1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="dlp_v2.html">Cloud Data Loss Prevention (DLP) API</a> . <a href="dlp_v2.projects.html">projects</a> . <a href="dlp_v2.projects.content.html">content</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#deidentify">deidentify(parent, body, x__xgafv=None)</a></code></p> 79<p class="firstline">De-identifies potentially sensitive info from a ContentItem.</p> 80<p class="toc_element"> 81 <code><a href="#inspect">inspect(parent, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Finds potentially sensitive info in content.</p> 83<p class="toc_element"> 84 <code><a href="#reidentify">reidentify(parent, body, x__xgafv=None)</a></code></p> 85<p class="firstline">Re-identifies content that has been de-identified.</p> 86<h3>Method Details</h3> 87<div class="method"> 88 <code class="details" id="deidentify">deidentify(parent, body, x__xgafv=None)</code> 89 <pre>De-identifies potentially sensitive info from a ContentItem. 90This method has limits on input size and output size. 91See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to 92learn more. 93 94When no InfoTypes or CustomInfoTypes are specified in this request, the 95system will automatically choose what detectors to run. By default this may 96be all types, but may change over time as detectors are updated. 97 98Args: 99 parent: string, The parent resource name, for example projects/my-project-id. (required) 100 body: object, The request body. (required) 101 The object takes the form of: 102 103{ # Request to de-identify a list of items. 104 "deidentifyTemplateName": "A String", # Optional template to use. Any configuration directly specified in 105 # deidentify_config will override those set in the template. Singular fields 106 # that are set in this request will replace their corresponding fields in the 107 # template. Repeated fields are appended. Singular sub-messages and groups 108 # are recursively merged. 109 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in 110 # inspect_config will override those set in the template. Singular fields 111 # that are set in this request will replace their corresponding fields in the 112 # template. Repeated fields are appended. Singular sub-messages and groups 113 # are recursively merged. 114 "deidentifyConfig": { # The configuration that controls how the data will change. # Configuration for the de-identification of the content item. 115 # Items specified here will override the template referenced by the 116 # deidentify_template_name argument. 117 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 118 # transformation everywhere. 119 # apply various `PrimitiveTransformation`s to each finding, where the 120 # transformation is applied to only values that were identified as a specific 121 # info_type. 122 "transformations": [ # Transformation for each infoType. Cannot specify more than one 123 # for a given infoType. [required] 124 { # A transformation to apply to text that is identified as a specific 125 # info_type. 126 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 127 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 128 # fixed character. Masking can start from the beginning or end of the string. 129 # This can be used on data of any type (numbers, longs, and so on) and when 130 # de-identifying structured data we'll attempt to preserve the original data's 131 # type. (This allows you to take a long like 123 and modify it to a string like 132 # **3. 133 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 134 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 135 # mask 5 chars with * we would produce ***-*55-5555. 136 { # Characters to skip when doing deidentification of a value. These will be left 137 # alone and skipped. 138 "commonCharactersToIgnore": "A String", 139 "charactersToSkip": "A String", 140 }, 141 ], 142 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 143 # masked. Skipped characters do not count towards this tally. 144 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 145 # alphabetic string such as name, or "0" for a numeric string such as ZIP 146 # code or credit card number. String must have length 1. If not supplied, we 147 # will default to "*" for strings, 0 for digits. 148 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 149 # '0', number_to_mask is 14, and `reverse_order` is false, then 150 # 1234-5678-9012-3456 -> 00000000000000-3456 151 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 152 # is true, then 12345 -> 12*** 153 }, 154 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 155 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 156 # output would be 'My phone number is '. 157 }, 158 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 159 # input. Outputs a base64 encoded representation of the encrypted output. 160 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 161 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 162 # a key encryption key (KEK) stored by KMS). 163 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 164 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 165 # unwrap the data crypto key. 166 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 167 # The wrapped key must be a 128/192/256 bit key. 168 # Authorization requires the following IAM permissions when sending a request 169 # to perform a crypto transformation using a kms-wrapped crypto key: 170 # dlp.kms.encrypt 171 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 172 "wrappedKey": "A String", # The wrapped data crypto key. [required] 173 }, 174 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 175 # leaking the key. Choose another type of key if possible. 176 "key": "A String", # A 128/192/256 bit key. [required] 177 }, 178 "transient": { # Use this to have a random data crypto key generated. 179 # It will be discarded after the request finishes. 180 "name": "A String", # Name of the key. [required] 181 # This is an arbitrary string used to differentiate different keys. 182 # A unique key is generated per name: two separate `TransientCryptoKey` 183 # protos share the same generated key if their names are the same. 184 # When the data crypto key is generated, this name is not used in any way 185 # (repeating the api call will result in a different key being generated). 186 }, 187 }, 188 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 189 # referential integrity such that the same identifier in two different 190 # contexts will be given a distinct surrogate. The context is appended to 191 # plaintext value being encrypted. On decryption the provided context is 192 # validated against the value used during encryption. If a context was 193 # provided during encryption, same context must be provided during decryption 194 # as well. 195 # 196 # If the context is not set, plaintext would be used as is for encryption. 197 # If the context is set but: 198 # 199 # 1. there is no record present when transforming a given value or 200 # 2. the field is not present when transforming a given value, 201 # 202 # plaintext would be used as is for encryption. 203 # 204 # Note that case (1) is expected when an `InfoTypeTransformation` is 205 # applied to both structured and non-structured `ContentItem`s. 206 "name": "A String", # Name describing the field. 207 }, 208 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 209 # This annotation will be applied to the surrogate by prefixing it with 210 # the name of the custom info type followed by the number of 211 # characters comprising the surrogate. The following scheme defines the 212 # format: <info type name>(<surrogate character count>):<surrogate> 213 # 214 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 215 # the surrogate is 'abc', the full replacement value 216 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 217 # 218 # This annotation identifies the surrogate when inspecting content using the 219 # custom info type 'Surrogate'. This facilitates reversal of the 220 # surrogate when it occurs in free text. 221 # 222 # In order for inspection to work properly, the name of this info type must 223 # not occur naturally anywhere in your data; otherwise, inspection may either 224 # 225 # - reverse a surrogate that does not correspond to an actual identifier 226 # - be unable to parse the surrogate and result in an error 227 # 228 # Therefore, choose your custom info type name carefully after considering 229 # what your data looks like. One way to select a name that has a high chance 230 # of yielding reliable detection is to include one or more unicode characters 231 # that are highly improbable to exist in your data. 232 # For example, assuming your data is entered from a regular ASCII keyboard, 233 # the symbol with the hex code point 29DD might be used like so: 234 # ⧝MY_TOKEN_TYPE 235 "name": "A String", # Name of the information type. Either a name of your choosing when 236 # creating a CustomInfoType, or one of the names listed 237 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 238 # a built-in type. InfoType names should conform to the pattern 239 # [a-zA-Z0-9_]{1,64}. 240 }, 241 }, 242 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 243 # Bucketing transformation can provide all of this functionality, 244 # but requires more configuration. This message is provided as a convenience to 245 # the user for simple bucketing strategies. 246 # 247 # The transformed value will be a hyphenated string of 248 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 249 # all values that are within this bucket will be replaced with "10-20". 250 # 251 # This can be used on data of type: double, long. 252 # 253 # If the bound Value type differs from the type of data 254 # being transformed, we will first attempt converting the type of the data to 255 # be transformed to match the type of the bound before comparing. 256 # 257 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 258 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 259 # grouped together into a single bucket; for example if `lower_bound` = 10, 260 # then all values less than 10 are replaced with the value “-10”. [Required]. 261 # Note that for the purposes of inspection or transformation, the number 262 # of bytes considered to comprise a 'Value' is based on its representation 263 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 264 # 123456789, the number of bytes would be counted as 9, even though an 265 # int64 only holds up to 8 bytes of data. 266 "floatValue": 3.14, 267 "timestampValue": "A String", 268 "dayOfWeekValue": "A String", 269 "timeValue": { # Represents a time of day. The date and time zone are either not significant 270 # or are specified elsewhere. An API may choose to allow leap seconds. Related 271 # types are google.type.Date and `google.protobuf.Timestamp`. 272 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 273 # to allow the value "24:00:00" for scenarios like business closing time. 274 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 275 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 276 # allow the value 60 if it allows leap-seconds. 277 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 278 }, 279 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 280 # and time zone are either specified elsewhere or are not significant. The date 281 # is relative to the Proleptic Gregorian Calendar. This can represent: 282 # 283 # * A full date, with non-zero year, month and day values 284 # * A month and day value, with a zero year, e.g. an anniversary 285 # * A year on its own, with zero month and day values 286 # * A year and month value, with a zero day, e.g. a credit card expiration date 287 # 288 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 289 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 290 # a year. 291 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 292 # if specifying a year by itself or a year and month where the day is not 293 # significant. 294 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 295 # month and day. 296 }, 297 "stringValue": "A String", 298 "booleanValue": True or False, 299 "integerValue": "A String", 300 }, 301 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 302 # grouped together into a single bucket; for example if `upper_bound` = 89, 303 # then all values greater than 89 are replaced with the value “89+”. 304 # [Required]. 305 # Note that for the purposes of inspection or transformation, the number 306 # of bytes considered to comprise a 'Value' is based on its representation 307 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 308 # 123456789, the number of bytes would be counted as 9, even though an 309 # int64 only holds up to 8 bytes of data. 310 "floatValue": 3.14, 311 "timestampValue": "A String", 312 "dayOfWeekValue": "A String", 313 "timeValue": { # Represents a time of day. The date and time zone are either not significant 314 # or are specified elsewhere. An API may choose to allow leap seconds. Related 315 # types are google.type.Date and `google.protobuf.Timestamp`. 316 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 317 # to allow the value "24:00:00" for scenarios like business closing time. 318 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 319 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 320 # allow the value 60 if it allows leap-seconds. 321 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 322 }, 323 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 324 # and time zone are either specified elsewhere or are not significant. The date 325 # is relative to the Proleptic Gregorian Calendar. This can represent: 326 # 327 # * A full date, with non-zero year, month and day values 328 # * A month and day value, with a zero year, e.g. an anniversary 329 # * A year on its own, with zero month and day values 330 # * A year and month value, with a zero day, e.g. a credit card expiration date 331 # 332 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 333 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 334 # a year. 335 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 336 # if specifying a year by itself or a year and month where the day is not 337 # significant. 338 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 339 # month and day. 340 }, 341 "stringValue": "A String", 342 "booleanValue": True or False, 343 "integerValue": "A String", 344 }, 345 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 346 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 347 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 348 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 349 }, 350 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 351 }, 352 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 353 # portion of the value. 354 "partToExtract": "A String", 355 }, 356 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 357 # Uses SHA-256. 358 # The key size must be either 32 or 64 bytes. 359 # Outputs a base64 encoded representation of the hashed output 360 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 361 # Currently, only string and integer values can be hashed. 362 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 363 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 364 # a key encryption key (KEK) stored by KMS). 365 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 366 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 367 # unwrap the data crypto key. 368 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 369 # The wrapped key must be a 128/192/256 bit key. 370 # Authorization requires the following IAM permissions when sending a request 371 # to perform a crypto transformation using a kms-wrapped crypto key: 372 # dlp.kms.encrypt 373 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 374 "wrappedKey": "A String", # The wrapped data crypto key. [required] 375 }, 376 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 377 # leaking the key. Choose another type of key if possible. 378 "key": "A String", # A 128/192/256 bit key. [required] 379 }, 380 "transient": { # Use this to have a random data crypto key generated. 381 # It will be discarded after the request finishes. 