTypes, use - // ListInfoTypes with the supported_by=RISK_ANALYSIS filter. - InfoType info_type = 2; - - // A column can be tagged with a custom tag. In this case, the user must - // indicate an auxiliary table that contains statistical information on - // the possible values of this column (below). - string custom_tag = 3; - - // If no semantic tag is indicated, we infer the statistical model from - // the distribution of values in the input data - google.protobuf.Empty inferred = 4; - } - } - - // An auxiliary table contains statistical information on the relative - // frequency of different quasi-identifiers values. It has one or several - // quasi-identifiers columns, and one column that indicates the relative - // frequency of each quasi-identifier tuple. - // If a tuple is present in the data but not in the auxiliary table, the - // corresponding relative frequency is assumed to be zero (and thus, the - // tuple is highly reidentifiable). - message AuxiliaryTable { - // A quasi-identifier column has a custom_tag, used to know which column - // in the data corresponds to which column in the statistical model. - message QuasiIdField { - // Identifies the column. - FieldId field = 1; - - // A auxiliary field. - string custom_tag = 2; - } - - // Required. Auxiliary table location. - BigQueryTable table = 3 [(google.api.field_behavior) = REQUIRED]; - - // Required. Quasi-identifier columns. - repeated QuasiIdField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The relative frequency column must contain a floating-point number - // between 0 and 1 (inclusive). Null values are assumed to be zero. - FieldId relative_frequency = 2 [(google.api.field_behavior) = REQUIRED]; - } - - // Required. Fields considered to be quasi-identifiers. No two columns can have the - // same tag. - repeated TaggedField quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - - // ISO 3166-1 alpha-2 region code to use in the statistical modeling. - // Set if no column is tagged with a region-specific InfoType (like - // US_ZIP_5) or a region code. - string region_code = 2; - - // Several auxiliary tables can be used in the analysis. Each custom_tag - // used to tag a quasi-identifiers column must appear in exactly one column - // of one auxiliary table. - repeated AuxiliaryTable auxiliary_tables = 3; - } - - // δ-presence metric, used to estimate how likely it is for an attacker to - // figure out that one given individual appears in a de-identified dataset. - // Similarly to the k-map metric, we cannot compute δ-presence exactly without - // knowing the attack dataset, so we use a statistical model instead. - message DeltaPresenceEstimationConfig { - // Required. Fields considered to be quasi-identifiers. No two fields can have the - // same tag. - repeated QuasiId quasi_ids = 1 [(google.api.field_behavior) = REQUIRED]; - - // ISO 3166-1 alpha-2 region code to use in the statistical modeling. - // Set if no column is tagged with a region-specific InfoType (like - // US_ZIP_5) or a region code. - string region_code = 2; - - // Several auxiliary tables can be used in the analysis. Each custom_tag - // used to tag a quasi-identifiers field must appear in exactly one - // field of one auxiliary table. - repeated StatisticalTable auxiliary_tables = 3; - } - - // Types of analysis. - oneof type { - // Numerical stats - NumericalStatsConfig numerical_stats_config = 1; - - // Categorical stats - CategoricalStatsConfig categorical_stats_config = 2; - - // K-anonymity - KAnonymityConfig k_anonymity_config = 3; - - // l-diversity - LDiversityConfig l_diversity_config = 4; - - // k-map - KMapEstimationConfig k_map_estimation_config = 5; - - // delta-presence - DeltaPresenceEstimationConfig delta_presence_estimation_config = 6; - } -} - -// Result of a risk analysis operation request. -message AnalyzeDataSourceRiskDetails { - // Result of the numerical stats computation. - message NumericalStatsResult { - // Minimum value appearing in the column. - Value min_value = 1; - - // Maximum value appearing in the column. - Value max_value = 2; - - // List of 99 values that partition the set of field values into 100 equal - // sized buckets. - repeated Value quantile_values = 4; - } - - // Result of the categorical stats computation. - message CategoricalStatsResult { - // Histogram of value frequencies in the column. - message CategoricalStatsHistogramBucket { - // Lower bound on the value frequency of the values in this bucket. - int64 value_frequency_lower_bound = 1; - - // Upper bound on the value frequency of the values in this bucket. - int64 value_frequency_upper_bound = 2; - - // Total number of values in this bucket. - int64 bucket_size = 3; - - // Sample of value frequencies in this bucket. The total number of - // values returned per bucket is capped at 20. - repeated ValueFrequency bucket_values = 4; - - // Total number of distinct values in this bucket. - int64 bucket_value_count = 5; - } - - // Histogram of value frequencies in the column. - repeated CategoricalStatsHistogramBucket value_frequency_histogram_buckets = 5; - } - - // Result of the k-anonymity computation. - message KAnonymityResult { - // The set of columns' values that share the same ldiversity value - message KAnonymityEquivalenceClass { - // Set of values defining the equivalence class. One value per - // quasi-identifier column in the original KAnonymity metric message. - // The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the equivalence class, for example number of rows with the - // above set of values. - int64 equivalence_class_size = 2; - } - - // Histogram of k-anonymity equivalence classes. - message KAnonymityHistogramBucket { - // Lower bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_lower_bound = 1; - - // Upper bound on the size of the equivalence classes in this bucket. - int64 equivalence_class_size_upper_bound = 2; - - // Total number of equivalence classes in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated KAnonymityEquivalenceClass bucket_values = 4; - - // Total number of distinct equivalence classes in this bucket. - int64 bucket_value_count = 5; - } - - // Histogram of k-anonymity equivalence classes. - repeated KAnonymityHistogramBucket equivalence_class_histogram_buckets = 5; - } - - // Result of the l-diversity computation. - message LDiversityResult { - // The set of columns' values that share the same ldiversity value. - message LDiversityEquivalenceClass { - // Quasi-identifier values defining the k-anonymity equivalence - // class. The order is always the same as the original request. - repeated Value quasi_ids_values = 1; - - // Size of the k-anonymity equivalence class. - int64 equivalence_class_size = 2; - - // Number of distinct sensitive values in this equivalence class. - int64 num_distinct_sensitive_values = 3; - - // Estimated frequencies of top sensitive values. - repeated ValueFrequency top_sensitive_values = 4; - } - - // Histogram of l-diversity equivalence class sensitive value frequencies. - message LDiversityHistogramBucket { - // Lower bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_lower_bound = 1; - - // Upper bound on the sensitive value frequencies of the equivalence - // classes in this bucket. - int64 sensitive_value_frequency_upper_bound = 2; - - // Total number of equivalence classes in this bucket. - int64 bucket_size = 3; - - // Sample of equivalence classes in this bucket. The total number of - // classes returned per bucket is capped at 20. - repeated LDiversityEquivalenceClass bucket_values = 4; - - // Total number of distinct equivalence classes in this bucket. - int64 bucket_value_count = 5; - } - - // Histogram of l-diversity equivalence class sensitive value frequencies. - repeated LDiversityHistogramBucket sensitive_value_frequency_histogram_buckets = 5; - } - - // Result of the reidentifiability analysis. Note that these results are an - // estimation, not exact values. - message KMapEstimationResult { - // A tuple of values for the quasi-identifier columns. - message KMapEstimationQuasiIdValues { - // The quasi-identifier values. - repeated Value quasi_ids_values = 1; - - // The estimated anonymity for these quasi-identifier values. - int64 estimated_anonymity = 2; - } - - // A KMapEstimationHistogramBucket message with the following values: - // min_anonymity: 3 - // max_anonymity: 5 - // frequency: 42 - // means that there are 42 records whose quasi-identifier values correspond - // to 3, 4 or 5 people in the overlying population. An important particular - // case is when min_anonymity = max_anonymity = 1: the frequency field then - // corresponds to the number of uniquely identifiable records. - message KMapEstimationHistogramBucket { - // Always positive. - int64 min_anonymity = 1; - - // Always greater than or equal to min_anonymity. - int64 max_anonymity = 2; - - // Number of records within these anonymity bounds. - int64 bucket_size = 5; - - // Sample of quasi-identifier tuple values in this bucket. The total - // number of classes returned per bucket is capped at 20. - repeated KMapEstimationQuasiIdValues bucket_values = 6; - - // Total number of distinct quasi-identifier tuple values in this bucket. - int64 bucket_value_count = 7; - } - - // The intervals [min_anonymity, max_anonymity] do not overlap. If a value - // doesn't correspond to any such interval, the associated frequency is - // zero. For example, the following records: - // {min_anonymity: 1, max_anonymity: 1, frequency: 17} - // {min_anonymity: 2, max_anonymity: 3, frequency: 42} - // {min_anonymity: 5, max_anonymity: 10, frequency: 99} - // mean that there are no record with an estimated anonymity of 4, 5, or - // larger than 10. - repeated KMapEstimationHistogramBucket k_map_estimation_histogram = 1; - } - - // Result of the δ-presence computation. Note that these results are an - // estimation, not exact values. - message DeltaPresenceEstimationResult { - // A tuple of values for the quasi-identifier columns. - message DeltaPresenceEstimationQuasiIdValues { - // The quasi-identifier values. - repeated Value quasi_ids_values = 1; - - // The estimated probability that a given individual sharing these - // quasi-identifier values is in the dataset. This value, typically called - // δ, is the ratio between the number of records in the dataset with these - // quasi-identifier values, and the total number of individuals (inside - // *and* outside the dataset) with these quasi-identifier values. - // For example, if there are 15 individuals in the dataset who share the - // same quasi-identifier values, and an estimated 100 people in the entire - // population with these values, then δ is 0.15. - double estimated_probability = 2; - } - - // A DeltaPresenceEstimationHistogramBucket message with the following - // values: - // min_probability: 0.1 - // max_probability: 0.2 - // frequency: 42 - // means that there are 42 records for which δ is in [0.1, 0.2). An - // important particular case is when min_probability = max_probability = 1: - // then, every individual who shares this quasi-identifier combination is in - // the dataset. - message DeltaPresenceEstimationHistogramBucket { - // Between 0 and 1. - double min_probability = 1; - - // Always greater than or equal to min_probability. - double max_probability = 2; - - // Number of records within these probability bounds. - int64 bucket_size = 5; - - // Sample of quasi-identifier tuple values in this bucket. The total - // number of classes returned per bucket is capped at 20. - repeated DeltaPresenceEstimationQuasiIdValues bucket_values = 6; - - // Total number of distinct quasi-identifier tuple values in this bucket. - int64 bucket_value_count = 7; - } - - // The intervals [min_probability, max_probability) do not overlap. If a - // value doesn't correspond to any such interval, the associated frequency - // is zero. For example, the following records: - // {min_probability: 0, max_probability: 0.1, frequency: 17} - // {min_probability: 0.2, max_probability: 0.3, frequency: 42} - // {min_probability: 0.3, max_probability: 0.4, frequency: 99} - // mean that there are no record with an estimated probability in [0.1, 0.2) - // nor larger or equal to 0.4. - repeated DeltaPresenceEstimationHistogramBucket delta_presence_estimation_histogram = 1; - } - - // Risk analysis options. - message RequestedRiskAnalysisOptions { - // The job config for the risk job. - RiskAnalysisJobConfig job_config = 1; - } - - // Privacy metric to compute. - PrivacyMetric requested_privacy_metric = 1; - - // Input dataset to compute metrics over. - BigQueryTable requested_source_table = 2; - - // Values associated with this metric. - oneof result { - // Numerical stats result - NumericalStatsResult numerical_stats_result = 3; - - // Categorical stats result - CategoricalStatsResult categorical_stats_result = 4; - - // K-anonymity result - KAnonymityResult k_anonymity_result = 5; - - // L-divesity result - LDiversityResult l_diversity_result = 6; - - // K-map result - KMapEstimationResult k_map_estimation_result = 7; - - // Delta-presence result - DeltaPresenceEstimationResult delta_presence_estimation_result = 9; - } - - // The configuration used for this job. - RequestedRiskAnalysisOptions requested_options = 10; -} - -// A value of a field, including its frequency. -message ValueFrequency { - // A value contained in the field in question. - Value value = 1; - - // How many times the value is contained in the field. - int64 count = 2; -} - -// Set of primitive values supported by the system. -// Note that for the purposes of inspection or transformation, the number -// of bytes considered to comprise a 'Value' is based on its representation -// as a UTF-8 encoded string. For example, if 'integer_value' is set to -// 123456789, the number of bytes would be counted as 9, even though an -// int64 only holds up to 8 bytes of data. -message Value { - // Value types - oneof type { - // integer - int64 integer_value = 1; - - // float - double float_value = 2; - - // string - string string_value = 3; - - // boolean - bool boolean_value = 4; - - // timestamp - google.protobuf.Timestamp timestamp_value = 5; - - // time of day - google.type.TimeOfDay time_value = 6; - - // date - google.type.Date date_value = 7; - - // day of week - google.type.DayOfWeek day_of_week_value = 8; - } -} - -// Message for infoType-dependent details parsed from quote. -message QuoteInfo { - // Object representation of the quote. - oneof parsed_quote { - // The date time indicated by the quote. - DateTime date_time = 2; - } -} - -// Message for a date time object. -// e.g. 2018-01-01, 5th August. -message DateTime { - // Time zone of the date time object. - message TimeZone { - // Set only if the offset can be determined. Positive for time ahead of UTC. - // E.g. For "UTC-9", this value is -540. - int32 offset_minutes = 1; - } - - // One or more of the following must be set. - // Must be