382 "name": "A String", # Name of the key. [required] 383 # This is an arbitrary string used to differentiate different keys. 384 # A unique key is generated per name: two separate `TransientCryptoKey` 385 # protos share the same generated key if their names are the same. 386 # When the data crypto key is generated, this name is not used in any way 387 # (repeating the api call will result in a different key being generated). 388 }, 389 }, 390 }, 391 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 392 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 393 # to learn more. 394 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 395 # results in the same shift for the same context and crypto_key. 396 # a key encryption key (KEK) stored by KMS). 397 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 398 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 399 # unwrap the data crypto key. 400 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 401 # The wrapped key must be a 128/192/256 bit key. 402 # Authorization requires the following IAM permissions when sending a request 403 # to perform a crypto transformation using a kms-wrapped crypto key: 404 # dlp.kms.encrypt 405 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 406 "wrappedKey": "A String", # The wrapped data crypto key. [required] 407 }, 408 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 409 # leaking the key. Choose another type of key if possible. 410 "key": "A String", # A 128/192/256 bit key. [required] 411 }, 412 "transient": { # Use this to have a random data crypto key generated. 413 # It will be discarded after the request finishes. 414 "name": "A String", # Name of the key. [required] 415 # This is an arbitrary string used to differentiate different keys. 416 # A unique key is generated per name: two separate `TransientCryptoKey` 417 # protos share the same generated key if their names are the same. 418 # When the data crypto key is generated, this name is not used in any way 419 # (repeating the api call will result in a different key being generated). 420 }, 421 }, 422 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 423 # [Required] 424 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 425 # range (inclusive ends). Negative means shift to earlier in time. Must not 426 # be more than 365250 days (1000 years) each direction. 427 # 428 # For example, 3 means shift date to at most 3 days into the future. 429 # [Required] 430 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 431 # If set, must also set method. If set, shift will be consistent for the 432 # given context. 433 "name": "A String", # Name describing the field. 434 }, 435 }, 436 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 437 # replacement values are dynamically provided by the user for custom behavior, 438 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 439 # This can be used on 440 # data of type: number, long, string, timestamp. 441 # If the bound `Value` type differs from the type of data being transformed, we 442 # will first attempt converting the type of the data to be transformed to match 443 # the type of the bound before comparing. 444 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 445 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 446 { # Bucket is represented as a range, along with replacement values. 447 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 448 # Note that for the purposes of inspection or transformation, the number 449 # of bytes considered to comprise a 'Value' is based on its representation 450 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 451 # 123456789, the number of bytes would be counted as 9, even though an 452 # int64 only holds up to 8 bytes of data. 453 "floatValue": 3.14, 454 "timestampValue": "A String", 455 "dayOfWeekValue": "A String", 456 "timeValue": { # Represents a time of day. The date and time zone are either not significant 457 # or are specified elsewhere. An API may choose to allow leap seconds. Related 458 # types are google.type.Date and `google.protobuf.Timestamp`. 459 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 460 # to allow the value "24:00:00" for scenarios like business closing time. 461 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 462 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 463 # allow the value 60 if it allows leap-seconds. 464 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 465 }, 466 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 467 # and time zone are either specified elsewhere or are not significant. The date 468 # is relative to the Proleptic Gregorian Calendar. This can represent: 469 # 470 # * A full date, with non-zero year, month and day values 471 # * A month and day value, with a zero year, e.g. an anniversary 472 # * A year on its own, with zero month and day values 473 # * A year and month value, with a zero day, e.g. a credit card expiration date 474 # 475 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 476 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 477 # a year. 478 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 479 # if specifying a year by itself or a year and month where the day is not 480 # significant. 481 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 482 # month and day. 483 }, 484 "stringValue": "A String", 485 "booleanValue": True or False, 486 "integerValue": "A String", 487 }, 488 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 489 # the default behavior will be to hyphenate the min-max range. 490 # Note that for the purposes of inspection or transformation, the number 491 # of bytes considered to comprise a 'Value' is based on its representation 492 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 493 # 123456789, the number of bytes would be counted as 9, even though an 494 # int64 only holds up to 8 bytes of data. 495 "floatValue": 3.14, 496 "timestampValue": "A String", 497 "dayOfWeekValue": "A String", 498 "timeValue": { # Represents a time of day. The date and time zone are either not significant 499 # or are specified elsewhere. An API may choose to allow leap seconds. Related 500 # types are google.type.Date and `google.protobuf.Timestamp`. 501 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 502 # to allow the value "24:00:00" for scenarios like business closing time. 503 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 504 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 505 # allow the value 60 if it allows leap-seconds. 506 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 507 }, 508 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 509 # and time zone are either specified elsewhere or are not significant. The date 510 # is relative to the Proleptic Gregorian Calendar. This can represent: 511 # 512 # * A full date, with non-zero year, month and day values 513 # * A month and day value, with a zero year, e.g. an anniversary 514 # * A year on its own, with zero month and day values 515 # * A year and month value, with a zero day, e.g. a credit card expiration date 516 # 517 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 518 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 519 # a year. 520 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 521 # if specifying a year by itself or a year and month where the day is not 522 # significant. 523 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 524 # month and day. 525 }, 526 "stringValue": "A String", 527 "booleanValue": True or False, 528 "integerValue": "A String", 529 }, 530 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 531 # used. 532 # Note that for the purposes of inspection or transformation, the number 533 # of bytes considered to comprise a 'Value' is based on its representation 534 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 535 # 123456789, the number of bytes would be counted as 9, even though an 536 # int64 only holds up to 8 bytes of data. 537 "floatValue": 3.14, 538 "timestampValue": "A String", 539 "dayOfWeekValue": "A String", 540 "timeValue": { # Represents a time of day. The date and time zone are either not significant 541 # or are specified elsewhere. An API may choose to allow leap seconds. Related 542 # types are google.type.Date and `google.protobuf.Timestamp`. 543 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 544 # to allow the value "24:00:00" for scenarios like business closing time. 545 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 546 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 547 # allow the value 60 if it allows leap-seconds. 548 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 549 }, 550 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 551 # and time zone are either specified elsewhere or are not significant. The date 552 # is relative to the Proleptic Gregorian Calendar. This can represent: 553 # 554 # * A full date, with non-zero year, month and day values 555 # * A month and day value, with a zero year, e.g. an anniversary 556 # * A year on its own, with zero month and day values 557 # * A year and month value, with a zero day, e.g. a credit card expiration date 558 # 559 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 560 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 561 # a year. 562 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 563 # if specifying a year by itself or a year and month where the day is not 564 # significant. 565 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 566 # month and day. 567 }, 568 "stringValue": "A String", 569 "booleanValue": True or False, 570 "integerValue": "A String", 571 }, 572 }, 573 ], 574 }, 575 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 576 # (FPE) with the FFX mode of operation; however when used in the 577 # `ReidentifyContent` API method, it serves the opposite function by reversing 578 # the surrogate back into the original identifier. The identifier must be 579 # encoded as ASCII. For a given crypto key and context, the same identifier 580 # will be replaced with the same surrogate. Identifiers must be at least two 581 # characters long. In the case that the identifier is the empty string, it will 582 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 583 # more. 584 # 585 # Note: We recommend using CryptoDeterministicConfig for all use cases which 586 # do not require preserving the input alphabet space and size, plus warrant 587 # referential integrity. 588 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 589 # a key encryption key (KEK) stored by KMS). 590 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 591 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 592 # unwrap the data crypto key. 593 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 594 # The wrapped key must be a 128/192/256 bit key. 595 # Authorization requires the following IAM permissions when sending a request 596 # to perform a crypto transformation using a kms-wrapped crypto key: 597 # dlp.kms.encrypt 598 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 599 "wrappedKey": "A String", # The wrapped data crypto key. [required] 600 }, 601 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 602 # leaking the key. Choose another type of key if possible. 603 "key": "A String", # A 128/192/256 bit key. [required] 604 }, 605 "transient": { # Use this to have a random data crypto key generated. 606 # It will be discarded after the request finishes. 607 "name": "A String", # Name of the key. [required] 608 # This is an arbitrary string used to differentiate different keys. 609 # A unique key is generated per name: two separate `TransientCryptoKey` 610 # protos share the same generated key if their names are the same. 611 # When the data crypto key is generated, this name is not used in any way 612 # (repeating the api call will result in a different key being generated). 613 }, 614 }, 615 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 616 "commonAlphabet": "A String", 617 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 618 # that the FFX mode natively supports. This happens before/after 619 # encryption/decryption. 620 # Each character listed must appear only once. 621 # Number of characters must be in the range [2, 62]. 622 # This must be encoded as ASCII. 623 # The order of characters does not matter. 624 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 625 # identifier in two different contexts won't be given the same surrogate. If 626 # the context is not set, a default tweak will be used. 627 # 628 # If the context is set but: 629 # 630 # 1. there is no record present when transforming a given value or 631 # 1. the field is not present when transforming a given value, 632 # 633 # a default tweak will be used. 634 # 635 # Note that case (1) is expected when an `InfoTypeTransformation` is 636 # applied to both structured and non-structured `ContentItem`s. 637 # Currently, the referenced field may be of value type integer or string. 638 # 639 # The tweak is constructed as a sequence of bytes in big endian byte order 640 # such that: 641 # 642 # - a 64 bit integer is encoded followed by a single byte of value 1 643 # - a string is encoded in UTF-8 format followed by a single byte of value 2 644 "name": "A String", # Name describing the field. 645 }, 646 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 647 # This annotation will be applied to the surrogate by prefixing it with 648 # the name of the custom infoType followed by the number of 649 # characters comprising the surrogate. The following scheme defines the 650 # format: info_type_name(surrogate_character_count):surrogate 651 # 652 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 653 # the surrogate is 'abc', the full replacement value 654 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 655 # 656 # This annotation identifies the surrogate when inspecting content using the 657 # custom infoType 658 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 659 # This facilitates reversal of the surrogate when it occurs in free text. 660 # 661 # In order for inspection to work properly, the name of this infoType must 662 # not occur naturally anywhere in your data; otherwise, inspection may 663 # find a surrogate that does not correspond to an actual identifier. 664 # Therefore, choose your custom infoType name carefully after considering 665 # what your data looks like. One way to select a name that has a high chance 666 # of yielding reliable detection is to include one or more unicode characters 667 # that are highly improbable to exist in your data. 668 # For example, assuming your data is entered from a regular ASCII keyboard, 669 # the symbol with the hex code point 29DD might be used like so: 670 # ⧝MY_TOKEN_TYPE 671 "name": "A String", # Name of the information type. Either a name of your choosing when 672 # creating a CustomInfoType, or one of the names listed 673 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 674 # a built-in type. InfoType names should conform to the pattern 675 # [a-zA-Z0-9_]{1,64}. 676 }, 677 }, 678 "replaceConfig": { # Replace each input value with a given `Value`. 679 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 680 # Note that for the purposes of inspection or transformation, the number 681 # of bytes considered to comprise a 'Value' is based on its representation 682 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 683 # 123456789, the number of bytes would be counted as 9, even though an 684 # int64 only holds up to 8 bytes of data. 685 "floatValue": 3.14, 686 "timestampValue": "A String", 687 "dayOfWeekValue": "A String", 688 "timeValue": { # Represents a time of day. The date and time zone are either not significant 689 # or are specified elsewhere. An API may choose to allow leap seconds. Related 690 # types are google.type.Date and `google.protobuf.Timestamp`. 691 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 692 # to allow the value "24:00:00" for scenarios like business closing time. 693 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 694 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 695 # allow the value 60 if it allows leap-seconds. 696 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 697 }, 698 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 699 # and time zone are either specified elsewhere or are not significant. The date 700 # is relative to the Proleptic Gregorian Calendar. This can represent: 701 # 702 # * A full date, with non-zero year, month and day values 703 # * A month and day value, with a zero year, e.g. an anniversary 704 # * A year on its own, with zero month and day values 705 # * A year and month value, with a zero day, e.g. a credit card expiration date 706 # 707 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 708 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 709 # a year. 710 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 711 # if specifying a year by itself or a year and month where the day is not 712 # significant. 713 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 714 # month and day. 715 }, 716 "stringValue": "A String", 717 "booleanValue": True or False, 718 "integerValue": "A String", 719 }, 720 }, 721 }, 722 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 723 # this transformation to apply to all findings that correspond to 724 # infoTypes that were requested in `InspectConfig`. 725 { # Type of information detected by the API. 726 "name": "A String", # Name of the information type. Either a name of your choosing when 727 # creating a CustomInfoType, or one of the names listed 728 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 729 # a built-in type. InfoType names should conform to the pattern 730 # [a-zA-Z0-9_]{1,64}. 731 }, 732 ], 733 }, 734 ], 735 }, 736 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 737 # specific locations within structured datasets, such as transforming 738 # a column within a table. 739 # table. 740 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 741 # match any suppression rule are omitted from the output [optional]. 742 { # Configuration to suppress records whose suppression conditions evaluate to 743 # true. 744 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 745 # evaluated to be suppressed from the transformed content. 746 # a field. 747 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 748 "conditions": { # A collection of conditions. 749 "conditions": [ 750 { # The field type of `value` and `field` do not need to match to be 751 # considered equal, but not all comparisons are possible. 752 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 753 # but all other comparisons are invalid with incompatible types. 754 # A `value` of type: 755 # 756 # - `string` can be compared against all other types 757 # - `boolean` can only be compared against other booleans 758 # - `integer` can be compared against doubles or a string if the string value 759 # can be parsed as an integer. 760 # - `double` can be compared against integers or a string if the string can 761 # be parsed as a double. 762 # - `Timestamp` can be compared against strings in RFC 3339 date string 763 # format. 764 # - `TimeOfDay` can be compared against timestamps and strings in the format 765 # of 'HH:mm:ss'. 766 # 767 # If we fail to compare do to type mismatch, a warning will be given and 768 # the condition will evaluate to false. 769 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 770 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 771 "name": "A String", # Name describing the field. 772 }, 773 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 774 # Note that for the purposes of inspection or transformation, the number 775 # of bytes considered to comprise a 'Value' is based on its representation 776 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 777 # 123456789, the number of bytes would be counted as 9, even though an 778 # int64 only holds up to 8 bytes of data. 779 "floatValue": 3.14, 780 "timestampValue": "A String", 781 "dayOfWeekValue": "A String", 782 "timeValue": { # Represents a time of day. The date and time zone are either not significant 783 # or are specified elsewhere. An API may choose to allow leap seconds. Related 784 # types are google.type.Date and `google.protobuf.Timestamp`. 785 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 786 # to allow the value "24:00:00" for scenarios like business closing time. 787 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 788 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 789 # allow the value 60 if it allows leap-seconds. 790 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 791 }, 792 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 793 # and time zone are either specified elsewhere or are not significant. The date 794 # is relative to the Proleptic Gregorian Calendar. This can represent: 795 # 796 # * A full date, with non-zero year, month and day values 797 # * A month and day value, with a zero year, e.g. an anniversary 798 # * A year on its own, with zero month and day values 799 # * A year and month value, with a zero day, e.g. a credit card expiration date 800 # 801 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 802 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 803 # a year. 804 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 805 # if specifying a year by itself or a year and month where the day is not 806 # significant. 807 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 808 # month and day. 809 }, 810 "stringValue": "A String", 811 "booleanValue": True or False, 812 "integerValue": "A String", 813 }, 814 }, 815 ], 816 }, 817 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 818 # only supported value is `AND`. 819 }, 820 }, 821 }, 822 ], 823 "fieldTransformations": [ # Transform the record by applying various field transformations. 824 { # The transformation to apply to the field. 825 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 826 # transform content that matches an `InfoType`. 827 # apply various `PrimitiveTransformation`s to each finding, where the 828 # transformation is applied to only values that were identified as a specific 829 # info_type. 830 "transformations": [ # Transformation for each infoType. Cannot specify more than one 831 # for a given infoType. [required] 832 { # A transformation to apply to text that is identified as a specific 833 # info_type. 834 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 835 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 836 # fixed character. Masking can start from the beginning or end of the string. 837 # This can be used on data of any type (numbers, longs, and so on) and when 838 # de-identifying structured data we'll attempt to preserve the original data's 839 # type. (This allows you to take a long like 123 and modify it to a string like 840 # **3. 841 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 842 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 843 # mask 5 chars with * we would produce ***-*55-5555. 844 { # Characters to skip when doing deidentification of a value. These will be left 845 # alone and skipped. 846 "commonCharactersToIgnore": "A String", 847 "charactersToSkip": "A String", 848 }, 849 ], 850 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 851 # masked. Skipped characters do not count towards this tally. 852 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 853 # alphabetic string such as name, or "0" for a numeric string such as ZIP 854 # code or credit card number. String must have length 1. If not supplied, we 855 # will default to "*" for strings, 0 for digits. 856 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 857 # '0', number_to_mask is 14, and `reverse_order` is false, then 858 # 1234-5678-9012-3456 -> 00000000000000-3456 859 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 860 # is true, then 12345 -> 12*** 861 }, 862 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 863 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 864 # output would be 'My phone number is '. 865 }, 866 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 867 # input. Outputs a base64 encoded representation of the encrypted output. 868 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 869 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 870 # a key encryption key (KEK) stored by KMS). 871 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 872 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 873 # unwrap the data crypto key. 874 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 875 # The wrapped key must be a 128/192/256 bit key. 876 # Authorization requires the following IAM permissions when sending a request 877 # to perform a crypto transformation using a kms-wrapped crypto key: 878 # dlp.kms.encrypt 879 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 880 "wrappedKey": "A String", # The wrapped data crypto key. [required] 881 }, 882 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 883 # leaking the key. Choose another type of key if possible. 884 "key": "A String", # A 128/192/256 bit key. [required] 885 }, 886 "transient": { # Use this to have a random data crypto key generated. 887 # It will be discarded after the request finishes. 888 "name": "A String", # Name of the key. [required] 889 # This is an arbitrary string used to differentiate different keys. 890 # A unique key is generated per name: two separate `TransientCryptoKey` 891 # protos share the same generated key if their names are the same. 892 # When the data crypto key is generated, this name is not used in any way 893 # (repeating the api call will result in a different key being generated). 894 }, 895 }, 896 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 897 # referential integrity such that the same identifier in two different 898 # contexts will be given a distinct surrogate. The context is appended to 899 # plaintext value being encrypted. On decryption the provided context is 900 # validated against the value used during encryption. If a context was 901 # provided during encryption, same context must be provided during decryption 902 # as well. 903 # 904 # If the context is not set, plaintext would be used as is for encryption. 905 # If the context is set but: 906 # 907 # 1. there is no record present when transforming a given value or 908 # 2. the field is not present when transforming a given value, 909 # 910 # plaintext would be used as is for encryption. 911 # 912 # Note that case (1) is expected when an `InfoTypeTransformation` is 913 # applied to both structured and non-structured `ContentItem`s. 914 "name": "A String", # Name describing the field. 915 }, 916 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 917 # This annotation will be applied to the surrogate by prefixing it with 918 # the name of the custom info type followed by the number of 919 # characters comprising the surrogate. The following scheme defines the 920 # format: <info type name>(<surrogate character count>):<surrogate> 921 # 922 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 923 # the surrogate is 'abc', the full replacement value 924 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 925 # 926 # This annotation identifies the surrogate when inspecting content using the 927 # custom info type 'Surrogate'. This facilitates reversal of the 928 # surrogate when it occurs in free text. 929 # 930 # In order for inspection to work properly, the name of this info type must 931 # not occur naturally anywhere in your data; otherwise, inspection may either 932 # 933 # - reverse a surrogate that does not correspond to an actual identifier 934 # - be unable to parse the surrogate and result in an error 935 # 936 # Therefore, choose your custom info type name carefully after considering 937 # what your data looks like. One way to select a name that has a high chance 938 # of yielding reliable detection is to include one or more unicode characters 939 # that are highly improbable to exist in your data. 940 # For example, assuming your data is entered from a regular ASCII keyboard, 941 # the symbol with the hex code point 29DD might be used like so: 942 # ⧝MY_TOKEN_TYPE 943 "name": "A String", # Name of the information type. Either a name of your choosing when 944 # creating a CustomInfoType, or one of the names listed 945 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 946 # a built-in type. InfoType names should conform to the pattern 947 # [a-zA-Z0-9_]{1,64}. 948 }, 949 }, 950 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 951 # Bucketing transformation can provide all of this functionality, 952 # but requires more configuration. This message is provided as a convenience to 953 # the user for simple bucketing strategies. 954 # 955 # The transformed value will be a hyphenated string of 956 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 957 # all values that are within this bucket will be replaced with "10-20". 958 # 959 # This can be used on data of type: double, long. 960 # 961 # If the bound Value type differs from the type of data 962 # being transformed, we will first attempt converting the type of the data to 963 # be transformed to match the type of the bound before comparing. 964 # 965 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 966 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 967 # grouped together into a single bucket; for example if `lower_bound` = 10, 968 # then all values less than 10 are replaced with the value “-10”. [Required]. 969 # Note that for the purposes of inspection or transformation, the number 970 # of bytes considered to comprise a 'Value' is based on its representation 971 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 972 # 123456789, the number of bytes would be counted as 9, even though an 973 # int64 only holds up to 8 bytes of data. 974 "floatValue": 3.14, 975 "timestampValue": "A String", 976 "dayOfWeekValue": "A String", 977 "timeValue": { # Represents a time of day. The date and time zone are either not significant 978 # or are specified elsewhere. An API may choose to allow leap seconds. Related 979 # types are google.type.Date and `google.protobuf.Timestamp`. 980 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 981 # to allow the value "24:00:00" for scenarios like business closing time. 982 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 983 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 984 # allow the value 60 if it allows leap-seconds. 985 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 986 }, 987 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 988 # and time zone are either specified elsewhere or are not significant. The date 989 # is relative to the Proleptic Gregorian Calendar. This can represent: 990 # 991 # * A full date, with non-zero year, month and day values 992 # * A month and day value, with a zero year, e.g. an anniversary 993 # * A year on its own, with zero month and day values 994 # * A year and month value, with a zero day, e.g. a credit card expiration date 995 # 996 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 997 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 998 # a year. 999 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1000 # if specifying a year by itself or a year and month where the day is not 1001 # significant. 1002 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1003 # month and day. 1004 }, 1005 "stringValue": "A String", 1006 "booleanValue": True or False, 1007 "integerValue": "A String", 1008 }, 1009 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 1010 # grouped together into a single bucket; for example if `upper_bound` = 89, 1011 # then all values greater than 89 are replaced with the value “89+”. 1012 # [Required]. 1013 # Note that for the purposes of inspection or transformation, the number 1014 # of bytes considered to comprise a 'Value' is based on its representation 1015 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1016 # 123456789, the number of bytes would be counted as 9, even though an 1017 # int64 only holds up to 8 bytes of data. 1018 "floatValue": 3.14, 1019 "timestampValue": "A String", 1020 "dayOfWeekValue": "A String", 1021 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1022 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1023 # types are google.type.Date and `google.protobuf.Timestamp`. 