a valid date or time value. - google.type.Date date = 1; - - // Day of week - google.type.DayOfWeek day_of_week = 2; - - // Time of day - google.type.TimeOfDay time = 3; - - // Time zone - TimeZone time_zone = 4; -} - -// The configuration that controls how the data will change. -message DeidentifyConfig { - oneof transformation { - // Treat the dataset as free-form text and apply the same free text - // transformation everywhere. - InfoTypeTransformations info_type_transformations = 1; - - // Treat the dataset as structured. Transformations can be applied to - // specific locations within structured datasets, such as transforming - // a column within a table. - RecordTransformations record_transformations = 2; - } - - // Mode for handling transformation errors. If left unspecified, the default - // mode is `TransformationErrorHandling.ThrowError`. - TransformationErrorHandling transformation_error_handling = 3; -} - -// How to handle transformation errors during de-identification. A -// transformation error occurs when the requested transformation is incompatible -// with the data. For example, trying to de-identify an IP address using a -// `DateShift` transformation would result in a transformation error, since date -// info cannot be extracted from an IP address. -// Information about any incompatible transformations, and how they were -// handled, is returned in the response as part of the -// `TransformationOverviews`. -message TransformationErrorHandling { - // Throw an error and fail the request when a transformation error occurs. - message ThrowError { - - } - - // Skips the data without modifying it if the requested transformation would - // cause an error. For example, if a `DateShift` transformation were applied - // an an IP address, this mode would leave the IP address unchanged in the - // response. - message LeaveUntransformed { - - } - - // How transformation errors should be handled. - oneof mode { - // Throw an error - ThrowError throw_error = 1; - - // Ignore errors - LeaveUntransformed leave_untransformed = 2; - } -} - -// A rule for transforming a value. -message PrimitiveTransformation { - oneof transformation { - // Replace - ReplaceValueConfig replace_config = 1; - - // Redact - RedactConfig redact_config = 2; - - // Mask - CharacterMaskConfig character_mask_config = 3; - - // Ffx-Fpe - CryptoReplaceFfxFpeConfig crypto_replace_ffx_fpe_config = 4; - - // Fixed size bucketing - FixedSizeBucketingConfig fixed_size_bucketing_config = 5; - - // Bucketing - BucketingConfig bucketing_config = 6; - - // Replace with infotype - ReplaceWithInfoTypeConfig replace_with_info_type_config = 7; - - // Time extraction - TimePartConfig time_part_config = 8; - - // Crypto - CryptoHashConfig crypto_hash_config = 9; - - // Date Shift - DateShiftConfig date_shift_config = 11; - - // Deterministic Crypto - CryptoDeterministicConfig crypto_deterministic_config = 12; - } -} - -// For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a -// portion of the value. -message TimePartConfig { - // Components that make up time. - enum TimePart { - // Unused - TIME_PART_UNSPECIFIED = 0; - - // [0-9999] - YEAR = 1; - - // [1-12] - MONTH = 2; - - // [1-31] - DAY_OF_MONTH = 3; - - // [1-7] - DAY_OF_WEEK = 4; - - // [1-53] - WEEK_OF_YEAR = 5; - - // [0-23] - HOUR_OF_DAY = 6; - } - - // The part of the time to keep. - TimePart part_to_extract = 1; -} - -// Pseudonymization method that generates surrogates via cryptographic hashing. -// Uses SHA-256. -// The key size must be either 32 or 64 bytes. -// Outputs a base64 encoded representation of the hashed output -// (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). -// Currently, only string and integer values can be hashed. -// See https://cloud.google.com/dlp/docs/pseudonymization to learn more. -message CryptoHashConfig { - // The key used by the hash function. - CryptoKey crypto_key = 1; -} - -// Pseudonymization method that generates deterministic encryption for the given -// input. Outputs a base64 encoded representation of the encrypted output. -// Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. -message CryptoDeterministicConfig { - // The key used by the encryption function. - CryptoKey crypto_key = 1; - - // The custom info type to annotate the surrogate with. - // This annotation will be applied to the surrogate by prefixing it with - // the name of the custom info type followed by the number of - // characters comprising the surrogate. The following scheme defines the - // format: {info type name}({surrogate character count}):{surrogate} - // - // For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and - // the surrogate is 'abc', the full replacement value - // will be: 'MY_TOKEN_INFO_TYPE(3):abc' - // - // This annotation identifies the surrogate when inspecting content using the - // custom info type 'Surrogate'. This facilitates reversal of the - // surrogate when it occurs in free text. - // - // Note: For record transformations where the entire cell in a table is being - // transformed, surrogates are not mandatory. Surrogates are used to denote - // the location of the token and are necessary for re-identification in free - // form text. - // - // In order for inspection to work properly, the name of this info type must - // not occur naturally anywhere in your data; otherwise, inspection may either - // - // - reverse a surrogate that does not correspond to an actual identifier - // - be unable to parse the surrogate and result in an error - // - // Therefore, choose your custom info type name carefully after considering - // what your data looks like. One way to select a name that has a high chance - // of yielding reliable detection is to include one or more unicode characters - // that are highly improbable to exist in your data. - // For example, assuming your data is entered from a regular ASCII keyboard, - // the symbol with the hex code point 29DD might be used like so: - // ⧝MY_TOKEN_TYPE. - InfoType surrogate_info_type = 2; - - // A context may be used for higher security and maintaining - // referential integrity such that the same identifier in two different - // contexts will be given a distinct surrogate. The context is appended to - // plaintext value being encrypted. On decryption the provided context is - // validated against the value used during encryption. If a context was - // provided during encryption, same context must be provided during decryption - // as well. - // - // If the context is not set, plaintext would be used as is for encryption. - // If the context is set but: - // - // 1. there is no record present when transforming a given value or - // 2. the field is not present when transforming a given value, - // - // plaintext would be used as is for encryption. - // - // Note that case (1) is expected when an `InfoTypeTransformation` is - // applied to both structured and non-structured `ContentItem`s. - FieldId context = 3; -} - -// Replace each input value with a given `Value`. -message ReplaceValueConfig { - // Value to replace it with. - Value new_value = 1; -} - -// Replace each matching finding with the name of the info_type. -message ReplaceWithInfoTypeConfig { - -} - -// Redact a given value. For example, if used with an `InfoTypeTransformation` -// transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the -// output would be 'My phone number is '. -message RedactConfig { - -} - -// Characters to skip when doing deidentification of a value. These will be left -// alone and skipped. -message CharsToIgnore { - // Convenience enum for indication common characters to not transform. - enum CommonCharsToIgnore { - // Unused. - COMMON_CHARS_TO_IGNORE_UNSPECIFIED = 0; - - // 0-9 - NUMERIC = 1; - - // A-Z - ALPHA_UPPER_CASE = 2; - - // a-z - ALPHA_LOWER_CASE = 3; - - // US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ - PUNCTUATION = 4; - - // Whitespace character, one of [ \t\n\x0B\f\r] - WHITESPACE = 5; - } - - oneof characters { - // Characters to not transform when masking. - string characters_to_skip = 1; - - // Common characters to not transform when masking. Useful to avoid removing - // punctuation. - CommonCharsToIgnore common_characters_to_ignore = 2; - } -} - -// Partially mask a string by replacing a given number of characters with a -// fixed character. Masking can start from the beginning or end of the string. -// This can be used on data of any type (numbers, longs, and so on) and when -// de-identifying structured data we'll attempt to preserve the original data's -// type. (This allows you to take a long like 123 and modify it to a string like -// **3. -message CharacterMaskConfig { - // Character to use to mask the sensitive values—for example, `*` for an - // alphabetic string such as a name, or `0` for a numeric string such as ZIP - // code or credit card number. This string must have a length of 1. If not - // supplied, this value defaults to `*` for strings, and `0` for digits. - string masking_character = 1; - - // Number of characters to mask. If not set, all matching chars will be - // masked. Skipped characters do not count towards this tally. - int32 number_to_mask = 2; - - // Mask characters in reverse order. For example, if `masking_character` is - // `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the - // input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. - // If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` - // is `true`, then the string `12345` is masked as `12***`. - bool reverse_order = 3; - - // When masking a string, items in this list will be skipped when replacing - // characters. For example, if the input string is `555-555-5555` and you - // instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP - // returns `***-**5-5555`. - repeated CharsToIgnore characters_to_ignore = 4; -} - -// Buckets values based on fixed size ranges. The -// Bucketing transformation can provide all of this functionality, -// but requires more configuration. This message is provided as a convenience to -// the user for simple bucketing strategies. -// -// The transformed value will be a hyphenated string of -// {lower_bound}-{upper_bound}, i.e if lower_bound = 10 and upper_bound = 20 -// all values that are within this bucket will be replaced with "10-20". -// -// This can be used on data of type: double, long. -// -// If the bound Value type differs from the type of data -// being transformed, we will first attempt converting the type of the data to -// be transformed to match the type of the bound before comparing. -// -// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. -message FixedSizeBucketingConfig { - // Required. Lower bound value of buckets. All values less than `lower_bound` are - // grouped together into a single bucket; for example if `lower_bound` = 10, - // then all values less than 10 are replaced with the value "-10". - Value lower_bound = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. Upper bound value of buckets. All values greater than upper_bound are - // grouped together into a single bucket; for example if `upper_bound` = 89, - // then all values greater than 89 are replaced with the value "89+". - Value upper_bound = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. Size of each bucket (except for minimum and maximum buckets). So if - // `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the - // following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, - // 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. - double bucket_size = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Generalization function that buckets values based on ranges. The ranges and -// replacement values are dynamically provided by the user for custom behavior, -// such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH -// This can be used on -// data of type: number, long, string, timestamp. -// If the bound `Value` type differs from the type of data being transformed, we -// will first attempt converting the type of the data to be transformed to match -// the type of the bound before comparing. -// See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. -message BucketingConfig { - // Bucket is represented as a range, along with replacement values. - message Bucket { - // Lower bound of the range, inclusive. Type should be the same as max if - // used. - Value min = 1; - - // Upper bound of the range, exclusive; type must match min. - Value max = 2; - - // Required. Replacement value for this bucket. - Value replacement_value = 3 [(google.api.field_behavior) = REQUIRED]; - } - - // Set of buckets. Ranges must be non-overlapping. - repeated Bucket buckets = 1; -} - -// Replaces an identifier with a surrogate using Format Preserving Encryption -// (FPE) with the FFX mode of operation; however when used in the -// `ReidentifyContent` API method, it serves the opposite function by reversing -// the surrogate back into the original identifier. The identifier must be -// encoded as ASCII. For a given crypto key and context, the same identifier -// will be replaced with the same surrogate. Identifiers must be at least two -// characters long. In the case that the identifier is the empty string, it will -// be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn -// more. -// -// Note: We recommend using CryptoDeterministicConfig for all use cases which -// do not require preserving the input alphabet space and size, plus warrant -// referential integrity. -message CryptoReplaceFfxFpeConfig { - // These are commonly used subsets of the alphabet that the FFX mode - // natively supports. In the algorithm, the alphabet is selected using - // the "radix". Therefore each corresponds to particular radix. - enum FfxCommonNativeAlphabet { - // Unused. - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0; - - // `[0-9]` (radix of 10) - NUMERIC = 1; - - // `[0-9A-F]` (radix of 16) - HEXADECIMAL = 2; - - // `[0-9A-Z]` (radix of 36) - UPPER_CASE_ALPHA_NUMERIC = 3; - - // `[0-9A-Za-z]` (radix of 62) - ALPHA_NUMERIC = 4; - } - - // Required. The key used by the encryption algorithm. - CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; - - // The 'tweak', a context may be used for higher security since the same - // identifier in two different contexts won't be given the same surrogate. If - // the context is not set, a default tweak will be used. - // - // If the context is set but: - // - // 1. there is no record present when transforming a given value or - // 1. the field is not present when transforming a given value, - // - // a default tweak will be used. - // - // Note that case (1) is expected when an `InfoTypeTransformation` is - // applied to both structured and non-structured `ContentItem`s. - // Currently, the referenced field may be of value type integer or string. - // - // The tweak is constructed as a sequence of bytes in big endian byte order - // such that: - // - // - a 64 bit integer is