1024 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1025 # to allow the value "24:00:00" for scenarios like business closing time. 1026 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1027 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1028 # allow the value 60 if it allows leap-seconds. 1029 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1030 }, 1031 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1032 # and time zone are either specified elsewhere or are not significant. The date 1033 # is relative to the Proleptic Gregorian Calendar. This can represent: 1034 # 1035 # * A full date, with non-zero year, month and day values 1036 # * A month and day value, with a zero year, e.g. an anniversary 1037 # * A year on its own, with zero month and day values 1038 # * A year and month value, with a zero day, e.g. a credit card expiration date 1039 # 1040 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1041 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1042 # a year. 1043 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1044 # if specifying a year by itself or a year and month where the day is not 1045 # significant. 1046 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1047 # month and day. 1048 }, 1049 "stringValue": "A String", 1050 "booleanValue": True or False, 1051 "integerValue": "A String", 1052 }, 1053 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 1054 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 1055 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 1056 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 1057 }, 1058 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 1059 }, 1060 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 1061 # portion of the value. 1062 "partToExtract": "A String", 1063 }, 1064 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 1065 # Uses SHA-256. 1066 # The key size must be either 32 or 64 bytes. 1067 # Outputs a base64 encoded representation of the hashed output 1068 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 1069 # Currently, only string and integer values can be hashed. 1070 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 1071 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 1072 # a key encryption key (KEK) stored by KMS). 1073 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1074 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1075 # unwrap the data crypto key. 1076 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1077 # The wrapped key must be a 128/192/256 bit key. 1078 # Authorization requires the following IAM permissions when sending a request 1079 # to perform a crypto transformation using a kms-wrapped crypto key: 1080 # dlp.kms.encrypt 1081 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1082 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1083 }, 1084 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1085 # leaking the key. Choose another type of key if possible. 1086 "key": "A String", # A 128/192/256 bit key. [required] 1087 }, 1088 "transient": { # Use this to have a random data crypto key generated. 1089 # It will be discarded after the request finishes. 1090 "name": "A String", # Name of the key. [required] 1091 # This is an arbitrary string used to differentiate different keys. 1092 # A unique key is generated per name: two separate `TransientCryptoKey` 1093 # protos share the same generated key if their names are the same. 1094 # When the data crypto key is generated, this name is not used in any way 1095 # (repeating the api call will result in a different key being generated). 1096 }, 1097 }, 1098 }, 1099 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 1100 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 1101 # to learn more. 1102 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 1103 # results in the same shift for the same context and crypto_key. 1104 # a key encryption key (KEK) stored by KMS). 1105 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1106 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1107 # unwrap the data crypto key. 1108 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1109 # The wrapped key must be a 128/192/256 bit key. 1110 # Authorization requires the following IAM permissions when sending a request 1111 # to perform a crypto transformation using a kms-wrapped crypto key: 1112 # dlp.kms.encrypt 1113 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1114 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1115 }, 1116 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1117 # leaking the key. Choose another type of key if possible. 1118 "key": "A String", # A 128/192/256 bit key. [required] 1119 }, 1120 "transient": { # Use this to have a random data crypto key generated. 1121 # It will be discarded after the request finishes. 1122 "name": "A String", # Name of the key. [required] 1123 # This is an arbitrary string used to differentiate different keys. 1124 # A unique key is generated per name: two separate `TransientCryptoKey` 1125 # protos share the same generated key if their names are the same. 1126 # When the data crypto key is generated, this name is not used in any way 1127 # (repeating the api call will result in a different key being generated). 1128 }, 1129 }, 1130 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 1131 # [Required] 1132 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 1133 # range (inclusive ends). Negative means shift to earlier in time. Must not 1134 # be more than 365250 days (1000 years) each direction. 1135 # 1136 # For example, 3 means shift date to at most 3 days into the future. 1137 # [Required] 1138 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 1139 # If set, must also set method. If set, shift will be consistent for the 1140 # given context. 1141 "name": "A String", # Name describing the field. 1142 }, 1143 }, 1144 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 1145 # replacement values are dynamically provided by the user for custom behavior, 1146 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 1147 # This can be used on 1148 # data of type: number, long, string, timestamp. 1149 # If the bound `Value` type differs from the type of data being transformed, we 1150 # will first attempt converting the type of the data to be transformed to match 1151 # the type of the bound before comparing. 1152 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1153 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 1154 { # Bucket is represented as a range, along with replacement values. 1155 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 1156 # Note that for the purposes of inspection or transformation, the number 1157 # of bytes considered to comprise a 'Value' is based on its representation 1158 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1159 # 123456789, the number of bytes would be counted as 9, even though an 1160 # int64 only holds up to 8 bytes of data. 1161 "floatValue": 3.14, 1162 "timestampValue": "A String", 1163 "dayOfWeekValue": "A String", 1164 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1165 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1166 # types are google.type.Date and `google.protobuf.Timestamp`. 1167 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1168 # to allow the value "24:00:00" for scenarios like business closing time. 1169 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1170 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1171 # allow the value 60 if it allows leap-seconds. 1172 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1173 }, 1174 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1175 # and time zone are either specified elsewhere or are not significant. The date 1176 # is relative to the Proleptic Gregorian Calendar. This can represent: 1177 # 1178 # * A full date, with non-zero year, month and day values 1179 # * A month and day value, with a zero year, e.g. an anniversary 1180 # * A year on its own, with zero month and day values 1181 # * A year and month value, with a zero day, e.g. a credit card expiration date 1182 # 1183 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1184 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1185 # a year. 1186 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1187 # if specifying a year by itself or a year and month where the day is not 1188 # significant. 1189 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1190 # month and day. 1191 }, 1192 "stringValue": "A String", 1193 "booleanValue": True or False, 1194 "integerValue": "A String", 1195 }, 1196 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 1197 # the default behavior will be to hyphenate the min-max range. 1198 # Note that for the purposes of inspection or transformation, the number 1199 # of bytes considered to comprise a 'Value' is based on its representation 1200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1201 # 123456789, the number of bytes would be counted as 9, even though an 1202 # int64 only holds up to 8 bytes of data. 1203 "floatValue": 3.14, 1204 "timestampValue": "A String", 1205 "dayOfWeekValue": "A String", 1206 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1207 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1208 # types are google.type.Date and `google.protobuf.Timestamp`. 1209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1210 # to allow the value "24:00:00" for scenarios like business closing time. 1211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1213 # allow the value 60 if it allows leap-seconds. 1214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1215 }, 1216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1217 # and time zone are either specified elsewhere or are not significant. The date 1218 # is relative to the Proleptic Gregorian Calendar. This can represent: 1219 # 1220 # * A full date, with non-zero year, month and day values 1221 # * A month and day value, with a zero year, e.g. an anniversary 1222 # * A year on its own, with zero month and day values 1223 # * A year and month value, with a zero day, e.g. a credit card expiration date 1224 # 1225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1227 # a year. 1228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1229 # if specifying a year by itself or a year and month where the day is not 1230 # significant. 1231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1232 # month and day. 1233 }, 1234 "stringValue": "A String", 1235 "booleanValue": True or False, 1236 "integerValue": "A String", 1237 }, 1238 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 1239 # used. 1240 # Note that for the purposes of inspection or transformation, the number 1241 # of bytes considered to comprise a 'Value' is based on its representation 1242 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1243 # 123456789, the number of bytes would be counted as 9, even though an 1244 # int64 only holds up to 8 bytes of data. 1245 "floatValue": 3.14, 1246 "timestampValue": "A String", 1247 "dayOfWeekValue": "A String", 1248 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1249 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1250 # types are google.type.Date and `google.protobuf.Timestamp`. 1251 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1252 # to allow the value "24:00:00" for scenarios like business closing time. 1253 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1254 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1255 # allow the value 60 if it allows leap-seconds. 1256 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1257 }, 1258 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1259 # and time zone are either specified elsewhere or are not significant. The date 1260 # is relative to the Proleptic Gregorian Calendar. This can represent: 1261 # 1262 # * A full date, with non-zero year, month and day values 1263 # * A month and day value, with a zero year, e.g. an anniversary 1264 # * A year on its own, with zero month and day values 1265 # * A year and month value, with a zero day, e.g. a credit card expiration date 1266 # 1267 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1268 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1269 # a year. 1270 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1271 # if specifying a year by itself or a year and month where the day is not 1272 # significant. 1273 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1274 # month and day. 1275 }, 1276 "stringValue": "A String", 1277 "booleanValue": True or False, 1278 "integerValue": "A String", 1279 }, 1280 }, 1281 ], 1282 }, 1283 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 1284 # (FPE) with the FFX mode of operation; however when used in the 1285 # `ReidentifyContent` API method, it serves the opposite function by reversing 1286 # the surrogate back into the original identifier. The identifier must be 1287 # encoded as ASCII. For a given crypto key and context, the same identifier 1288 # will be replaced with the same surrogate. Identifiers must be at least two 1289 # characters long. In the case that the identifier is the empty string, it will 1290 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 1291 # more. 1292 # 1293 # Note: We recommend using CryptoDeterministicConfig for all use cases which 1294 # do not require preserving the input alphabet space and size, plus warrant 1295 # referential integrity. 1296 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 1297 # a key encryption key (KEK) stored by KMS). 1298 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1299 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1300 # unwrap the data crypto key. 1301 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1302 # The wrapped key must be a 128/192/256 bit key. 1303 # Authorization requires the following IAM permissions when sending a request 1304 # to perform a crypto transformation using a kms-wrapped crypto key: 1305 # dlp.kms.encrypt 1306 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1307 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1308 }, 1309 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1310 # leaking the key. Choose another type of key if possible. 1311 "key": "A String", # A 128/192/256 bit key. [required] 1312 }, 1313 "transient": { # Use this to have a random data crypto key generated. 1314 # It will be discarded after the request finishes. 1315 "name": "A String", # Name of the key. [required] 1316 # This is an arbitrary string used to differentiate different keys. 1317 # A unique key is generated per name: two separate `TransientCryptoKey` 1318 # protos share the same generated key if their names are the same. 1319 # When the data crypto key is generated, this name is not used in any way 1320 # (repeating the api call will result in a different key being generated). 1321 }, 1322 }, 1323 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 1324 "commonAlphabet": "A String", 1325 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 1326 # that the FFX mode natively supports. This happens before/after 1327 # encryption/decryption. 1328 # Each character listed must appear only once. 1329 # Number of characters must be in the range [2, 62]. 1330 # This must be encoded as ASCII. 1331 # The order of characters does not matter. 1332 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 1333 # identifier in two different contexts won't be given the same surrogate. If 1334 # the context is not set, a default tweak will be used. 1335 # 1336 # If the context is set but: 1337 # 1338 # 1. there is no record present when transforming a given value or 1339 # 1. the field is not present when transforming a given value, 1340 # 1341 # a default tweak will be used. 1342 # 1343 # Note that case (1) is expected when an `InfoTypeTransformation` is 1344 # applied to both structured and non-structured `ContentItem`s. 1345 # Currently, the referenced field may be of value type integer or string. 