encoded followed by a single byte of value 1 - // - a string is encoded in UTF-8 format followed by a single byte of value 2 - FieldId context = 2; - - // Choose an alphabet which the data being transformed will be made up of. - oneof alphabet { - // Common alphabets. - FfxCommonNativeAlphabet common_alphabet = 4; - - // This is supported by mapping these to the alphanumeric characters - // that the FFX mode natively supports. This happens before/after - // encryption/decryption. - // Each character listed must appear only once. - // Number of characters must be in the range [2, 95]. - // This must be encoded as ASCII. - // The order of characters does not matter. - // The full list of allowed characters is: - // 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - // ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/ - string custom_alphabet = 5; - - // The native way to select the alphabet. Must be in the range [2, 95]. - int32 radix = 6; - } - - // The custom infoType to annotate the surrogate with. - // This annotation will be applied to the surrogate by prefixing it with - // the name of the custom infoType followed by the number of - // characters comprising the surrogate. The following scheme defines the - // format: info_type_name(surrogate_character_count):surrogate - // - // For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and - // the surrogate is 'abc', the full replacement value - // will be: 'MY_TOKEN_INFO_TYPE(3):abc' - // - // This annotation identifies the surrogate when inspecting content using the - // custom infoType - // [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - // This facilitates reversal of the surrogate when it occurs in free text. - // - // In order for inspection to work properly, the name of this infoType must - // not occur naturally anywhere in your data; otherwise, inspection may - // find a surrogate that does not correspond to an actual identifier. - // Therefore, choose your custom infoType name carefully after considering - // what your data looks like. One way to select a name that has a high chance - // of yielding reliable detection is to include one or more unicode characters - // that are highly improbable to exist in your data. - // For example, assuming your data is entered from a regular ASCII keyboard, - // the symbol with the hex code point 29DD might be used like so: - // ⧝MY_TOKEN_TYPE - InfoType surrogate_info_type = 8; -} - -// This is a data encryption key (DEK) (as opposed to -// a key encryption key (KEK) stored by KMS). -// When using KMS to wrap/unwrap DEKs, be sure to set an appropriate -// IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot -// unwrap the data crypto key. -message CryptoKey { - // Sources of crypto keys. - oneof source { - // Transient crypto key - TransientCryptoKey transient = 1; - - // Unwrapped crypto key - UnwrappedCryptoKey unwrapped = 2; - - // Kms wrapped key - KmsWrappedCryptoKey kms_wrapped = 3; - } -} - -// Use this to have a random data crypto key generated. -// It will be discarded after the request finishes. -message TransientCryptoKey { - // Required. Name of the key. - // This is an arbitrary string used to differentiate different keys. - // A unique key is generated per name: two separate `TransientCryptoKey` - // protos share the same generated key if their names are the same. - // When the data crypto key is generated, this name is not used in any way - // (repeating the api call will result in a different key being generated). - string name = 1 [(google.api.field_behavior) = REQUIRED]; -} - -// Using raw keys is prone to security risks due to accidentally -// leaking the key. Choose another type of key if possible. -message UnwrappedCryptoKey { - // Required. A 128/192/256 bit key. - bytes key = 1 [(google.api.field_behavior) = REQUIRED]; -} - -// Include to use an existing data crypto key wrapped by KMS. -// The wrapped key must be a 128/192/256 bit key. -// Authorization requires the following IAM permissions when sending a request -// to perform a crypto transformation using a kms-wrapped crypto key: -// dlp.kms.encrypt -message KmsWrappedCryptoKey { - // Required. The wrapped data crypto key. - bytes wrapped_key = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The resource name of the KMS CryptoKey to use for unwrapping. - string crypto_key_name = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Shifts dates by random number of days, with option to be consistent for the -// same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting -// to learn more. -message DateShiftConfig { - // Required. Range of shift in days. Actual shift will be selected at random within this - // range (inclusive ends). Negative means shift to earlier in time. Must not - // be more than 365250 days (1000 years) each direction. - // - // For example, 3 means shift date to at most 3 days into the future. - int32 upper_bound_days = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. For example, -5 means shift date to at most 5 days back in the past. - int32 lower_bound_days = 2 [(google.api.field_behavior) = REQUIRED]; - - // Points to the field that contains the context, for example, an entity id. - // If set, must also set cryptoKey. If set, shift will be consistent for the - // given context. - FieldId context = 3; - - // Method for calculating shift that takes context into consideration. If - // set, must also set context. Can only be applied to table items. - oneof method { - // Causes the shift to be computed based on this key and the context. This - // results in the same shift for the same context and crypto_key. If - // set, must also set context. Can only be applied to table items. - CryptoKey crypto_key = 4; - } -} - -// A type of transformation that will scan unstructured text and -// apply various `PrimitiveTransformation`s to each finding, where the -// transformation is applied to only values that were identified as a specific -// info_type. -message InfoTypeTransformations { - // A transformation to apply to text that is identified as a specific - // info_type. - message InfoTypeTransformation { - // InfoTypes to apply the transformation to. An empty list will cause - // this transformation to apply to all findings that correspond to - // infoTypes that were requested in `InspectConfig`. - repeated InfoType info_types = 1; - - // Required. Primitive transformation to apply to the infoType. - PrimitiveTransformation primitive_transformation = 2 [(google.api.field_behavior) = REQUIRED]; - } - - // Required. Transformation for each infoType. Cannot specify more than one - // for a given infoType. - repeated InfoTypeTransformation transformations = 1 [(google.api.field_behavior) = REQUIRED]; -} - -// The transformation to apply to the field. -message FieldTransformation { - // Required. Input field(s) to apply the transformation to. - repeated FieldId fields = 1 [(google.api.field_behavior) = REQUIRED]; - - // Only apply the transformation if the condition evaluates to true for the - // given `RecordCondition`. The conditions are allowed to reference fields - // that are not used in the actual transformation. - // - // Example Use Cases: - // - // - Apply a different bucket transformation to an age column if the zip code - // column for the same record is within a specific range. - // - Redact a field if the date of birth field is greater than 85. - RecordCondition condition = 3; - - // Transformation to apply. [required] - oneof transformation { - // Apply the transformation to the entire field. - PrimitiveTransformation primitive_transformation = 4; - - // Treat the contents of the field as free text, and selectively - // transform content that matches an `InfoType`. - InfoTypeTransformations info_type_transformations = 5; - } -} - -// A type of transformation that is applied over structured data such as a -// table. -message RecordTransformations { - // Transform the record by applying various field transformations. - repeated FieldTransformation field_transformations = 1; - - // Configuration defining which records get suppressed entirely. Records that - // match any suppression rule are omitted from the output. - repeated RecordSuppression record_suppressions = 2; -} - -// Configuration to suppress records whose suppression conditions evaluate to -// true. -message RecordSuppression { - // A condition that when it evaluates to true will result in the record being - // evaluated to be suppressed from the transformed content. - RecordCondition condition = 1; -} - -// A condition for determining whether a transformation should be applied to -// a field. -message RecordCondition { - // The field type of `value` and `field` do not need to match to be - // considered equal, but not all comparisons are possible. - // EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, - // but all other comparisons are invalid with incompatible types. - // A `value` of type: - // - // - `string` can be compared against all other types - // - `boolean` can only be compared against other booleans - // - `integer` can be compared against doubles or a string if the string value - // can be parsed as an integer. - // - `double` can be compared against integers or a string if the string can - // be parsed as a double. - // - `Timestamp` can be compared against strings in RFC 3339 date string - // format. - // - `TimeOfDay` can be compared against timestamps and strings in the format - // of 'HH:mm:ss'. - // - // If we fail to compare do to type mismatch, a warning will be given and - // the condition will evaluate to false. - message Condition { - // Required. Field within the record this condition is evaluated against. - FieldId field = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. Operator used to compare the field or infoType to the value. - RelationalOperator operator = 3 [(google.api.field_behavior) = REQUIRED]; - - // Value to compare against. [Mandatory, except for `EXISTS` tests.] - Value value = 4; - } - - // A collection of conditions. - message Conditions { - // A collection of conditions. - repeated Condition conditions = 1; - } - - // An expression, consisting or an operator and conditions. - message Expressions { - // Logical operators for conditional checks. - enum LogicalOperator { - // Unused - LOGICAL_OPERATOR_UNSPECIFIED = 0; - - // Conditional AND - AND = 1; - } - - // The operator to apply to the result of conditions. Default and currently - // only supported value is `AND`. - LogicalOperator logical_operator = 1; - - // Expression types. - oneof type { - // Conditions to apply to the expression. - Conditions conditions = 3; - } - } - - // An expression. - Expressions expressions = 3; -} - -// Overview of the modifications that occurred. -message TransformationOverview { - // Total size in bytes that were transformed in some way. - int64 transformed_bytes = 2; - - // Transformations applied to the dataset. - repeated TransformationSummary transformation_summaries = 3; -} - -// Summary of a single transformation. -// Only one of 'transformation', 'field_transformation', or 'record_suppress' -// will be set. -message TransformationSummary { - // A collection that informs the user the number of times a particular - // `TransformationResultCode` and error details occurred. - message SummaryResult { - // Number of transformations counted by this result. - int64 count = 1; - - // Outcome of the transformation. - TransformationResultCode code = 2; - - // A place for warnings or errors to show up if a transformation didn't - // work as expected. - string details = 3; - } - - // Possible outcomes of transformations. - enum TransformationResultCode { - // Unused - TRANSFORMATION_RESULT_CODE_UNSPECIFIED = 0; - - // Transformation completed without an error. - SUCCESS = 1; - - // Transformation had an error. - ERROR = 2; - } - - // Set if the transformation was limited to a specific InfoType. - InfoType info_type = 1; - - // Set if the transformation was limited to a specific FieldId. - FieldId field = 2; - - // The specific transformation these stats apply to. - PrimitiveTransformation transformation = 3; - - // The field transformation that was applied. - // If multiple field transformations are requested for a single field, - // this list will contain all of them; otherwise, only one is supplied. - repeated FieldTransformation field_transformations = 5; - - // The specific suppression option these stats apply to. - RecordSuppression record_suppress = 6; - - // Collection of all transformations that took place or had an error. - repeated SummaryResult results = 4; - - // Total size in bytes that were transformed in some way. - int64 transformed_bytes = 7; -} - -// Schedule for triggeredJobs. -message Schedule { - oneof option { - // With this option a job is started a regular periodic basis. For - // example: every day (86400 seconds). - // - // A scheduled start time will be skipped if the previous - // execution has not ended when its scheduled time occurs. - // - // This value must be set to a time duration greater than or equal - // to 1 day and can be no longer than 60 days. - google.protobuf.Duration recurrence_period_duration = 1; - } -} - -// Job trigger option for hybrid jobs. Jobs must be manually created -// and finished. -message Manual { - -} - -// The inspectTemplate contains a configuration (set of types of sensitive data -// to be detected) to be used anywhere you otherwise would normally specify -// InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates -// to learn more. -message InspectTemplate { - option (google.api.resource) = { - type: "dlp.googleapis.com/InspectTemplate" - pattern: "organizations/{organization}/inspectTemplates/{inspect_template}" - pattern: "projects/{project}/inspectTemplates/{inspect_template}" - pattern: "organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template}" - pattern: "projects/{project}/locations/{location}/inspectTemplates/{inspect_template}" - }; - - // Output only. The template name. - // - // The template will have one of the following formats: - // `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR - // `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`; - string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Display name (max 256 chars). - string display_name = 2; - - // Short description (max 256 chars). - string description = 3; - - // Output only. The creation timestamp of an inspectTemplate. - google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The last update timestamp of an inspectTemplate. - google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // The core content of the template. Configuration of the scanning process. - InspectConfig inspect_config = 6; -} - -// DeidentifyTemplates contains instructions on how to de-identify content. -// See https://cloud.google.com/dlp/docs/concepts-templates to learn more. -message DeidentifyTemplate { - option (google.api.resource) = { - type: "dlp.googleapis.com/DeidentifyTemplate" - pattern: "organizations/{organization}/deidentifyTemplates/{deidentify_template}" - pattern: "projects/{project}/deidentifyTemplates/{deidentify_template}" - pattern: "organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template}" - pattern: "projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template}" - }; - - // Output only. The template name. - // - // The template will have one of the following formats: - // `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR - // `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` - string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Display name (max 256 chars). - string display_name = 2; - - // Short description (max 256 chars). - string description = 3; - - // Output only. The creation timestamp of an inspectTemplate. - google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The last update timestamp of an inspectTemplate. - google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // ///////////// // The core content of the template // /////////////// - DeidentifyConfig deidentify_config = 6; -} - -// Details information about an error encountered during job execution or -// the results of an unsuccessful activation of the JobTrigger. -message Error { - // Detailed error codes and messages. - google.rpc.Status details = 1; - - // The times the error occurred. - repeated google.protobuf.Timestamp timestamps = 2; -} - -// Contains a configuration to make dlp api calls on a repeating basis. -// See https://cloud.google.com/dlp/docs/concepts-job-triggers to learn more. -message JobTrigger { - option (google.api.resource) = { - type: "dlp.googleapis.com/JobTrigger" - pattern: "projects/{project}/jobTriggers/{job_trigger}" - pattern: "projects/{project}/locations/{location}/jobTriggers/{job_trigger}" - }; - - // What event needs to occur for a new job to be started. - message Trigger { - oneof trigger { - // Create a job on a repeating basis based on the elapse of time. - Schedule schedule = 1; - - // For use with hybrid jobs. Jobs must be manually created and finished. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - Manual manual = 2; - } - } - - // Whether the trigger is currently active. If PAUSED or CANCELLED, no jobs - // will be created with this configuration. The service may automatically - // pause triggers experiencing frequent errors. To restart a job, set the - // status to HEALTHY after correcting user errors. - enum Status { - // Unused. - STATUS_UNSPECIFIED = 0; - - // Trigger is healthy. - HEALTHY = 1; - - // Trigger is temporarily paused. - PAUSED = 2; - - // Trigger is cancelled and can not be resumed. - CANCELLED = 3; - } - - // Unique resource name for the triggeredJob, assigned by the service when the - // triggeredJob is created, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1; - - // Display name (max 100 chars) - string display_name = 2; - - // User provided description (max 256 chars) - string description = 3; - - // The configuration details for the specific type of job to run. - oneof job { - // For inspect jobs, a snapshot of the configuration. - InspectJobConfig inspect_job = 4; - } - - // A list of triggers which will be OR'ed together. Only one in the list - // needs to trigger for a job to be started. The list may contain only - // a single Schedule trigger and must have at least one object. - repeated Trigger triggers = 5; - - // Output only. A stream of errors encountered when the trigger was activated. Repeated - // errors may result in the JobTrigger automatically being paused. - // Will return the last 100 errors. Whenever the JobTrigger is modified - // this list will be cleared. - repeated Error errors = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The creation timestamp of a triggeredJob. - google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The last update timestamp of a triggeredJob. - google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The timestamp of the last time this trigger executed. - google.protobuf.Timestamp last_run_time = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Required. A status for this trigger. - Status status = 10 [(google.api.field_behavior) = REQUIRED]; -} - -// A task to execute on the completion of a job. -// See https://cloud.google.com/dlp/docs/concepts-actions to learn more. -message Action { - // If set, the detailed findings will be persisted to the specified - // OutputStorageConfig. Only a single instance of this action can be - // specified. - // Compatible with: Inspect, Risk - message SaveFindings { - // Location to store findings outside of DLP. - OutputStorageConfig output_config = 1; - } - - // Publish a message into given Pub/Sub topic when DlpJob has completed. The - // message contains a single field, `DlpJobName`, which is equal to the - // finished job's - // [`DlpJob.name`](https://cloud.google.com/dlp/docs/reference/rest/v2/projects.dlpJobs#DlpJob). - // Compatible with: Inspect, Risk - message PublishToPubSub { - // Cloud Pub/Sub topic to send notifications to. The topic must have given - // publishing access rights to the DLP API service account executing - // the long running DlpJob sending the notifications. - // Format is projects/{project}/topics/{topic}. - string topic = 1; - } - - // Publish the result summary of a DlpJob to the Cloud Security - // Command Center (CSCC Alpha). - // This action is only available for projects which are parts of - // an organization and whitelisted for the alpha Cloud Security Command - // Center. - // The action will publish count of finding instances and their info types. - // The summary of findings will be persisted in CSCC and are governed by CSCC - // service-specific policy, see https://cloud.google.com/terms/service-terms - // Only a single instance of this action can be specified. - // Compatible with: Inspect - message PublishSummaryToCscc { - - } - - // Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the - // results of the DlpJob will be applied to the entry for the resource scanned - // in Cloud Data Catalog. Any labels previously written by another DlpJob will - // be deleted. InfoType naming patterns are strictly enforced when using this - // feature. Note that the findings will be persisted in Cloud Data Catalog - // storage and are governed by Data Catalog service-specific policy, see - // https://cloud.google.com/terms/service-terms - // Only a single instance of this action can be specified and only allowed if - // all resources being scanned are BigQuery tables. - // Compatible with: Inspect - message PublishFindingsToCloudDataCatalog { - - } - - // Enable email notification to project owners and editors on jobs's - // completion/failure. - message JobNotificationEmails { - - } - - // Enable Stackdriver metric dlp.googleapis.com/finding_count. This - // will publish a metric to stack driver on each infotype requested and - // how many findings were found for it. CustomDetectors will be bucketed - // as 'Custom' under the Stackdriver label 'info_type'. - message PublishToStackdriver { - - } - - oneof action { - // Save resulting findings in a provided location. - SaveFindings save_findings = 1; - - // Publish a notification to a pubsub topic. - PublishToPubSub pub_sub = 2; - - // Publish summary to Cloud Security Command Center (Alpha). - PublishSummaryToCscc publish_summary_to_cscc = 3; - - // Publish findings to Cloud Datahub. - PublishFindingsToCloudDataCatalog publish_findings_to_cloud_data_catalog = 5; - - // Enable email notification for project owners and editors on job's - // completion/failure. - JobNotificationEmails job_notification_emails = 8; - - // Enable Stackdriver metric dlp.googleapis.com/finding_count. - PublishToStackdriver publish_to_stackdriver = 9; - } -} - -// Request message for CreateInspectTemplate. -message CreateInspectTemplateRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/InspectTemplate" - } - ]; - - // Required. The InspectTemplate to create. - InspectTemplate inspect_template = 2 [(google.api.field_behavior) = REQUIRED]; - - // The template id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\d-_]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string template_id = 3; - - // Deprecated. This field has no effect. - string location_id = 4; -} - -// Request message for UpdateInspectTemplate. -message UpdateInspectTemplateRequest { - // Required. Resource name of organization and inspectTemplate to be updated, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/InspectTemplate" - } - ]; - - // New InspectTemplate value. - InspectTemplate inspect_template = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetInspectTemplate. -message GetInspectTemplateRequest { - // Required. Resource name of the organization and inspectTemplate to be read, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/InspectTemplate" - } - ]; -} - -// Request message for ListInspectTemplates. -message ListInspectTemplatesRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/InspectTemplate" - } - ]; - - // Page token to continue retrieval. Comes from previous call - // to `ListInspectTemplates`. - string page_token = 2; - - // Size of the page, can be limited by server. If zero server returns - // a page of max size 100. - int32 page_size = 3; - - // Comma separated list of fields to order by, - // followed by `asc` or `desc` postfix. This list is case-insensitive, - // default sorting order is ascending, redundant space characters are - // insignificant. - // - // Example: `name asc,update_time, create_time desc` - // - // Supported fields are: - // - // - `create_time`: corresponds to time the template was created. - // - `update_time`: corresponds to time the template was last updated. - // - `name`: corresponds to template's name. - // - `display_name`: corresponds to template's display name. - string order_by = 4; - - // Deprecated. This field has no effect. - string location_id = 5; -} - -// Response message for ListInspectTemplates. -message ListInspectTemplatesResponse { - // List of inspectTemplates, up to page_size in ListInspectTemplatesRequest. - repeated InspectTemplate inspect_templates = 1; - - // If the next page is available then the next page token to be used - // in following ListInspectTemplates request. - string next_page_token = 2; -} - -// Request message for DeleteInspectTemplate. -message DeleteInspectTemplateRequest { - // Required. Resource name of the organization and inspectTemplate to be deleted, for - // example `organizations/433245324/inspectTemplates/432452342` or - // projects/project-id/inspectTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/InspectTemplate" - } - ]; -} - -// Request message for CreateJobTrigger. -message CreateJobTriggerRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/JobTrigger" - } - ]; - - // Required. The JobTrigger to create. - JobTrigger job_trigger = 2 [(google.api.field_behavior) = REQUIRED]; - - // The trigger id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\d-_]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string trigger_id = 3; - - // Deprecated. This field has no effect. - string location_id = 4; -} - -// Request message for ActivateJobTrigger. -message ActivateJobTriggerRequest { - // Required. Resource name of the trigger to activate, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - } - ]; -} - -// Request message for UpdateJobTrigger. -message UpdateJobTriggerRequest { - // Required. Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - } - ]; - - // New JobTrigger value. - JobTrigger job_trigger = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetJobTrigger. -message GetJobTriggerRequest { - // Required. Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - } - ]; -} - -// Request message for CreateDlpJobRequest. Used to initiate long running -// jobs such as calculating risk metrics or inspecting Google Cloud -// Storage. -message CreateDlpJobRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpJob" - } - ]; - - // The configuration details for the specific type of job to run. - oneof job { - // Set to control what and how to inspect. - InspectJobConfig inspect_job = 2; - - // Set to choose what metric to calculate. - RiskAnalysisJobConfig risk_job = 3; - } - - // The job id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\d-_]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string job_id = 4; - - // Deprecated. This field has no effect. - string location_id = 5; -} - -// Request message for ListJobTriggers. -message ListJobTriggersRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/JobTrigger" - } - ]; - - // Page token to continue retrieval. Comes from previous call - // to ListJobTriggers. `order_by` field must not - // change for subsequent calls. - string page_token = 2; - - // Size of the page, can be limited by a server. - int32 page_size = 3; - - // Comma separated list of triggeredJob fields to order by, - // followed by `asc` or `desc` postfix. This list is case-insensitive, - // default sorting order is ascending, redundant space characters are - // insignificant. - // - // Example: `name asc,update_time, create_time desc` - // - // Supported fields are: - // - // - `create_time`: corresponds to time the JobTrigger was created. - // - `update_time`: corresponds to time the JobTrigger was last updated. - // - `last_run_time`: corresponds to the last time the JobTrigger ran. - // - `name`: corresponds to JobTrigger's name. - // - `display_name`: corresponds to JobTrigger's display name. - // - `status`: corresponds to JobTrigger's status. - string order_by = 4; - - // Allows filtering. - // - // Supported syntax: - // - // * Filter expressions are made up of one or more restrictions. - // * Restrictions can be combined by `AND` or `OR` logical operators. A - // sequence of restrictions implicitly uses `AND`. - // * A restriction has the form of `{field} {operator} {value}`. - // * Supported fields/values for inspect jobs: - // - `status` - HEALTHY|PAUSED|CANCELLED - // - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - // - 'last_run_time` - RFC 3339 formatted timestamp, surrounded by - // quotation marks. Nanoseconds are ignored. - // - 'error_count' - Number of errors that have occurred while running. - // * The operator must be `=` or `!