1346 # 1347 # The tweak is constructed as a sequence of bytes in big endian byte order 1348 # such that: 1349 # 1350 # - a 64 bit integer is encoded followed by a single byte of value 1 1351 # - a string is encoded in UTF-8 format followed by a single byte of value 2 1352 "name": "A String", # Name describing the field. 1353 }, 1354 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 1355 # This annotation will be applied to the surrogate by prefixing it with 1356 # the name of the custom infoType followed by the number of 1357 # characters comprising the surrogate. The following scheme defines the 1358 # format: info_type_name(surrogate_character_count):surrogate 1359 # 1360 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 1361 # the surrogate is 'abc', the full replacement value 1362 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1363 # 1364 # This annotation identifies the surrogate when inspecting content using the 1365 # custom infoType 1366 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 1367 # This facilitates reversal of the surrogate when it occurs in free text. 1368 # 1369 # In order for inspection to work properly, the name of this infoType must 1370 # not occur naturally anywhere in your data; otherwise, inspection may 1371 # find a surrogate that does not correspond to an actual identifier. 1372 # Therefore, choose your custom infoType name carefully after considering 1373 # what your data looks like. One way to select a name that has a high chance 1374 # of yielding reliable detection is to include one or more unicode characters 1375 # that are highly improbable to exist in your data. 1376 # For example, assuming your data is entered from a regular ASCII keyboard, 1377 # the symbol with the hex code point 29DD might be used like so: 1378 # ⧝MY_TOKEN_TYPE 1379 "name": "A String", # Name of the information type. Either a name of your choosing when 1380 # creating a CustomInfoType, or one of the names listed 1381 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1382 # a built-in type. InfoType names should conform to the pattern 1383 # [a-zA-Z0-9_]{1,64}. 1384 }, 1385 }, 1386 "replaceConfig": { # Replace each input value with a given `Value`. 1387 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 1388 # Note that for the purposes of inspection or transformation, the number 1389 # of bytes considered to comprise a 'Value' is based on its representation 1390 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1391 # 123456789, the number of bytes would be counted as 9, even though an 1392 # int64 only holds up to 8 bytes of data. 1393 "floatValue": 3.14, 1394 "timestampValue": "A String", 1395 "dayOfWeekValue": "A String", 1396 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1397 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1398 # types are google.type.Date and `google.protobuf.Timestamp`. 1399 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1400 # to allow the value "24:00:00" for scenarios like business closing time. 1401 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1402 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1403 # allow the value 60 if it allows leap-seconds. 1404 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1405 }, 1406 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1407 # and time zone are either specified elsewhere or are not significant. The date 1408 # is relative to the Proleptic Gregorian Calendar. This can represent: 1409 # 1410 # * A full date, with non-zero year, month and day values 1411 # * A month and day value, with a zero year, e.g. an anniversary 1412 # * A year on its own, with zero month and day values 1413 # * A year and month value, with a zero day, e.g. a credit card expiration date 1414 # 1415 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1416 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1417 # a year. 1418 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1419 # if specifying a year by itself or a year and month where the day is not 1420 # significant. 1421 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1422 # month and day. 1423 }, 1424 "stringValue": "A String", 1425 "booleanValue": True or False, 1426 "integerValue": "A String", 1427 }, 1428 }, 1429 }, 1430 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 1431 # this transformation to apply to all findings that correspond to 1432 # infoTypes that were requested in `InspectConfig`. 1433 { # Type of information detected by the API. 1434 "name": "A String", # Name of the information type. Either a name of your choosing when 1435 # creating a CustomInfoType, or one of the names listed 1436 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1437 # a built-in type. InfoType names should conform to the pattern 1438 # [a-zA-Z0-9_]{1,64}. 1439 }, 1440 ], 1441 }, 1442 ], 1443 }, 1444 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 1445 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 1446 # fixed character. Masking can start from the beginning or end of the string. 1447 # This can be used on data of any type (numbers, longs, and so on) and when 1448 # de-identifying structured data we'll attempt to preserve the original data's 1449 # type. (This allows you to take a long like 123 and modify it to a string like 1450 # **3. 1451 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 1452 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 1453 # mask 5 chars with * we would produce ***-*55-5555. 1454 { # Characters to skip when doing deidentification of a value. These will be left 1455 # alone and skipped. 1456 "commonCharactersToIgnore": "A String", 1457 "charactersToSkip": "A String", 1458 }, 1459 ], 1460 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 1461 # masked. Skipped characters do not count towards this tally. 1462 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 1463 # alphabetic string such as name, or "0" for a numeric string such as ZIP 1464 # code or credit card number. String must have length 1. If not supplied, we 1465 # will default to "*" for strings, 0 for digits. 1466 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 1467 # '0', number_to_mask is 14, and `reverse_order` is false, then 1468 # 1234-5678-9012-3456 -> 00000000000000-3456 1469 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 1470 # is true, then 12345 -> 12*** 1471 }, 1472 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 1473 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 1474 # output would be 'My phone number is '. 1475 }, 1476 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 1477 # input. Outputs a base64 encoded representation of the encrypted output. 1478 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 1479 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 1480 # a key encryption key (KEK) stored by KMS). 1481 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1482 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1483 # unwrap the data crypto key. 1484 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1485 # The wrapped key must be a 128/192/256 bit key. 1486 # Authorization requires the following IAM permissions when sending a request 1487 # to perform a crypto transformation using a kms-wrapped crypto key: 1488 # dlp.kms.encrypt 1489 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1490 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1491 }, 1492 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1493 # leaking the key. Choose another type of key if possible. 1494 "key": "A String", # A 128/192/256 bit key. [required] 1495 }, 1496 "transient": { # Use this to have a random data crypto key generated. 1497 # It will be discarded after the request finishes. 1498 "name": "A String", # Name of the key. [required] 1499 # This is an arbitrary string used to differentiate different keys. 1500 # A unique key is generated per name: two separate `TransientCryptoKey` 1501 # protos share the same generated key if their names are the same. 1502 # When the data crypto key is generated, this name is not used in any way 1503 # (repeating the api call will result in a different key being generated). 1504 }, 1505 }, 1506 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 1507 # referential integrity such that the same identifier in two different 1508 # contexts will be given a distinct surrogate. The context is appended to 1509 # plaintext value being encrypted. On decryption the provided context is 1510 # validated against the value used during encryption. If a context was 1511 # provided during encryption, same context must be provided during decryption 1512 # as well. 1513 # 1514 # If the context is not set, plaintext would be used as is for encryption. 1515 # If the context is set but: 1516 # 1517 # 1. there is no record present when transforming a given value or 1518 # 2. the field is not present when transforming a given value, 1519 # 1520 # plaintext would be used as is for encryption. 1521 # 1522 # Note that case (1) is expected when an `InfoTypeTransformation` is 1523 # applied to both structured and non-structured `ContentItem`s. 1524 "name": "A String", # Name describing the field. 1525 }, 1526 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 1527 # This annotation will be applied to the surrogate by prefixing it with 1528 # the name of the custom info type followed by the number of 1529 # characters comprising the surrogate. The following scheme defines the 1530 # format: <info type name>(<surrogate character count>):<surrogate> 1531 # 1532 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 1533 # the surrogate is 'abc', the full replacement value 1534 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1535 # 1536 # This annotation identifies the surrogate when inspecting content using the 1537 # custom info type 'Surrogate'. This facilitates reversal of the 1538 # surrogate when it occurs in free text. 1539 # 1540 # In order for inspection to work properly, the name of this info type must 1541 # not occur naturally anywhere in your data; otherwise, inspection may either 1542 # 1543 # - reverse a surrogate that does not correspond to an actual identifier 1544 # - be unable to parse the surrogate and result in an error 1545 # 1546 # Therefore, choose your custom info type name carefully after considering 1547 # what your data looks like. One way to select a name that has a high chance 1548 # of yielding reliable detection is to include one or more unicode characters 1549 # that are highly improbable to exist in your data. 1550 # For example, assuming your data is entered from a regular ASCII keyboard, 1551 # the symbol with the hex code point 29DD might be used like so: 1552 # ⧝MY_TOKEN_TYPE 1553 "name": "A String", # Name of the information type. Either a name of your choosing when 1554 # creating a CustomInfoType, or one of the names listed 1555 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1556 # a built-in type. InfoType names should conform to the pattern 1557 # [a-zA-Z0-9_]{1,64}. 1558 }, 1559 }, 1560 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 1561 # Bucketing transformation can provide all of this functionality, 1562 # but requires more configuration. This message is provided as a convenience to 1563 # the user for simple bucketing strategies. 1564 # 1565 # The transformed value will be a hyphenated string of 1566 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 1567 # all values that are within this bucket will be replaced with "10-20". 1568 # 1569 # This can be used on data of type: double, long. 1570 # 1571 # If the bound Value type differs from the type of data 1572 # being transformed, we will first attempt converting the type of the data to 1573 # be transformed to match the type of the bound before comparing. 1574 # 1575 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1576 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 1577 # grouped together into a single bucket; for example if `lower_bound` = 10, 1578 # then all values less than 10 are replaced with the value “-10”. [Required]. 1579 # Note that for the purposes of inspection or transformation, the number 1580 # of bytes considered to comprise a 'Value' is based on its representation 1581 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1582 # 123456789, the number of bytes would be counted as 9, even though an 1583 # int64 only holds up to 8 bytes of data. 1584 "floatValue": 3.14, 1585 "timestampValue": "A String", 1586 "dayOfWeekValue": "A String", 1587 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1588 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1589 # types are google.type.Date and `google.protobuf.Timestamp`. 1590 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1591 # to allow the value "24:00:00" for scenarios like business closing time. 1592 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1593 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1594 # allow the value 60 if it allows leap-seconds. 1595 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1596 }, 1597 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1598 # and time zone are either specified elsewhere or are not significant. The date 1599 # is relative to the Proleptic Gregorian Calendar. This can represent: 1600 # 1601 # * A full date, with non-zero year, month and day values 1602 # * A month and day value, with a zero year, e.g. an anniversary 1603 # * A year on its own, with zero month and day values 1604 # * A year and month value, with a zero day, e.g. a credit card expiration date 1605 # 1606 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1607 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1608 # a year. 1609 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1610 # if specifying a year by itself or a year and month where the day is not 1611 # significant. 1612 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1613 # month and day. 1614 }, 1615 "stringValue": "A String", 1616 "booleanValue": True or False, 1617 "integerValue": "A String", 1618 }, 1619 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 1620 # grouped together into a single bucket; for example if `upper_bound` = 89, 1621 # then all values greater than 89 are replaced with the value “89+”. 1622 # [Required]. 1623 # Note that for the purposes of inspection or transformation, the number 1624 # of bytes considered to comprise a 'Value' is based on its representation 1625 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1626 # 123456789, the number of bytes would be counted as 9, even though an 1627 # int64 only holds up to 8 bytes of data. 1628 "floatValue": 3.14, 1629 "timestampValue": "A String", 1630 "dayOfWeekValue": "A String", 1631 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1632 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1633 # types are google.type.Date and `google.protobuf.Timestamp`. 1634 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1635 # to allow the value "24:00:00" for scenarios like business closing time. 1636 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1637 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1638 # allow the value 60 if it allows leap-seconds. 1639 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1640 }, 1641 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1642 # and time zone are either specified elsewhere or are not significant. The date 1643 # is relative to the Proleptic Gregorian Calendar. This can represent: 1644 # 1645 # * A full date, with non-zero year, month and day values 1646 # * A month and day value, with a zero year, e.g. an anniversary 1647 # * A year on its own, with zero month and day values 1648 # * A year and month value, with a zero day, e.g. a credit card expiration date 1649 # 1650 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1651 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1652 # a year. 1653 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1654 # if specifying a year by itself or a year and month where the day is not 1655 # significant. 