=` for status and inspected_storage. - // - // Examples: - // - // * inspected_storage = cloud_storage AND status = HEALTHY - // * inspected_storage = cloud_storage OR inspected_storage = bigquery - // * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY) - // * last_run_time > \"2017-12-12T00:00:00+00:00\" - // - // The length of this field should be no more than 500 characters. - string filter = 5; - - // Deprecated. This field has no effect. - string location_id = 7; -} - -// Response message for ListJobTriggers. -message ListJobTriggersResponse { - // List of triggeredJobs, up to page_size in ListJobTriggersRequest. - repeated JobTrigger job_triggers = 1; - - // If the next page is available then the next page token to be used - // in following ListJobTriggers request. - string next_page_token = 2; -} - -// Request message for DeleteJobTrigger. -message DeleteJobTriggerRequest { - // Required. Resource name of the project and the triggeredJob, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - } - ]; -} - -// Controls what and how to inspect for findings. -message InspectJobConfig { - // The data to scan. - StorageConfig storage_config = 1; - - // How and what to scan for. - InspectConfig inspect_config = 2; - - // If provided, will be used as the default for all values in InspectConfig. - // `inspect_config` will be merged into the values persisted as part of the - // template. - string inspect_template_name = 3; - - // Actions to execute at the completion of the job. - repeated Action actions = 4; -} - -// Combines all of the information about a DLP job. -message DlpJob { - option (google.api.resource) = { - type: "dlp.googleapis.com/DlpJob" - pattern: "projects/{project}/dlpJobs/{dlp_job}" - pattern: "projects/{project}/locations/{location}/dlpJobs/{dlp_job}" - }; - - // Possible states of a job. New items may be added. - enum JobState { - // Unused. - JOB_STATE_UNSPECIFIED = 0; - - // The job has not yet started. - PENDING = 1; - - // The job is currently running. Once a job has finished it will transition - // to FAILED or DONE. - RUNNING = 2; - - // The job is no longer running. - DONE = 3; - - // The job was canceled before it could complete. - CANCELED = 4; - - // The job had an error and did not complete. - FAILED = 5; - - // The job is currently accepting findings via hybridInspect. - // A hybrid job in ACTIVE state may continue to have findings added to it - // through calling of hybridInspect. After the job has finished no more - // calls to hybridInspect may be made. ACTIVE jobs can transition to DONE. - ACTIVE = 6; - } - - // The server-assigned name. - string name = 1; - - // The type of job. - DlpJobType type = 2; - - // State of a job. - JobState state = 3; - - oneof details { - // Results from analyzing risk of a data source. - AnalyzeDataSourceRiskDetails risk_details = 4; - - // Results from inspecting a data source. - InspectDataSourceDetails inspect_details = 5; - } - - // Time when the job was created. - google.protobuf.Timestamp create_time = 6; - - // Time when the job started. - google.protobuf.Timestamp start_time = 7; - - // Time when the job finished. - google.protobuf.Timestamp end_time = 8; - - // If created by a job trigger, the resource name of the trigger that - // instantiated the job. - string job_trigger_name = 10; - - // A stream of errors encountered running the job. - repeated Error errors = 11; -} - -// The request message for [DlpJobs.GetDlpJob][]. -message GetDlpJobRequest { - // Required. The name of the DlpJob resource. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - } - ]; -} - -// The request message for listing DLP jobs. -message ListDlpJobsRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on whether you have [specified a - // processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 4 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DlpJob" - } - ]; - - // Allows filtering. - // - // Supported syntax: - // - // * Filter expressions are made up of one or more restrictions. - // * Restrictions can be combined by `AND` or `OR` logical operators. A - // sequence of restrictions implicitly uses `AND`. - // * A restriction has the form of `{field} {operator} {value}`. - // * Supported fields/values for inspect jobs: - // - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED - // - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - // - `trigger_name` - The resource name of the trigger that created job. - // - 'end_time` - Corresponds to time the job finished. - // - 'start_time` - Corresponds to time the job finished. - // * Supported fields for risk analysis jobs: - // - `state` - RUNNING|CANCELED|FINISHED|FAILED - // - 'end_time` - Corresponds to time the job finished. - // - 'start_time` - Corresponds to time the job finished. - // * The operator must be `=` or `!=`. - // - // Examples: - // - // * inspected_storage = cloud_storage AND state = done - // * inspected_storage = cloud_storage OR inspected_storage = bigquery - // * inspected_storage = cloud_storage AND (state = done OR state = canceled) - // * end_time > \"2017-12-12T00:00:00+00:00\" - // - // The length of this field should be no more than 500 characters. - string filter = 1; - - // The standard list page size. - int32 page_size = 2; - - // The standard list page token. - string page_token = 3; - - // The type of job. Defaults to `DlpJobType.INSPECT` - DlpJobType type = 5; - - // Comma separated list of fields to order by, - // followed by `asc` or `desc` postfix. This list is case-insensitive, - // default sorting order is ascending, redundant space characters are - // insignificant. - // - // Example: `name asc, end_time asc, create_time desc` - // - // Supported fields are: - // - // - `create_time`: corresponds to time the job was created. - // - `end_time`: corresponds to time the job ended. - // - `name`: corresponds to job's name. - // - `state`: corresponds to `state` - string order_by = 6; - - // Deprecated. This field has no effect. - string location_id = 7; -} - -// The response message for listing DLP jobs. -message ListDlpJobsResponse { - // A list of DlpJobs that matches the specified filter in the request. - repeated DlpJob jobs = 1; - - // The standard List next-page token. - string next_page_token = 2; -} - -// The request message for canceling a DLP job. -message CancelDlpJobRequest { - // Required. The name of the DlpJob resource to be cancelled. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - } - ]; -} - -// The request message for finishing a DLP hybrid job. -message FinishDlpJobRequest { - // Required. The name of the DlpJob resource to be cancelled. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - } - ]; -} - -// The request message for deleting a DLP job. -message DeleteDlpJobRequest { - // Required. The name of the DlpJob resource to be deleted. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - } - ]; -} - -// Request message for CreateDeidentifyTemplate. -message CreateDeidentifyTemplateRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DeidentifyTemplate" - } - ]; - - // Required. The DeidentifyTemplate to create. - DeidentifyTemplate deidentify_template = 2 [(google.api.field_behavior) = REQUIRED]; - - // The template id can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\d-_]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string template_id = 3; - - // Deprecated. This field has no effect. - string location_id = 4; -} - -// Request message for UpdateDeidentifyTemplate. -message UpdateDeidentifyTemplateRequest { - // Required. Resource name of organization and deidentify template to be updated, for - // example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DeidentifyTemplate" - } - ]; - - // New DeidentifyTemplate value. - DeidentifyTemplate deidentify_template = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetDeidentifyTemplate. -message GetDeidentifyTemplateRequest { - // Required. Resource name of the organization and deidentify template to be read, for - // example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DeidentifyTemplate" - } - ]; -} - -// Request message for ListDeidentifyTemplates. -message ListDeidentifyTemplatesRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/DeidentifyTemplate" - } - ]; - - // Page token to continue retrieval. Comes from previous call - // to `ListDeidentifyTemplates`. - string page_token = 2; - - // Size of the page, can be limited by server. If zero server returns - // a page of max size 100. - int32 page_size = 3; - - // Comma separated list of fields to order by, - // followed by `asc` or `desc` postfix. This list is case-insensitive, - // default sorting order is ascending, redundant space characters are - // insignificant. - // - // Example: `name asc,update_time, create_time desc` - // - // Supported fields are: - // - // - `create_time`: corresponds to time the template was created. - // - `update_time`: corresponds to time the template was last updated. - // - `name`: corresponds to template's name. - // - `display_name`: corresponds to template's display name. - string order_by = 4; - - // Deprecated. This field has no effect. - string location_id = 5; -} - -// Response message for ListDeidentifyTemplates. -message ListDeidentifyTemplatesResponse { - // List of deidentify templates, up to page_size in - // ListDeidentifyTemplatesRequest. - repeated DeidentifyTemplate deidentify_templates = 1; - - // If the next page is available then the next page token to be used - // in following ListDeidentifyTemplates request. - string next_page_token = 2; -} - -// Request message for DeleteDeidentifyTemplate. -message DeleteDeidentifyTemplateRequest { - // Required. Resource name of the organization and deidentify template to be deleted, - // for example `organizations/433245324/deidentifyTemplates/432452342` or - // projects/project-id/deidentifyTemplates/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DeidentifyTemplate" - } - ]; -} - -// Configuration for a custom dictionary created from a data source of any size -// up to the maximum size defined in the -// [limits](https://cloud.google.com/dlp/limits) page. The artifacts of -// dictionary creation are stored in the specified Google Cloud Storage -// location. Consider using `CustomInfoType.Dictionary` for smaller dictionaries -// that satisfy the size requirements. -message LargeCustomDictionaryConfig { - // Location to store dictionary artifacts in Google Cloud Storage. These files - // will only be accessible by project owners and the DLP API. If any of these - // artifacts are modified, the dictionary is considered invalid and can no - // longer be used. - CloudStoragePath output_path = 1; - - oneof source { - // Set of files containing newline-delimited lists of dictionary phrases. - CloudStorageFileSet cloud_storage_file_set = 2; - - // Field in a BigQuery table where each cell represents a dictionary phrase. - BigQueryField big_query_field = 3; - } -} - -// Summary statistics of a custom dictionary. -message LargeCustomDictionaryStats { - // Approximate number of distinct phrases in the dictionary. - int64 approx_num_phrases = 1; -} - -// Configuration for stored infoTypes. All fields and subfield are provided -// by the user. For more information, see -// https://cloud.google.com/dlp/docs/creating-custom-infotypes. -message StoredInfoTypeConfig { - // Display name of the StoredInfoType (max 256 characters). - string display_name = 1; - - // Description of the StoredInfoType (max 256 characters). - string description = 2; - - // Stored infotype types. - oneof type { - // StoredInfoType where findings are defined by a dictionary of phrases. - LargeCustomDictionaryConfig large_custom_dictionary = 3; - - // Store dictionary-based CustomInfoType. - CustomInfoType.Dictionary dictionary = 4; - - // Store regular expression-based StoredInfoType. - CustomInfoType.Regex regex = 5; - } -} - -// Statistics for a StoredInfoType. -message StoredInfoTypeStats { - // Stat types - oneof type { - // StoredInfoType where findings are defined by a dictionary of phrases. - LargeCustomDictionaryStats large_custom_dictionary = 1; - } -} - -// Version of a StoredInfoType, including the configuration used to build it, -// create timestamp, and current state. -message StoredInfoTypeVersion { - // StoredInfoType configuration. - StoredInfoTypeConfig config = 1; - - // Create timestamp of the version. Read-only, determined by the system - // when the version is created. - google.protobuf.Timestamp create_time = 2; - - // Stored info type version state. Read-only, updated by the system - // during dictionary creation. - StoredInfoTypeState state = 3; - - // Errors that occurred when creating this storedInfoType version, or - // anomalies detected in the storedInfoType data that render it unusable. Only - // the five most recent errors will be displayed, with the most recent error - // appearing first. - // - // For example, some of the data for stored custom dictionaries is put in - // the user's Google Cloud Storage bucket, and if this data is modified or - // deleted by the user or another system, the dictionary becomes invalid. - // - // If any errors occur, fix the problem indicated by the error message and - // use the UpdateStoredInfoType API method to create another version of the - // storedInfoType to continue using it, reusing the same `config` if it was - // not the source of the error. - repeated Error errors = 4; - - // Statistics about this storedInfoType version. - StoredInfoTypeStats stats = 5; -} - -// StoredInfoType resource message that contains information about the current -// version and any pending updates. -message StoredInfoType { - option (google.api.resource) = { - type: "dlp.googleapis.com/StoredInfoType" - pattern: "organizations/{organization}/storedInfoTypes/{stored_info_type}" - pattern: "projects/{project}/storedInfoTypes/{stored_info_type}" - pattern: "organizations/{organization}/locations/{location}/storedInfoTypes/{stored_info_type}" - pattern: "projects/{project}/locations/{location}/storedInfoTypes/{stored_info_type}" - }; - - // Resource name. - string name = 1; - - // Current version of the stored info type. - StoredInfoTypeVersion current_version = 2; - - // Pending versions of the stored info type. Empty if no versions are - // pending. - repeated StoredInfoTypeVersion pending_versions = 3; -} - -// Request message for CreateStoredInfoType. -message CreateStoredInfoTypeRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/StoredInfoType" - } - ]; - - // Required. Configuration of the storedInfoType to create. - StoredInfoTypeConfig config = 2 [(google.api.field_behavior) = REQUIRED]; - - // The storedInfoType ID can contain uppercase and lowercase letters, - // numbers, and hyphens; that is, it must match the regular - // expression: `[a-zA-Z\d-_]+`. The maximum length is 100 - // characters. Can be empty to allow the system to generate one. - string stored_info_type_id = 3; - - // Deprecated. This field has no effect. - string location_id = 4; -} - -// Request message for UpdateStoredInfoType. -message UpdateStoredInfoTypeRequest { - // Required. Resource name of organization and storedInfoType to be updated, for - // example `organizations/433245324/storedInfoTypes/432452342` or - // projects/project-id/storedInfoTypes/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/StoredInfoType" - } - ]; - - // Updated configuration for the storedInfoType. If not provided, a new - // version of the storedInfoType will be created with the existing - // configuration. - StoredInfoTypeConfig config = 2; - - // Mask to control which fields get updated. - google.protobuf.FieldMask update_mask = 3; -} - -// Request message for GetStoredInfoType. -message GetStoredInfoTypeRequest { - // Required. Resource name of the organization and storedInfoType to be read, for - // example `organizations/433245324/storedInfoTypes/432452342` or - // projects/project-id/storedInfoTypes/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/StoredInfoType" - } - ]; -} - -// Request message for ListStoredInfoTypes. -message ListStoredInfoTypesRequest { - // Required. Parent resource name. - // - // The format of this value varies depending on the scope of the request - // (project or organization) and whether you have [specified a processing - // location](https://cloud.google.com/dlp/docs/specifying-location): - // - // + Projects scope, location specified:
- // `projects/`PROJECT_ID`/locations/`LOCATION_ID - // + Projects scope, no location specified (defaults to global):
- // `projects/`PROJECT_ID - // + Organizations scope, location specified:
- // `organizations/`ORG_ID`/locations/`LOCATION_ID - // + Organizations scope, no location specified (defaults to global):
- // `organizations/`ORG_ID - // - // The following example `parent` string specifies a parent project with the - // identifier `example-project`, and specifies the `europe-west3` location - // for processing data: - // - // parent=projects/example-project/locations/europe-west3 - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "dlp.googleapis.com/StoredInfoType" - } - ]; - - // Page token to continue retrieval. Comes from previous call - // to `ListStoredInfoTypes`. - string page_token = 2; - - // Size of the page, can be limited by server. If zero server returns - // a page of max size 100. - int32 page_size = 3; - - // Comma separated list of fields to order by, - // followed by `asc` or `desc` postfix. This list is case-insensitive, - // default sorting order is ascending, redundant space characters are - // insignificant. - // - // Example: `name asc, display_name, create_time desc` - // - // Supported fields are: - // - // - `create_time`: corresponds to time the most recent version of the - // resource was created. - // - `state`: corresponds to the state of the resource. - // - `name`: corresponds to resource name. - // - `display_name`: corresponds to info type's display name. - string order_by = 4; - - // Deprecated. This field has no effect. - string location_id = 5; -} - -// Response message for ListStoredInfoTypes. -message ListStoredInfoTypesResponse { - // List of storedInfoTypes, up to page_size in ListStoredInfoTypesRequest. - repeated StoredInfoType stored_info_types = 1; - - // If the next page is available then the next page token to be used - // in following ListStoredInfoTypes request. - string next_page_token = 2; -} - -// Request message for DeleteStoredInfoType. -message DeleteStoredInfoTypeRequest { - // Required. Resource name of the organization and storedInfoType to be deleted, for - // example `organizations/433245324/storedInfoTypes/432452342` or - // projects/project-id/storedInfoTypes/432452342. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/StoredInfoType" - } - ]; -} - -// Request to search for potentially sensitive info in a custom location. -message HybridInspectJobTriggerRequest { - // Required. Resource name of the trigger to execute a hybrid inspect on, for example - // `projects/dlp-test-project/jobTriggers/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/JobTrigger" - } - ]; - - // The item to inspect. - HybridContentItem hybrid_item = 3; -} - -// Request to search for potentially sensitive info in a custom location. -message HybridInspectDlpJobRequest { - // Required. Resource name of the job to execute a hybrid inspect on, for example - // `projects/dlp-test-project/dlpJob/53234423`. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "dlp.googleapis.com/DlpJob" - } - ]; - - // The item to inspect. - HybridContentItem hybrid_item = 3; -} - -// An individual hybrid item to inspect. Will be stored temporarily during -// processing. -message HybridContentItem { - // The item to inspect. - ContentItem item = 1; - - // Supplementary information that will be added to each finding. - HybridFindingDetails finding_details = 2; -} - -// Populate to associate additional data with each finding. -message HybridFindingDetails { - // Details about the container where the content being inspected is from. - Container container_details = 1; - - // Offset in bytes of the line, from the beginning of the file, where the - // finding is located. Populate if the item being scanned is only part of a - // bigger item, such as a shard of a file and you want to track the absolute - // position of the finding. - int64 file_offset = 2; - - // Offset of the row for tables. Populate if the row(s) being scanned are - // part of a bigger dataset and you want to keep track of their absolute - // position. - int64 row_offset = 3; - - // If the container is a table, additional information to make findings - // meaningful such as the columns that are primary keys. If not known ahead - // of time, can also be set within each inspect hybrid call and the two - // will be merged. Note that identifying_fields will only be stored to - // BigQuery, and only if the BigQuery action has been included. - TableOptions table_options = 4; - - // Labels to represent user provided metadata about the data being inspected. - // If configured by the job, some key values may be required. - // The labels associated with `Finding`'s produced by hybrid - // inspection. - // - // Label keys must be between 1 and 63 characters long and must conform - // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. - // - // Label values must be between 0 and 63 characters long and must conform - // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - // - // No more than 10 labels can be associated with a given finding. - // - // Examples: - // * `"environment" : "production"` - // * `"pipeline" : "etl"` - map labels = 5; -} - -// Quota exceeded errors will be thrown once quota has been met. -message HybridInspectResponse { - -} - -// Operators available for comparing the value of fields. -enum RelationalOperator { - // Unused - RELATIONAL_OPERATOR_UNSPECIFIED = 0; - - // Equal. Attempts to match even with incompatible types. - EQUAL_TO = 1; - - // Not equal to. Attempts to match even with incompatible types. - NOT_EQUAL_TO = 2; - - // Greater than. - GREATER_THAN = 3; - - // Less than. - LESS_THAN = 4; - - // Greater than or equals. - GREATER_THAN_OR_EQUALS = 5; - - // Less than or equals. - LESS_THAN_OR_EQUALS = 6; - - // Exists - EXISTS = 7; -} - -// Type of the match which can be applied to different ways of matching, like -// Dictionary, regular expression and intersecting with findings of another -// info type. -enum MatchingType { - // Invalid. - MATCHING_TYPE_UNSPECIFIED = 0; - - // Full match. - // - // - Dictionary: join of Dictionary results matched complete finding quote - // - Regex: all regex matches fill a finding quote start to end - // - Exclude info type: completely inside affecting info types findings - MATCHING_TYPE_FULL_MATCH = 1; - - // Partial match. - // - // - Dictionary: at least one of the tokens in the finding matches - // - Regex: substring of the finding matches - // - Exclude info type: intersects with affecting info types findings - MATCHING_TYPE_PARTIAL_MATCH = 2; - - // Inverse match. - // - // - Dictionary: no tokens in the finding match the dictionary - // - Regex: finding doesn't match the regex - // - Exclude info type: no intersection with affecting info types findings - MATCHING_TYPE_INVERSE_MATCH = 3; -} - -// Options describing which parts of the provided content should be scanned. -enum ContentOption { - // Includes entire content of a file or a data stream. - CONTENT_UNSPECIFIED = 0; - - // Text content within the data, excluding any metadata. - CONTENT_TEXT = 1; - - // Images found in the data. - CONTENT_IMAGE = 2; -} - -// Type of metadata containing the finding. -enum MetadataType { - // Unused - METADATATYPE_UNSPECIFIED = 0; - - // General file metadata provided by Cloud Storage. - STORAGE_METADATA = 2; -} - -// Parts of the APIs which use certain infoTypes. -enum InfoTypeSupportedBy { - // Unused. - ENUM_TYPE_UNSPECIFIED = 0; - - // Supported by the inspect operations. - INSPECT = 1; - - // Supported by the risk analysis operations. - RISK_ANALYSIS = 2; -} - -// An enum to represent the various types of DLP jobs. -enum DlpJobType { - // Unused - DLP_JOB_TYPE_UNSPECIFIED = 0; - - // The job inspected Google Cloud for sensitive data. - INSPECT_JOB = 1; - - // The job executed a Risk Analysis computation. - RISK_ANALYSIS_JOB = 2; -} - -// State of a StoredInfoType version. -enum StoredInfoTypeState { - // Unused - STORED_INFO_TYPE_STATE_UNSPECIFIED = 0; - - // StoredInfoType version is being created. - PENDING = 1; - - // StoredInfoType version is ready for use. - READY = 2; - - // StoredInfoType creation failed. All relevant error messages are returned in - // the `StoredInfoTypeVersion` message. - FAILED = 3; - - // StoredInfoType is no longer valid because artifacts stored in - // user-controlled storage were modified. To fix an invalid StoredInfoType, - // use the `UpdateStoredInfoType` method to create a new version. - INVALID = 4; -} diff --git a/google/cloud/dlp_v2/proto/storage.proto b/google/cloud/dlp_v2/proto/storage.proto deleted file mode 100644 index 6ded28b1..00000000 --- a/google/cloud/dlp_v2/proto/storage.proto +++ /dev/null @@ -1,740 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.privacy.dlp.v2; - -import "google/api/resource.proto"; -import "google/protobuf/timestamp.proto"; -import "google/api/annotations.proto"; - -option csharp_namespace = "Google.Cloud.Dlp.V2"; -option go_package = "google.golang.org/genproto/googleapis/privacy/dlp/v2;dlp"; -option java_multiple_files = true; -option java_outer_classname = "DlpStorage"; -option java_package = "com.google.privacy.dlp.v2"; -option php_namespace = "Google\\Cloud\\Dlp\\V2"; -option ruby_package = "Google::Cloud::Dlp::V2"; - -// Type of information detected by the API. -message InfoType { - // Name of the information type. Either a name of your choosing when - // creating a CustomInfoType, or one of the names listed - // at https://cloud.google.com/dlp/docs/infotypes-reference when specifying - // a built-in type. When sending Cloud DLP results to Data Catalog, infoType - // names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - string name = 1; -} - -// A reference to a StoredInfoType to use with scanning. -message StoredType { - // Resource name of the requested `StoredInfoType`, for example - // `organizations/433245324/storedInfoTypes/432452342` or - // `projects/project-id/storedInfoTypes/432452342`. - string name = 1; - - // Timestamp indicating when the version of the `StoredInfoType` used for - // inspection was created. Output-only field, populated by the system. - google.protobuf.Timestamp create_time = 2; -} - -// Categorization of results based on how likely they are to represent a match, -// based on the number of elements they contain which imply a match. -enum Likelihood { - // Default value; same as POSSIBLE. - LIKELIHOOD_UNSPECIFIED = 0; - - // Few matching elements. - VERY_UNLIKELY = 1; - - UNLIKELY = 2; - - // Some matching elements. - POSSIBLE = 3; - - LIKELY = 4; - - // Many matching elements. - VERY_LIKELY = 5; -} - -// Custom information type provided by the user. Used to find domain-specific -// sensitive information configurable to the data in question. -message CustomInfoType { - // Custom information type based on a dictionary of words or phrases. This can - // be used to match sensitive information specific to the data, such as a list - // of employee IDs or job titles. - // - // Dictionary words are case-insensitive and all characters other than letters - // and digits in the unicode [Basic Multilingual - // Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) - // will be replaced with whitespace when scanning for matches, so the - // dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", - // "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters - // surrounding any match must be of a different type than the adjacent - // characters within the word, so letters must be next to non-letters and - // digits next to non-digits. For example, the dictionary word "jen" will - // match the first three letters of the text "jen123" but will return no - // matches for "jennifer". - // - // Dictionary words containing a large number of characters that are not - // letters or digits may result in unexpected findings because such characters - // are treated as whitespace. The - // [limits](https://cloud.google.com/dlp/limits) page contains details about - // the size limits of dictionaries. For dictionaries that do not fit within - // these constraints, consider using `LargeCustomDictionaryConfig` in the - // `StoredInfoType` API. - message Dictionary { - // Message defining a list of words or phrases to search for in the data. - message WordList { - // Words or phrases defining the dictionary. The dictionary must contain - // at least one phrase and every phrase must contain at least 2 characters - // that are letters or digits. [required] - repeated string words = 1; - } - - oneof source { - // List of words or phrases to search for. - WordList word_list = 1; - - // Newline-delimited file of words in Cloud Storage. Only a single file - // is accepted. - CloudStoragePath cloud_storage_path = 3; - } - } - - // Message defining a custom regular expression. - message Regex { - // Pattern defining the regular expression. Its syntax - // (https://github.com/google/re2/wiki/Syntax) can be found under the - // google/re2 repository on GitHub. - string pattern = 1; - - // The index of the submatch to extract as findings. When not - // specified, the entire match is returned. No more than 3 may be included. - repeated int32 group_indexes = 2; - } - - // Message for detecting output from deidentification transformations - // such as - // [`CryptoReplaceFfxFpeConfig`](https://cloud.google.com/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig). - // These types of transformations are - // those that perform pseudonymization, thereby producing a "surrogate" as - // output. This should be used in conjunction with a field on the - // transformation such as `surrogate_info_type`. This CustomInfoType does - // not support the use of `detection_rules`. - message SurrogateType { - - } - - // Deprecated; use `InspectionRuleSet` instead. Rule for modifying a - // `CustomInfoType` to alter behavior under certain circumstances, depending - // on the specific details of the rule. Not supported for the `surrogate_type` - // custom infoType. - message DetectionRule { - // Message for specifying a window around a finding to apply a detection - // rule. - message Proximity { - // Number of characters before the finding to consider. - int32 window_before = 1; - - // Number of characters after the finding to consider. - int32 window_after = 2; - } - - // Message for specifying an adjustment to the likelihood of a finding as - // part of a detection rule. - message LikelihoodAdjustment { - oneof adjustment { - // Set the likelihood of a finding to a fixed value. - Likelihood fixed_likelihood = 1; - - // Increase or decrease the likelihood by the specified number of - // levels. For example, if a finding would be `POSSIBLE` without the - // detection rule and `relative_likelihood` is 1, then it is upgraded to - // `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. - // Likelihood may never drop below `VERY_UNLIKELY` or exceed - // `VERY_LIKELY`, so applying an adjustment of 1 followed by an - // adjustment of -1 when base likelihood is `VERY_LIKELY` will result in - // a final likelihood of `LIKELY`. - int32 relative_likelihood = 2; - } - } - - // The rule that adjusts the likelihood of findings within a certain - // proximity of hotwords. - message HotwordRule { - // Regular expression pattern defining what qualifies as a hotword. - Regex hotword_regex = 1; - - // Proximity of the finding within which the entire hotword must reside. - // The total length of the window cannot exceed 1000 characters. Note that - // the finding itself will be included in the window, so that hotwords may - // be used to match substrings of the finding itself. For example, the - // certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be - // adjusted upwards if the area code is known to be the local area code of - // a company office using the hotword regex "\(xxx\)", where "xxx" - // is the area code in question. - Proximity proximity = 2; - - // Likelihood adjustment to apply to all matching findings. - LikelihoodAdjustment likelihood_adjustment = 3; - } - - oneof type { - // Hotword-based detection rule. - HotwordRule hotword_rule = 1; - } - } - - enum ExclusionType { - // A finding of this custom info type will not be excluded from results. - EXCLUSION_TYPE_UNSPECIFIED = 0; - - // A finding of this custom info type will be excluded from final results, - // but can still affect rule execution. - EXCLUSION_TYPE_EXCLUDE = 1; - } - - // CustomInfoType can either be a new infoType, or an extension of built-in - // infoType, when the name matches one of existing infoTypes and that infoType - // is specified in `InspectContent.info_types` field. Specifying the latter - // adds findings to the one detected by the system. If built-in info type is - // not specified in `InspectContent.info_types` list then the name is treated - // as a custom info type. - InfoType info_type = 1; - - // Likelihood to return for this CustomInfoType. This base value can be - // altered by a detection rule if the finding meets the criteria specified by - // the rule. Defaults to `VERY_LIKELY` if not specified. - Likelihood likelihood = 6; - - oneof type { - // A list of phrases to detect as a CustomInfoType. - Dictionary dictionary = 2; - - // Regular expression based CustomInfoType. - Regex regex = 3; - - // Message for detecting output from deidentification transformations that - // support reversing. - SurrogateType surrogate_type = 4; - - // Load an existing `StoredInfoType` resource for use in - // `InspectDataSource`. Not currently supported in `InspectContent`. - StoredType stored_type = 5; - } - - // Set of detection rules to apply to all findings of this CustomInfoType. - // Rules are applied in order that they are specified. Not supported for the - // `surrogate_type` CustomInfoType. - repeated DetectionRule detection_rules = 7; - - // If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding - // to be returned. It still can be used for rules matching. - ExclusionType exclusion_type = 8; -} - -// General identifier of a data field in a storage service. -message FieldId { - // Name describing the field. - string name = 1; -} - -// Datastore partition ID. -// A partition ID identifies a grouping of entities. The grouping is always -// by project and namespace, however the namespace ID may be empty. -// -// A partition ID contains several dimensions: -// project ID and namespace ID. -message PartitionId { - // The ID of the project to which the entities belong. - string project_id = 2; - - // If not empty, the ID of the namespace to which the entities belong. - string namespace_id = 4; -} - -// A representation of a Datastore kind. -message KindExpression { - // The name of the kind. - string name = 1; -} - -// Options defining a data set within Google Cloud Datastore. -message DatastoreOptions { - // A partition ID identifies a grouping of entities. The grouping is always - // by project and namespace, however the namespace ID may be empty. - PartitionId partition_id = 1; - - // The kind to process. - KindExpression kind = 2; -} - -// Message representing a set of files in a Cloud Storage bucket. Regular -// expressions are used to allow fine-grained control over which files in the -// bucket to include. -// -// Included files are those that match at least one item in `include_regex` and -// do not match any items in `exclude_regex`. Note that a file that matches -// items from both lists will _not_ be included. For a match to occur, the -// entire file path (i.e., everything in the url after the bucket name) must -// match the regular expression. -// -// For example, given the input `{bucket_name: "mybucket", include_regex: -// ["directory1/.*"], exclude_regex: -// ["directory1/excluded.*"]}`: -// -// * `gs://mybucket/directory1/myfile` will be included -// * `gs://mybucket/directory1/directory2/myfile` will be included (`.*` matches -// across `/`) -// * `gs://mybucket/directory0/directory1/myfile` will _not_ be included (the -// full path doesn't match any items in `include_regex`) -// * `gs://mybucket/directory1/excludedfile` will _not_ be included (the path -// matches an item in `exclude_regex`) -// -// If `include_regex` is left empty, it will match all files by default -// (this is equivalent to setting `include_regex: [".*"]`). -// -// Some other common use cases: -// -// * `{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]}` will include all -// files in `mybucket` except for .pdf files -// * `{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]}` will -// include all files directly under `gs://mybucket/directory/`, without matching -// across `/` -message CloudStorageRegexFileSet { - // The name of a Cloud Storage bucket. Required. - string bucket_name = 1; - - // A list of regular expressions matching file paths to include. All files in - // the bucket that match at least one of these regular expressions will be - // included in the set of files, except for those that also match an item in - // `exclude_regex`. Leaving this field empty will match all files by default - // (this is equivalent to including `.*` in the list). - // - // Regular expressions use RE2 - // [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found - // under the google/re2 repository on GitHub. - repeated string include_regex = 2; - - // A list of regular expressions matching file paths to exclude. All files in - // the bucket that match at least one of these regular expressions will be - // excluded from the scan. - // - // Regular expressions use RE2 - // [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found - // under the google/re2 repository on GitHub. - repeated string exclude_regex = 3; -} - -// Options defining a file or a set of files within a Google Cloud Storage -// bucket. -message CloudStorageOptions { - // Set of files to scan. - message FileSet { - // The Cloud Storage url of the file(s) to scan, in the format - // `gs:///`. Trailing wildcard in the path is allowed. - // - // If the url ends in a trailing slash, the bucket or directory represented - // by the url will be scanned non-recursively (content in sub-directories - // will not be scanned). This means that `gs://mybucket/` is equivalent to - // `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to - // `gs://mybucket/directory/*`. - // - // Exactly one of `url` or `regex_file_set` must be set. - string url = 1; - - // The regex-filtered set of files to scan. Exactly one of `url` or - // `regex_file_set` must be set. - CloudStorageRegexFileSet regex_file_set = 2; - } - - // How to sample bytes if not all bytes are scanned. Meaningful only when used - // in conjunction with bytes_limit_per_file. If not specified, scanning would - // start from the top. - enum SampleMethod { - SAMPLE_METHOD_UNSPECIFIED = 0; - - // Scan from the top (default). - TOP = 1; - - // For each file larger than bytes_limit_per_file, randomly pick the offset - // to start scanning. The scanned bytes are contiguous. - RANDOM_START = 2; - } - - // The set of one or more files to scan. - FileSet file_set = 1; - - // Max number of bytes to scan from a file. If a scanned file's size is bigger - // than this value then the rest of the bytes are omitted. Only one - // of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. - int64 bytes_limit_per_file = 4; - - // Max percentage of bytes to scan from a file. The rest are omitted. The - // number of bytes scanned is rounded down. Must be between 0 and 100, - // inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one - // of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. - int32 bytes_limit_per_file_percent = 8; - - // List of file type groups to include in the scan. - // If empty, all files are scanned and available data format processors - // are applied. In addition, the binary content of the selected files - // is always scanned as well. - // Images are scanned only as binary if the specified region - // does not support image inspection and no file_types were specified. - // Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. - repeated FileType file_types = 5; - - SampleMethod sample_method = 6; - - // Limits the number of files to scan to this percentage of the input FileSet. - // Number of files scanned is rounded down. Must be between 0 and 100, - // inclusively. Both 0 and 100 means no limit. Defaults to 0. - int32 files_limit_percent = 7; -} - -// Message representing a set of files in Cloud Storage. -message CloudStorageFileSet { - // The url, in the format `gs:///`. Trailing wildcard in the - // path is allowed. - string url = 1; -} - -// Message representing a single file or path in Cloud Storage. -message CloudStoragePath { - // A url representing a file or path (no wildcards) in Cloud Storage. - // Example: gs://[BUCKET_NAME]/dictionary.txt - string path = 1; -} - -// Options defining BigQuery table and row identifiers. -message BigQueryOptions { - // How to sample rows if not all rows are scanned. Meaningful only when used - // in conjunction with either rows_limit or rows_limit_percent. If not - // specified, rows are scanned in the order BigQuery reads them. - enum SampleMethod { - SAMPLE_METHOD_UNSPECIFIED = 0; - - // Scan groups of rows in the order BigQuery provides (default). Multiple - // groups of rows may be scanned in parallel, so results may not appear in - // the same order the rows are read. - TOP = 1; - - // Randomly pick groups of rows to scan. - RANDOM_START = 2; - } - - // Complete BigQuery table reference. - BigQueryTable table_reference = 1; - - // Table fields that may uniquely identify a row within the table. When - // `actions.saveFindings.outputConfig.table` is specified, the values of - // columns specified here are available in the output table under - // `location.content_locations.record_location.record_key.id_values`. Nested - // fields such as `person.birthdate.year` are allowed. - repeated FieldId identifying_fields = 2; - - // Max number of rows to scan. If the table has more rows than this value, the - // rest of the rows are omitted. If not set, or if set to 0, all rows will be - // scanned. Only one of rows_limit and rows_limit_percent can be specified. - // Cannot be used in conjunction with TimespanConfig. - int64 rows_limit = 3; - - // Max percentage of rows to scan. The rest are omitted. The number of rows - // scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and - // 100 means no limit. Defaults to 0. Only one of rows_limit and - // rows_limit_percent can be specified. Cannot be used in conjunction with - // TimespanConfig. - int32 rows_limit_percent = 6; - - SampleMethod sample_method = 4; - - // References to fields excluded from scanning. This allows you to skip - // inspection of entire columns which you know have no findings. - repeated FieldId excluded_fields = 5; -} - -// Shared message indicating Cloud storage type. -message StorageConfig { - // Configuration of the timespan of the items to include in scanning. - // Currently only supported when inspecting Google Cloud Storage and BigQuery. - message TimespanConfig { - // Exclude files, tables, or rows older than this value. - // If not set, no lower time limit is applied. - google.protobuf.Timestamp start_time = 1; - - // Exclude files, tables, or rows newer than this value. - // If not set, no upper time limit is applied. - google.protobuf.Timestamp end_time = 2; - - // Specification of the field containing the timestamp of scanned items. - // Used for data sources like Datastore and BigQuery. - // - // For BigQuery: - // If this value is not specified and the table was modified between the - // given start and end times, the entire table will be scanned. If this - // value is specified, then rows are filtered based on the given start and - // end times. Rows with a `NULL` value in the provided BigQuery column are - // skipped. - // Valid data types of the provided BigQuery column are: `INTEGER`, `DATE`, - // `TIMESTAMP`, and `DATETIME`. - // - // For Datastore: - // If this value is specified, then entities are filtered based on the given - // start and end times. If an entity does not contain the provided timestamp - // property or contains empty or invalid values, then it is included. - // Valid data types of the provided timestamp property are: `TIMESTAMP`. - FieldId timestamp_field = 3; - - // When the job is started by a JobTrigger we will automatically figure out - // a valid start_time to avoid scanning files that have not been modified - // since the last time the JobTrigger executed. This will be based on the - // time of the execution of the last run of the JobTrigger. - bool enable_auto_population_of_timespan_config = 4; - } - - oneof type { - // Google Cloud Datastore options. - DatastoreOptions datastore_options = 2; - - // Google Cloud Storage options. - CloudStorageOptions cloud_storage_options = 3; - - // BigQuery options. - BigQueryOptions big_query_options = 4; - - // Hybrid inspection options. - // Early