1656 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1657 # month and day. 1658 }, 1659 "stringValue": "A String", 1660 "booleanValue": True or False, 1661 "integerValue": "A String", 1662 }, 1663 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 1664 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 1665 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 1666 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 1667 }, 1668 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 1669 }, 1670 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 1671 # portion of the value. 1672 "partToExtract": "A String", 1673 }, 1674 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 1675 # Uses SHA-256. 1676 # The key size must be either 32 or 64 bytes. 1677 # Outputs a base64 encoded representation of the hashed output 1678 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 1679 # Currently, only string and integer values can be hashed. 1680 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 1681 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 1682 # a key encryption key (KEK) stored by KMS). 1683 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1684 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1685 # unwrap the data crypto key. 1686 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1687 # The wrapped key must be a 128/192/256 bit key. 1688 # Authorization requires the following IAM permissions when sending a request 1689 # to perform a crypto transformation using a kms-wrapped crypto key: 1690 # dlp.kms.encrypt 1691 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1692 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1693 }, 1694 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1695 # leaking the key. Choose another type of key if possible. 1696 "key": "A String", # A 128/192/256 bit key. [required] 1697 }, 1698 "transient": { # Use this to have a random data crypto key generated. 1699 # It will be discarded after the request finishes. 1700 "name": "A String", # Name of the key. [required] 1701 # This is an arbitrary string used to differentiate different keys. 1702 # A unique key is generated per name: two separate `TransientCryptoKey` 1703 # protos share the same generated key if their names are the same. 1704 # When the data crypto key is generated, this name is not used in any way 1705 # (repeating the api call will result in a different key being generated). 1706 }, 1707 }, 1708 }, 1709 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 1710 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 1711 # to learn more. 1712 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 1713 # results in the same shift for the same context and crypto_key. 1714 # a key encryption key (KEK) stored by KMS). 1715 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1716 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1717 # unwrap the data crypto key. 1718 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1719 # The wrapped key must be a 128/192/256 bit key. 1720 # Authorization requires the following IAM permissions when sending a request 1721 # to perform a crypto transformation using a kms-wrapped crypto key: 1722 # dlp.kms.encrypt 1723 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1724 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1725 }, 1726 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1727 # leaking the key. Choose another type of key if possible. 1728 "key": "A String", # A 128/192/256 bit key. [required] 1729 }, 1730 "transient": { # Use this to have a random data crypto key generated. 1731 # It will be discarded after the request finishes. 1732 "name": "A String", # Name of the key. [required] 1733 # This is an arbitrary string used to differentiate different keys. 1734 # A unique key is generated per name: two separate `TransientCryptoKey` 1735 # protos share the same generated key if their names are the same. 1736 # When the data crypto key is generated, this name is not used in any way 1737 # (repeating the api call will result in a different key being generated). 1738 }, 1739 }, 1740 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 1741 # [Required] 1742 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 1743 # range (inclusive ends). Negative means shift to earlier in time. Must not 1744 # be more than 365250 days (1000 years) each direction. 1745 # 1746 # For example, 3 means shift date to at most 3 days into the future. 1747 # [Required] 1748 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 1749 # If set, must also set method. If set, shift will be consistent for the 1750 # given context. 1751 "name": "A String", # Name describing the field. 1752 }, 1753 }, 1754 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 1755 # replacement values are dynamically provided by the user for custom behavior, 1756 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 1757 # This can be used on 1758 # data of type: number, long, string, timestamp. 1759 # If the bound `Value` type differs from the type of data being transformed, we 1760 # will first attempt converting the type of the data to be transformed to match 1761 # the type of the bound before comparing. 1762 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 1763 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 1764 { # Bucket is represented as a range, along with replacement values. 1765 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 1766 # Note that for the purposes of inspection or transformation, the number 1767 # of bytes considered to comprise a 'Value' is based on its representation 1768 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1769 # 123456789, the number of bytes would be counted as 9, even though an 1770 # int64 only holds up to 8 bytes of data. 1771 "floatValue": 3.14, 1772 "timestampValue": "A String", 1773 "dayOfWeekValue": "A String", 1774 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1775 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1776 # types are google.type.Date and `google.protobuf.Timestamp`. 1777 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1778 # to allow the value "24:00:00" for scenarios like business closing time. 1779 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1780 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1781 # allow the value 60 if it allows leap-seconds. 1782 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1783 }, 1784 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1785 # and time zone are either specified elsewhere or are not significant. The date 1786 # is relative to the Proleptic Gregorian Calendar. This can represent: 1787 # 1788 # * A full date, with non-zero year, month and day values 1789 # * A month and day value, with a zero year, e.g. an anniversary 1790 # * A year on its own, with zero month and day values 1791 # * A year and month value, with a zero day, e.g. a credit card expiration date 1792 # 1793 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1794 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1795 # a year. 1796 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1797 # if specifying a year by itself or a year and month where the day is not 1798 # significant. 1799 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1800 # month and day. 1801 }, 1802 "stringValue": "A String", 1803 "booleanValue": True or False, 1804 "integerValue": "A String", 1805 }, 1806 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 1807 # the default behavior will be to hyphenate the min-max range. 1808 # Note that for the purposes of inspection or transformation, the number 1809 # of bytes considered to comprise a 'Value' is based on its representation 1810 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1811 # 123456789, the number of bytes would be counted as 9, even though an 1812 # int64 only holds up to 8 bytes of data. 1813 "floatValue": 3.14, 1814 "timestampValue": "A String", 1815 "dayOfWeekValue": "A String", 1816 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1817 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1818 # types are google.type.Date and `google.protobuf.Timestamp`. 1819 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1820 # to allow the value "24:00:00" for scenarios like business closing time. 1821 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1822 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1823 # allow the value 60 if it allows leap-seconds. 1824 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1825 }, 1826 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1827 # and time zone are either specified elsewhere or are not significant. The date 1828 # is relative to the Proleptic Gregorian Calendar. This can represent: 1829 # 1830 # * A full date, with non-zero year, month and day values 1831 # * A month and day value, with a zero year, e.g. an anniversary 1832 # * A year on its own, with zero month and day values 1833 # * A year and month value, with a zero day, e.g. a credit card expiration date 1834 # 1835 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1836 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1837 # a year. 1838 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1839 # if specifying a year by itself or a year and month where the day is not 1840 # significant. 1841 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1842 # month and day. 1843 }, 1844 "stringValue": "A String", 1845 "booleanValue": True or False, 1846 "integerValue": "A String", 1847 }, 1848 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 1849 # used. 1850 # Note that for the purposes of inspection or transformation, the number 1851 # of bytes considered to comprise a 'Value' is based on its representation 1852 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 1853 # 123456789, the number of bytes would be counted as 9, even though an 1854 # int64 only holds up to 8 bytes of data. 1855 "floatValue": 3.14, 1856 "timestampValue": "A String", 1857 "dayOfWeekValue": "A String", 1858 "timeValue": { # Represents a time of day. The date and time zone are either not significant 1859 # or are specified elsewhere. An API may choose to allow leap seconds. Related 1860 # types are google.type.Date and `google.protobuf.Timestamp`. 1861 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 1862 # to allow the value "24:00:00" for scenarios like business closing time. 1863 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 1864 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 1865 # allow the value 60 if it allows leap-seconds. 1866 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 1867 }, 1868 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 1869 # and time zone are either specified elsewhere or are not significant. The date 1870 # is relative to the Proleptic Gregorian Calendar. This can represent: 1871 # 1872 # * A full date, with non-zero year, month and day values 1873 # * A month and day value, with a zero year, e.g. an anniversary 1874 # * A year on its own, with zero month and day values 1875 # * A year and month value, with a zero day, e.g. a credit card expiration date 1876 # 1877 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 1878 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 1879 # a year. 1880 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 1881 # if specifying a year by itself or a year and month where the day is not 1882 # significant. 1883 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 1884 # month and day. 1885 }, 1886 "stringValue": "A String", 1887 "booleanValue": True or False, 1888 "integerValue": "A String", 1889 }, 1890 }, 1891 ], 1892 }, 1893 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 1894 # (FPE) with the FFX mode of operation; however when used in the 1895 # `ReidentifyContent` API method, it serves the opposite function by reversing 1896 # the surrogate back into the original identifier. The identifier must be 1897 # encoded as ASCII. For a given crypto key and context, the same identifier 1898 # will be replaced with the same surrogate. Identifiers must be at least two 1899 # characters long. In the case that the identifier is the empty string, it will 1900 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 1901 # more. 1902 # 1903 # Note: We recommend using CryptoDeterministicConfig for all use cases which 1904 # do not require preserving the input alphabet space and size, plus warrant 1905 # referential integrity. 1906 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 1907 # a key encryption key (KEK) stored by KMS). 1908 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 1909 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 1910 # unwrap the data crypto key. 1911 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 1912 # The wrapped key must be a 128/192/256 bit key. 1913 # Authorization requires the following IAM permissions when sending a request 1914 # to perform a crypto transformation using a kms-wrapped crypto key: 1915 # dlp.kms.encrypt 1916 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 1917 "wrappedKey": "A String", # The wrapped data crypto key. [required] 1918 }, 1919 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 1920 # leaking the key. Choose another type of key if possible. 1921 "key": "A String", # A 128/192/256 bit key. [required] 1922 }, 1923 "transient": { # Use this to have a random data crypto key generated. 1924 # It will be discarded after the request finishes. 1925 "name": "A String", # Name of the key. [required] 1926 # This is an arbitrary string used to differentiate different keys. 1927 # A unique key is generated per name: two separate `TransientCryptoKey` 1928 # protos share the same generated key if their names are the same. 1929 # When the data crypto key is generated, this name is not used in any way 1930 # (repeating the api call will result in a different key being generated). 1931 }, 1932 }, 1933 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 1934 "commonAlphabet": "A String", 1935 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 1936 # that the FFX mode natively supports. This happens before/after 1937 # encryption/decryption. 1938 # Each character listed must appear only once. 1939 # Number of characters must be in the range [2, 62]. 1940 # This must be encoded as ASCII. 1941 # The order of characters does not matter. 1942 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 1943 # identifier in two different contexts won't be given the same surrogate. If 1944 # the context is not set, a default tweak will be used. 1945 # 1946 # If the context is set but: 1947 # 1948 # 1. there is no record present when transforming a given value or 1949 # 1. the field is not present when transforming a given value, 1950 # 1951 # a default tweak will be used. 1952 # 1953 # Note that case (1) is expected when an `InfoTypeTransformation` is 1954 # applied to both structured and non-structured `ContentItem`s. 1955 # Currently, the referenced field may be of value type integer or string. 1956 # 1957 # The tweak is constructed as a sequence of bytes in big endian byte order 1958 # such that: 1959 # 1960 # - a 64 bit integer is encoded followed by a single byte of value 1 1961 # - a string is encoded in UTF-8 format followed by a single byte of value 2 1962 "name": "A String", # Name describing the field. 1963 }, 1964 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 1965 # This annotation will be applied to the surrogate by prefixing it with 1966 # the name of the custom infoType followed by the number of 1967 # characters comprising the surrogate. The following scheme defines the 1968 # format: info_type_name(surrogate_character_count):surrogate 1969 # 1970 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 1971 # the surrogate is 'abc', the full replacement value 1972 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 1973 # 1974 # This annotation identifies the surrogate when inspecting content using the 1975 # custom infoType 1976 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 1977 # This facilitates reversal of the surrogate when it occurs in free text. 1978 # 1979 # In order for inspection to work properly, the name of this infoType must 1980 # not occur naturally anywhere in your data; otherwise, inspection may 1981 # find a surrogate that does not correspond to an actual identifier. 1982 # Therefore, choose your custom infoType name carefully after considering 1983 # what your data looks like. One way to select a name that has a high chance 1984 # of yielding reliable detection is to include one or more unicode characters 1985 # that are highly improbable to exist in your data. 1986 # For example, assuming your data is entered from a regular ASCII keyboard, 1987 # the symbol with the hex code point 29DD might be used like so: 1988 # ⧝MY_TOKEN_TYPE 1989 "name": "A String", # Name of the information type. Either a name of your choosing when 1990 # creating a CustomInfoType, or one of the names listed 1991 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 1992 # a built-in type. InfoType names should conform to the pattern 1993 # [a-zA-Z0-9_]{1,64}. 1994 }, 1995 }, 1996 "replaceConfig": { # Replace each input value with a given `Value`. 1997 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 1998 # Note that for the purposes of inspection or transformation, the number 1999 # of bytes considered to comprise a 'Value' is based on its representation 2000 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2001 # 123456789, the number of bytes would be counted as 9, even though an 2002 # int64 only holds up to 8 bytes of data. 2003 "floatValue": 3.14, 2004 "timestampValue": "A String", 2005 "dayOfWeekValue": "A String", 2006 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2007 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2008 # types are google.type.Date and `google.protobuf.Timestamp`. 2009 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2010 # to allow the value "24:00:00" for scenarios like business closing time. 2011 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2012 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2013 # allow the value 60 if it allows leap-seconds. 2014 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2015 }, 2016 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2017 # and time zone are either specified elsewhere or are not significant. The date 2018 # is relative to the Proleptic Gregorian Calendar. This can represent: 2019 # 2020 # * A full date, with non-zero year, month and day values 2021 # * A month and day value, with a zero year, e.g. an anniversary 2022 # * A year on its own, with zero month and day values 2023 # * A year and month value, with a zero day, e.g. a credit card expiration date 2024 # 2025 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2026 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2027 # a year. 2028 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2029 # if specifying a year by itself or a year and month where the day is not 2030 # significant. 2031 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2032 # month and day. 2033 }, 2034 "stringValue": "A String", 2035 "booleanValue": True or False, 2036 "integerValue": "A String", 2037 }, 2038 }, 2039 }, 2040 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 2041 # given `RecordCondition`. The conditions are allowed to reference fields 2042 # that are not used in the actual transformation. [optional] 2043 # 2044 # Example Use Cases: 2045 # 2046 # - Apply a different bucket transformation to an age column if the zip code 2047 # column for the same record is within a specific range. 2048 # - Redact a field if the date of birth field is greater than 85. 2049 # a field. 2050 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 2051 "conditions": { # A collection of conditions. 2052 "conditions": [ 2053 { # The field type of `value` and `field` do not need to match to be 2054 # considered equal, but not all comparisons are possible. 2055 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 2056 # but all other comparisons are invalid with incompatible types. 2057 # A `value` of type: 2058 # 2059 # - `string` can be compared against all other types 2060 # - `boolean` can only be compared against other booleans 2061 # - `integer` can be compared against doubles or a string if the string value 2062 # can be parsed as an integer. 2063 # - `double` can be compared against integers or a string if the string can 2064 # be parsed as a double. 2065 # - `Timestamp` can be compared against strings in RFC 3339 date string 2066 # format. 2067 # - `TimeOfDay` can be compared against timestamps and strings in the format 2068 # of 'HH:mm:ss'. 2069 # 2070 # If we fail to compare do to type mismatch, a warning will be given and 2071 # the condition will evaluate to false. 2072 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 2073 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 2074 "name": "A String", # Name describing the field. 2075 }, 2076 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 2077 # Note that for the purposes of inspection or transformation, the number 2078 # of bytes considered to comprise a 'Value' is based on its representation 2079 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2080 # 123456789, the number of bytes would be counted as 9, even though an 2081 # int64 only holds up to 8 bytes of data. 2082 "floatValue": 3.14, 2083 "timestampValue": "A String", 2084 "dayOfWeekValue": "A String", 2085 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2086 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2087 # types are google.type.Date and `google.protobuf.Timestamp`. 2088 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2089 # to allow the value "24:00:00" for scenarios like business closing time. 2090 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2091 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2092 # allow the value 60 if it allows leap-seconds. 2093 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2094 }, 2095 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2096 # and time zone are either specified elsewhere or are not significant. The date 2097 # is relative to the Proleptic Gregorian Calendar. This can represent: 2098 # 2099 # * A full date, with non-zero year, month and day values 2100 # * A month and day value, with a zero year, e.g. an anniversary 2101 # * A year on its own, with zero month and day values 2102 # * A year and month value, with a zero day, e.g. a credit card expiration date 2103 # 2104 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2105 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2106 # a year. 2107 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2108 # if specifying a year by itself or a year and month where the day is not 2109 # significant. 2110 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2111 # month and day. 2112 }, 2113 "stringValue": "A String", 2114 "booleanValue": True or False, 2115 "integerValue": "A String", 2116 }, 2117 }, 2118 ], 2119 }, 2120 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 2121 # only supported value is `AND`. 2122 }, 2123 }, 2124 "fields": [ # Input field(s) to apply the transformation to. [required] 2125 { # General identifier of a data field in a storage service. 2126 "name": "A String", # Name describing the field. 2127 }, 2128 ], 2129 }, 2130 ], 2131 }, 2132 }, 2133 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector. 2134 # Items specified here will override the template referenced by the 2135 # inspect_template_name argument. 2136 # When used with redactContent only info_types and min_likelihood are currently 2137 # used. 2138 "excludeInfoTypes": True or False, # When true, excludes type information of the findings. 2139 "limits": { 2140 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job. 2141 # When set within `InspectContentRequest`, the maximum returned is 2000 2142 # regardless if this is set higher. 2143 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes. 2144 { # Max findings configuration per infoType, per content item or long 2145 # running DlpJob. 2146 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per 2147 # info_type should be provided. If InfoTypeLimit does not have an 2148 # info_type, the DLP API applies the limit against all info_types that 2149 # are found but not specified in another InfoTypeLimit. 2150 "name": "A String", # Name of the information type. Either a name of your choosing when 2151 # creating a CustomInfoType, or one of the names listed 2152 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2153 # a built-in type. InfoType names should conform to the pattern 2154 # [a-zA-Z0-9_]{1,64}. 2155 }, 2156 "maxFindings": 42, # Max findings limit for the given infoType. 2157 }, 2158 ], 2159 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned. 2160 # When set within `InspectDataSourceRequest`, 2161 # the maximum returned is 2000 regardless if this is set higher. 2162 # When set within `InspectContentRequest`, this field is ignored. 2163 }, 2164 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is 2165 # POSSIBLE. 2166 # See https://cloud.google.com/dlp/docs/likelihood to learn more. 2167 "customInfoTypes": [ # CustomInfoTypes provided by the user. See 2168 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. 2169 { # Custom information type provided by the user. Used to find domain-specific 2170 # sensitive information configurable to the data in question. 2171 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType. 2172 "pattern": "A String", # Pattern defining the regular expression. Its syntax 2173 # (https://github.com/google/re2/wiki/Syntax) can be found under the 2174 # google/re2 repository on GitHub. 2175 "groupIndexes": [ # The index of the submatch to extract as findings. When not 2176 # specified, the entire match is returned. No more than 3 may be included. 2177 42, 2178 ], 2179 }, 2180 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that 2181 # support reversing. 2182 # such as 2183 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig). 2184 # These types of transformations are 2185 # those that perform pseudonymization, thereby producing a "surrogate" as 2186 # output. This should be used in conjunction with a field on the 2187 # transformation such as `surrogate_info_type`. This CustomInfoType does 2188 # not support the use of `detection_rules`. 2189 }, 2190 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in 2191 # infoType, when the name matches one of existing infoTypes and that infoType 2192 # is specified in `InspectContent.info_types` field. Specifying the latter 2193 # adds findings to the one detected by the system. If built-in info type is 2194 # not specified in `InspectContent.info_types` list then the name is treated 2195 # as a custom info type. 2196 "name": "A String", # Name of the information type. Either a name of your choosing when 2197 # creating a CustomInfoType, or one of the names listed 2198 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2199 # a built-in type. InfoType names should conform to the pattern 2200 # [a-zA-Z0-9_]{1,64}. 2201 }, 2202 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType. 2203 # be used to match sensitive information specific to the data, such as a list 2204 # of employee IDs or job titles. 2205 # 2206 # Dictionary words are case-insensitive and all characters other than letters 2207 # and digits in the unicode [Basic Multilingual 2208 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 2209 # will be replaced with whitespace when scanning for matches, so the 2210 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 2211 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 2212 # surrounding any match must be of a different type than the adjacent 2213 # characters within the word, so letters must be next to non-letters and 2214 # digits next to non-digits. For example, the dictionary word "jen" will 2215 # match the first three letters of the text "jen123" but will return no 2216 # matches for "jennifer". 2217 # 2218 # Dictionary words containing a large number of characters that are not 2219 # letters or digits may result in unexpected findings because such characters 2220 # are treated as whitespace. The 2221 # [limits](https://cloud.google.com/dlp/limits) page contains details about 2222 # the size limits of dictionaries. For dictionaries that do not fit within 2223 # these constraints, consider using `LargeCustomDictionaryConfig` in the 2224 # `StoredInfoType` API. 2225 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 2226 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 2227 # at least one phrase and every phrase must contain at least 2 characters 2228 # that are letters or digits. [required] 2229 "A String", 2230 ], 2231 }, 2232 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 2233 # is accepted. 2234 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 2235 # Example: gs://[BUCKET_NAME]/dictionary.txt 2236 }, 2237 }, 2238 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in 2239 # `InspectDataSource`. Not currently supported in `InspectContent`. 2240 "name": "A String", # Resource name of the requested `StoredInfoType`, for example 2241 # `organizations/433245324/storedInfoTypes/432452342` or 2242 # `projects/project-id/storedInfoTypes/432452342`. 2243 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for 2244 # inspection was created. Output-only field, populated by the system. 2245 }, 2246 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType. 2247 # Rules are applied in order that they are specified. Not supported for the 2248 # `surrogate_type` CustomInfoType. 2249 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a 2250 # `CustomInfoType` to alter behavior under certain circumstances, depending 2251 # on the specific details of the rule. Not supported for the `surrogate_type` 2252 # custom infoType. 2253 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 2254 # proximity of hotwords. 2255 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 2256 # The total length of the window cannot exceed 1000 characters. Note that 2257 # the finding itself will be included in the window, so that hotwords may 2258 # be used to match substrings of the finding itself. For example, the 2259 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 2260 # adjusted upwards if the area code is known to be the local area code of 2261 # a company office using the hotword regex "\(xxx\)", where "xxx" 2262 # is the area code in question. 2263 # rule. 2264 "windowAfter": 42, # Number of characters after the finding to consider. 2265 "windowBefore": 42, # Number of characters before the finding to consider. 2266 }, 2267 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 2268 "pattern": "A String", # Pattern defining the regular expression. Its syntax 2269 # (https://github.com/google/re2/wiki/Syntax) can be found under the 2270 # google/re2 repository on GitHub. 2271 "groupIndexes": [ # The index of the submatch to extract as findings. When not 2272 # specified, the entire match is returned. No more than 3 may be included. 2273 42, 2274 ], 2275 }, 2276 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 2277 # part of a detection rule. 2278 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 2279 # levels. For example, if a finding would be `POSSIBLE` without the 2280 # detection rule and `relative_likelihood` is 1, then it is upgraded to 2281 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 2282 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 2283 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 2284 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 2285 # a final likelihood of `LIKELY`. 2286 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 2287 }, 2288 }, 2289 }, 2290 ], 2291 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding 2292 # to be returned. It still can be used for rules matching. 2293 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be 2294 # altered by a detection rule if the finding meets the criteria specified by 2295 # the rule. Defaults to `VERY_LIKELY` if not specified. 2296 }, 2297 ], 2298 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is 2299 # included in the response; see Finding.quote. 2300 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig. 2301 # Exclusion rules, contained in the set are executed in the end, other 2302 # rules are executed in the order they are specified for each info type. 2303 { # Rule set for modifying a set of infoTypes to alter behavior under certain 2304 # circumstances, depending on the specific details of the rules within the set. 2305 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order. 