access feature is in a pre-release state and might change or have - // limited support. For more information, see - // https://cloud.google.com/products#product-launch-stages. - HybridOptions hybrid_options = 9; - } - - TimespanConfig timespan_config = 6; -} - -// Definitions of file type groups to scan. New types will be added to this -// list. -enum FileType { - // Includes all files. - FILE_TYPE_UNSPECIFIED = 0; - - // Includes all file extensions not covered by another entry. Binary - // scanning attempts to convert the content of the file to utf_8 to scan - // the file. - // If you wish to avoid this fall back, specify one or more of the other - // FileType's in your storage scan. - BINARY_FILE = 1; - - // Included file extensions: - // asc, brf, c, cc, cpp, csv, cxx, c++, cs, css, dart, eml, go, h, hh, hpp, - // hxx, h++, hs, html, htm, shtml, shtm, xhtml, lhs, ini, java, js, json, - // ocaml, md, mkd, markdown, m, ml, mli, pl, pm, php, phtml, pht, py, pyw, - // rb, rbw, rs, rc, scala, sh, sql, tex, txt, text, tsv, vcard, vcs, wml, - // xml, xsl, xsd, yml, yaml. - TEXT_FILE = 2; - - // Included file extensions: - // bmp, gif, jpg, jpeg, jpe, png. - // bytes_limit_per_file has no effect on image files. - // Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. - IMAGE = 3; - - // Word files >30 MB will be scanned as binary files. - // Included file extensions: - // docx, dotx, docm, dotm - WORD = 5; - - // PDF files >30 MB will be scanned as binary files. - // Included file extensions: - // pdf - PDF = 6; - - // Included file extensions: - // avro - AVRO = 7; - - // Included file extensions: - // csv - CSV = 8; - - // Included file extensions: - // tsv - TSV = 9; -} - -// Configuration to control jobs where the content being inspected is outside -// of Google Cloud Platform. -message HybridOptions { - // A short description of where the data is coming from. Will be stored once - // in the job. 256 max length. - string description = 1; - - // These are labels that each inspection request must include within their - // 'finding_labels' map. Request may contain others, but any missing one of - // these will be rejected. - // - // Label keys must be between 1 and 63 characters long and must conform - // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. - // - // No more than 10 keys can be required. - repeated string required_finding_label_keys = 2; - - // To organize findings, these labels will be added to each finding. - // - // Label keys must be between 1 and 63 characters long and must conform - // to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. - // - // Label values must be between 0 and 63 characters long and must conform - // to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - // - // No more than 10 labels can be associated with a given finding. - // - // Examples: - // * `"environment" : "production"` - // * `"pipeline" : "etl"` - map labels = 3; - - // If the container is a table, additional information to make findings - // meaningful such as the columns that are primary keys. - TableOptions table_options = 4; -} - -// Row key for identifying a record in BigQuery table. -message BigQueryKey { - // Complete BigQuery table reference. - BigQueryTable table_reference = 1; - - // Row number inferred at the time the table was scanned. This value is - // nondeterministic, cannot be queried, and may be null for inspection - // jobs. To locate findings within a table, specify - // `inspect_job.storage_config.big_query_options.identifying_fields` in - // `CreateDlpJobRequest`. - int64 row_number = 2; -} - -// Record key for a finding in Cloud Datastore. -message DatastoreKey { - // Datastore entity key. - Key entity_key = 1; -} - -// A unique identifier for a Datastore entity. -// If a key's partition ID or any of its path kinds or names are -// reserved/read-only, the key is reserved/read-only. -// A reserved/read-only key is forbidden in certain documented contexts. -message Key { - // A (kind, ID/name) pair used to construct a key path. - // - // If either name or ID is set, the element is complete. - // If neither is set, the element is incomplete. - message PathElement { - // The kind of the entity. - // A kind matching regex `__.*__` is reserved/read-only. - // A kind must not contain more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string kind = 1; - - // The type of ID. - oneof id_type { - // The auto-allocated ID of the entity. - // Never equal to zero. Values less than zero are discouraged and may not - // be supported in the future. - int64 id = 2; - - // The name of the entity. - // A name matching regex `__.*__` is reserved/read-only. - // A name must not be more than 1500 bytes when UTF-8 encoded. - // Cannot be `""`. - string name = 3; - } - } - - // Entities are partitioned into subsets, currently identified by a project - // ID and namespace ID. - // Queries are scoped to a single partition. - PartitionId partition_id = 1; - - // The entity path. - // An entity path consists of one or more elements composed of a kind and a - // string or numerical identifier, which identify entities. The first - // element identifies a _root entity_, the second element identifies - // a _child_ of the root entity, the third element identifies a child of the - // second entity, and so forth. The entities identified by all prefixes of - // the path are called the element's _ancestors_. - // - // A path can never be empty, and a path can have at most 100 elements. - repeated PathElement path = 2; -} - -// Message for a unique key indicating a record that contains a finding. -message RecordKey { - oneof type { - DatastoreKey datastore_key = 2; - - BigQueryKey big_query_key = 3; - } - - // Values of identifying columns in the given row. Order of values matches - // the order of `identifying_fields` specified in the scanning request. - repeated string id_values = 5; -} - -// Message defining the location of a BigQuery table. A table is uniquely -// identified by its project_id, dataset_id, and table_name. Within a query -// a table is often referenced with a string in the format of: -// `:.` or -// `..`. -message BigQueryTable { - // The Google Cloud Platform project ID of the project containing the table. - // If omitted, project ID is inferred from the API call. - string project_id = 1; - - // Dataset ID of the table. - string dataset_id = 2; - - // Name of the table. - string table_id = 3; -} - -// Message defining a field of a BigQuery table. -message BigQueryField { - // Source table of the field. - BigQueryTable table = 1; - - // Designated field in the BigQuery table. - FieldId field = 2; -} - -// An entity in a dataset is a field or set of fields that correspond to a -// single person. For example, in medical records the `EntityId` might be a -// patient identifier, or for financial records it might be an account -// identifier. This message is used when generalizations or analysis must take -// into account that multiple rows correspond to the same entity. -message EntityId { - // Composite key indicating which field contains the entity identifier. - FieldId field = 1; -} - -// Instructions regarding the table content being inspected. -message TableOptions { - // The columns that are the primary keys for table objects included in - // ContentItem. A copy of this cell's value will stored alongside alongside - // each finding so that the finding can be traced to the specific row it came - // from. No more than 3 may be provided. - repeated FieldId identifying_fields = 1; -} From 5f28ab7688651c11ff9c94568f8dc8659389495c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 2 Jun 2021 17:44:03 +0200 Subject: [PATCH 2/6] chore(deps): update dependency google-cloud-bigquery to v2.18.0 (#160) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-bigquery](https://togithub.com/googleapis/python-bigquery) | `==2.17.0` -> `==2.18.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-bigquery/2.18.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-bigquery/2.18.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-bigquery/2.18.0/compatibility-slim/2.17.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-bigquery/2.18.0/confidence-slim/2.17.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-bigquery ### [`v2.18.0`](https://togithub.com/googleapis/python-bigquery/blob/master/CHANGELOG.md#​2180-httpswwwgithubcomgoogleapispython-bigquerycomparev2170v2180-2021-06-02) [Compare Source](https://togithub.com/googleapis/python-bigquery/compare/v2.17.0...v2.18.0) ##### Features - add support for Parquet options ([#​679](https://www.github.com/googleapis/python-bigquery/issues/679)) ([d792ce0](https://www.github.com/googleapis/python-bigquery/commit/d792ce09388a6ee3706777915dd2818d4c854f79))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻️ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-dlp). --- samples/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt index 5d0a1d4e..f877ef2b 100644 --- a/samples/snippets/requirements.txt +++ b/samples/snippets/requirements.txt @@ -2,4 +2,4 @@ google-cloud-dlp==3.0.1 google-cloud-storage==1.38.0 google-cloud-pubsub==2.5.0 google-cloud-datastore==2.1.3 -google-cloud-bigquery==2.17.0 +google-cloud-bigquery==2.18.0 From 7759d2bc546bfee18627f7b9801f83cb0928ac40 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 2 Jun 2021 17:46:03 +0200 Subject: [PATCH 3/6] chore(deps): update dependency google-cloud-dlp to v3.1.0 (#159) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-dlp](https://togithub.com/googleapis/python-dlp) | `==3.0.1` -> `==3.1.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-dlp/3.1.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-dlp/3.1.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-dlp/3.1.0/compatibility-slim/3.0.1)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-dlp/3.1.0/confidence-slim/3.0.1)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-dlp ### [`v3.1.0`](https://togithub.com/googleapis/python-dlp/blob/master/CHANGELOG.md#​310-httpswwwgithubcomgoogleapispython-dlpcomparev301v310-2021-05-28) [Compare Source](https://togithub.com/googleapis/python-dlp/compare/v3.0.1...v3.1.0) ##### Features - crypto_deterministic_config ([#​108](https://www.github.com/googleapis/python-dlp/issues/108)) ([#​119](https://www.github.com/googleapis/python-dlp/issues/119)) ([396804d](https://www.github.com/googleapis/python-dlp/commit/396804d65e40c1ae9ced16aa0f04ef4bdffa54c5)) - support self-signed JWT flow for service accounts ([cdea974](https://www.github.com/googleapis/python-dlp/commit/cdea9744d0bc7244a42894acc1446080a16b2dab)) ##### Bug Fixes - add async client ([cdea974](https://www.github.com/googleapis/python-dlp/commit/cdea9744d0bc7244a42894acc1446080a16b2dab)) - require google-api-core>=1.22.2 ([d146cf5](https://www.github.com/googleapis/python-dlp/commit/d146cf59db14b3c3afbef72d7a86419532ad347e)) - use correct retry deadlines ([#​96](https://www.github.com/googleapis/python-dlp/issues/96)) ([d146cf5](https://www.github.com/googleapis/python-dlp/commit/d146cf59db14b3c3afbef72d7a86419532ad347e)) ##### [3.0.1](https://www.github.com/googleapis/python-dlp/compare/v3.0.0...v3.0.1) (2021-01-28) ##### Bug Fixes - remove gRPC send/recv limits; add enums to `types/__init__.py` ([#​89](https://www.github.com/googleapis/python-dlp/issues/89)) ([76e0439](https://www.github.com/googleapis/python-dlp/commit/76e0439b3acfdacf9303595107c03c1d49eac8b6))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻️ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-dlp). --- samples/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt index f877ef2b..d732a212 100644 --- a/samples/snippets/requirements.txt +++ b/samples/snippets/requirements.txt @@ -1,4 +1,4 @@ -google-cloud-dlp==3.0.1 +google-cloud-dlp==3.1.0 google-cloud-storage==1.38.0 google-cloud-pubsub==2.5.0 google-cloud-datastore==2.1.3 From 0b00bbffc7610a436f2c608f272b8cc0e0aadd92 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 7 Jun 2021 16:58:05 +0200 Subject: [PATCH 4/6] chore(deps): update dependency google-cloud-bigquery to v2.20.0 (#161) --- samples/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt index d732a212..0a71bde1 100644 --- a/samples/snippets/requirements.txt +++ b/samples/snippets/requirements.txt @@ -2,4 +2,4 @@ google-cloud-dlp==3.1.0 google-cloud-storage==1.38.0 google-cloud-pubsub==2.5.0 google-cloud-datastore==2.1.3 -google-cloud-bigquery==2.18.0 +google-cloud-bigquery==2.20.0 From e857e1522d9fd59c1b4c5d9936c7371ddf8018b1 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Wed, 16 Jun 2021 11:08:05 -0400 Subject: [PATCH 5/6] fix(deps): add packaging requirement (#162) --- setup.py | 1 + testing/constraints-3.6.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/setup.py b/setup.py index f3ad80b8..a4ee54a8 100644 --- a/setup.py +++ b/setup.py @@ -26,6 +26,7 @@ dependencies = [ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev", "proto-plus >= 0.4.0", + "packaging >= 14.3", ] extras = {"libcst": "libcst >= 0.2.5"} diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index 2a5b1cbf..f88167ff 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -8,3 +8,5 @@ google-api-core==1.22.2 proto-plus==0.4.0 libcst==0.2.5 +packaging==14.3 +google-auth==1.24.0 # TODO: remove when google-auth>=1.25.0 is required through google-api-core From 5082930b1aef06ae6da2bf88f0412982e6a7ab93 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:48:02 +0000 Subject: [PATCH 6/6] chore: release 3.1.1 (#163) :robot: I have created a release \*beep\* \*boop\* --- ### [3.1.1](https://www.github.com/googleapis/python-dlp/compare/v3.1.0...v3.1.1) (2021-06-16) ### Bug Fixes * **deps:** add packaging requirement ([#162](https://www.github.com/googleapis/python-dlp/issues/162)) ([e857e15](https://www.github.com/googleapis/python-dlp/commit/e857e1522d9fd59c1b4c5d9936c7371ddf8018b1)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- CHANGELOG.md | 7 +++++++ setup.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48e9b893..59e87f12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ [1]: https://pypi.org/project/google-cloud-dlp/#history +### [3.1.1](https://www.github.com/googleapis/python-dlp/compare/v3.1.0...v3.1.1) (2021-06-16) + + +### Bug Fixes + +* **deps:** add packaging requirement ([#162](https://www.github.com/googleapis/python-dlp/issues/162)) ([e857e15](https://www.github.com/googleapis/python-dlp/commit/e857e1522d9fd59c1b4c5d9936c7371ddf8018b1)) + ## [3.1.0](https://www.github.com/googleapis/python-dlp/compare/v3.0.1...v3.1.0) (2021-05-28) diff --git a/setup.py b/setup.py index a4ee54a8..df72c0d0 100644 --- a/setup.py +++ b/setup.py @@ -21,7 +21,7 @@ name = "google-cloud-dlp" description = "Cloud Data Loss Prevention (DLP) API API client library" -version = "3.1.0" +version = "3.1.1" release_status = "Development Status :: 5 - Production/Stable" dependencies = [ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",