2306 { # A single inspection rule to be applied to infoTypes, specified in 2307 # `InspectionRuleSet`. 2308 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 2309 # proximity of hotwords. 2310 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 2311 # The total length of the window cannot exceed 1000 characters. Note that 2312 # the finding itself will be included in the window, so that hotwords may 2313 # be used to match substrings of the finding itself. For example, the 2314 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 2315 # adjusted upwards if the area code is known to be the local area code of 2316 # a company office using the hotword regex "\(xxx\)", where "xxx" 2317 # is the area code in question. 2318 # rule. 2319 "windowAfter": 42, # Number of characters after the finding to consider. 2320 "windowBefore": 42, # Number of characters before the finding to consider. 2321 }, 2322 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 2323 "pattern": "A String", # Pattern defining the regular expression. Its syntax 2324 # (https://github.com/google/re2/wiki/Syntax) can be found under the 2325 # google/re2 repository on GitHub. 2326 "groupIndexes": [ # The index of the submatch to extract as findings. When not 2327 # specified, the entire match is returned. No more than 3 may be included. 2328 42, 2329 ], 2330 }, 2331 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 2332 # part of a detection rule. 2333 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 2334 # levels. For example, if a finding would be `POSSIBLE` without the 2335 # detection rule and `relative_likelihood` is 1, then it is upgraded to 2336 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 2337 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 2338 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 2339 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 2340 # a final likelihood of `LIKELY`. 2341 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 2342 }, 2343 }, 2344 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule. 2345 # `InspectionRuleSet` are removed from results. 2346 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule. 2347 "pattern": "A String", # Pattern defining the regular expression. Its syntax 2348 # (https://github.com/google/re2/wiki/Syntax) can be found under the 2349 # google/re2 repository on GitHub. 2350 "groupIndexes": [ # The index of the submatch to extract as findings. When not 2351 # specified, the entire match is returned. No more than 3 may be included. 2352 42, 2353 ], 2354 }, 2355 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule. 2356 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or 2357 # contained within with a finding of an infoType from this list. For 2358 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and 2359 # `exclusion_rule` containing `exclude_info_types.info_types` with 2360 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap 2361 # with EMAIL_ADDRESS finding. 2362 # That leads to "555-222-2222@example.org" to generate only a single 2363 # finding, namely email address. 2364 { # Type of information detected by the API. 2365 "name": "A String", # Name of the information type. Either a name of your choosing when 2366 # creating a CustomInfoType, or one of the names listed 2367 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2368 # a built-in type. InfoType names should conform to the pattern 2369 # [a-zA-Z0-9_]{1,64}. 2370 }, 2371 ], 2372 }, 2373 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule. 2374 # be used to match sensitive information specific to the data, such as a list 2375 # of employee IDs or job titles. 2376 # 2377 # Dictionary words are case-insensitive and all characters other than letters 2378 # and digits in the unicode [Basic Multilingual 2379 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 2380 # will be replaced with whitespace when scanning for matches, so the 2381 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 2382 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 2383 # surrounding any match must be of a different type than the adjacent 2384 # characters within the word, so letters must be next to non-letters and 2385 # digits next to non-digits. For example, the dictionary word "jen" will 2386 # match the first three letters of the text "jen123" but will return no 2387 # matches for "jennifer". 2388 # 2389 # Dictionary words containing a large number of characters that are not 2390 # letters or digits may result in unexpected findings because such characters 2391 # are treated as whitespace. The 2392 # [limits](https://cloud.google.com/dlp/limits) page contains details about 2393 # the size limits of dictionaries. For dictionaries that do not fit within 2394 # these constraints, consider using `LargeCustomDictionaryConfig` in the 2395 # `StoredInfoType` API. 2396 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 2397 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 2398 # at least one phrase and every phrase must contain at least 2 characters 2399 # that are letters or digits. [required] 2400 "A String", 2401 ], 2402 }, 2403 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 2404 # is accepted. 2405 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 2406 # Example: gs://[BUCKET_NAME]/dictionary.txt 2407 }, 2408 }, 2409 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details. 2410 }, 2411 }, 2412 ], 2413 "infoTypes": [ # List of infoTypes this rule set is applied to. 2414 { # Type of information detected by the API. 2415 "name": "A String", # Name of the information type. Either a name of your choosing when 2416 # creating a CustomInfoType, or one of the names listed 2417 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2418 # a built-in type. InfoType names should conform to the pattern 2419 # [a-zA-Z0-9_]{1,64}. 2420 }, 2421 ], 2422 }, 2423 ], 2424 "contentOptions": [ # List of options defining data content to scan. 2425 # If empty, text, images, and other content will be included. 2426 "A String", 2427 ], 2428 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to 2429 # InfoType values returned by ListInfoTypes or listed at 2430 # https://cloud.google.com/dlp/docs/infotypes-reference. 2431 # 2432 # When no InfoTypes or CustomInfoTypes are specified in a request, the 2433 # system may automatically choose what detectors to run. By default this may 2434 # be all types, but may change over time as detectors are updated. 2435 # 2436 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors, 2437 # but may change over time as new InfoTypes are added. If you need precise 2438 # control and predictability as to what detectors are run you should specify 2439 # specific InfoTypes listed in the reference. 2440 { # Type of information detected by the API. 2441 "name": "A String", # Name of the information type. Either a name of your choosing when 2442 # creating a CustomInfoType, or one of the names listed 2443 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2444 # a built-in type. InfoType names should conform to the pattern 2445 # [a-zA-Z0-9_]{1,64}. 2446 }, 2447 ], 2448 }, 2449 "item": { # Container structure for the content to inspect. # The item to de-identify. Will be treated as text. 2450 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See 2451 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 2452 # learn more. 2453 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 2454 # learn more. 2455 "headers": [ 2456 { # General identifier of a data field in a storage service. 2457 "name": "A String", # Name describing the field. 2458 }, 2459 ], 2460 "rows": [ 2461 { 2462 "values": [ 2463 { # Set of primitive values supported by the system. 2464 # Note that for the purposes of inspection or transformation, the number 2465 # of bytes considered to comprise a 'Value' is based on its representation 2466 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2467 # 123456789, the number of bytes would be counted as 9, even though an 2468 # int64 only holds up to 8 bytes of data. 2469 "floatValue": 3.14, 2470 "timestampValue": "A String", 2471 "dayOfWeekValue": "A String", 2472 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2473 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2474 # types are google.type.Date and `google.protobuf.Timestamp`. 2475 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2476 # to allow the value "24:00:00" for scenarios like business closing time. 2477 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2478 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2479 # allow the value 60 if it allows leap-seconds. 2480 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2481 }, 2482 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2483 # and time zone are either specified elsewhere or are not significant. The date 2484 # is relative to the Proleptic Gregorian Calendar. This can represent: 2485 # 2486 # * A full date, with non-zero year, month and day values 2487 # * A month and day value, with a zero year, e.g. an anniversary 2488 # * A year on its own, with zero month and day values 2489 # * A year and month value, with a zero day, e.g. a credit card expiration date 2490 # 2491 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2492 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2493 # a year. 2494 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2495 # if specifying a year by itself or a year and month where the day is not 2496 # significant. 2497 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2498 # month and day. 2499 }, 2500 "stringValue": "A String", 2501 "booleanValue": True or False, 2502 "integerValue": "A String", 2503 }, 2504 ], 2505 }, 2506 ], 2507 }, 2508 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`. 2509 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8. 2510 "data": "A String", # Content data to inspect or redact. 2511 }, 2512 "value": "A String", # String data to inspect or redact. 2513 }, 2514 } 2515 2516 x__xgafv: string, V1 error format. 2517 Allowed values 2518 1 - v1 error format 2519 2 - v2 error format 2520 2521Returns: 2522 An object of the form: 2523 2524 { # Results of de-identifying a ContentItem. 2525 "overview": { # Overview of the modifications that occurred. # An overview of the changes that were made on the `item`. 2526 "transformationSummaries": [ # Transformations applied to the dataset. 2527 { # Summary of a single transformation. 2528 # Only one of 'transformation', 'field_transformation', or 'record_suppress' 2529 # will be set. 2530 "infoType": { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType. 2531 "name": "A String", # Name of the information type. Either a name of your choosing when 2532 # creating a CustomInfoType, or one of the names listed 2533 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2534 # a built-in type. InfoType names should conform to the pattern 2535 # [a-zA-Z0-9_]{1,64}. 2536 }, 2537 "recordSuppress": { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to. 2538 # true. 2539 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 2540 # evaluated to be suppressed from the transformed content. 2541 # a field. 2542 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 2543 "conditions": { # A collection of conditions. 2544 "conditions": [ 2545 { # The field type of `value` and `field` do not need to match to be 2546 # considered equal, but not all comparisons are possible. 2547 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 2548 # but all other comparisons are invalid with incompatible types. 2549 # A `value` of type: 2550 # 2551 # - `string` can be compared against all other types 2552 # - `boolean` can only be compared against other booleans 2553 # - `integer` can be compared against doubles or a string if the string value 2554 # can be parsed as an integer. 2555 # - `double` can be compared against integers or a string if the string can 2556 # be parsed as a double. 2557 # - `Timestamp` can be compared against strings in RFC 3339 date string 2558 # format. 2559 # - `TimeOfDay` can be compared against timestamps and strings in the format 2560 # of 'HH:mm:ss'. 2561 # 2562 # If we fail to compare do to type mismatch, a warning will be given and 2563 # the condition will evaluate to false. 2564 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 2565 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 2566 "name": "A String", # Name describing the field. 2567 }, 2568 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 2569 # Note that for the purposes of inspection or transformation, the number 2570 # of bytes considered to comprise a 'Value' is based on its representation 2571 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2572 # 123456789, the number of bytes would be counted as 9, even though an 2573 # int64 only holds up to 8 bytes of data. 2574 "floatValue": 3.14, 2575 "timestampValue": "A String", 2576 "dayOfWeekValue": "A String", 2577 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2578 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2579 # types are google.type.Date and `google.protobuf.Timestamp`. 2580 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2581 # to allow the value "24:00:00" for scenarios like business closing time. 2582 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2583 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2584 # allow the value 60 if it allows leap-seconds. 2585 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2586 }, 2587 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2588 # and time zone are either specified elsewhere or are not significant. The date 2589 # is relative to the Proleptic Gregorian Calendar. This can represent: 2590 # 2591 # * A full date, with non-zero year, month and day values 2592 # * A month and day value, with a zero year, e.g. an anniversary 2593 # * A year on its own, with zero month and day values 2594 # * A year and month value, with a zero day, e.g. a credit card expiration date 2595 # 2596 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2597 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2598 # a year. 2599 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2600 # if specifying a year by itself or a year and month where the day is not 2601 # significant. 2602 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2603 # month and day. 2604 }, 2605 "stringValue": "A String", 2606 "booleanValue": True or False, 2607 "integerValue": "A String", 2608 }, 2609 }, 2610 ], 2611 }, 2612 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 2613 # only supported value is `AND`. 2614 }, 2615 }, 2616 }, 2617 "results": [ 2618 { # A collection that informs the user the number of times a particular 2619 # `TransformationResultCode` and error details occurred. 2620 "count": "A String", 2621 "code": "A String", 2622 "details": "A String", # A place for warnings or errors to show up if a transformation didn't 2623 # work as expected. 2624 }, 2625 ], 2626 "field": { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId. 2627 "name": "A String", # Name describing the field. 2628 }, 2629 "fieldTransformations": [ # The field transformation that was applied. 2630 # If multiple field transformations are requested for a single field, 2631 # this list will contain all of them; otherwise, only one is supplied. 2632 { # The transformation to apply to the field. 2633 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 2634 # transform content that matches an `InfoType`. 2635 # apply various `PrimitiveTransformation`s to each finding, where the 2636 # transformation is applied to only values that were identified as a specific 2637 # info_type. 2638 "transformations": [ # Transformation for each infoType. Cannot specify more than one 2639 # for a given infoType. [required] 2640 { # A transformation to apply to text that is identified as a specific 2641 # info_type. 2642 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 2643 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 2644 # fixed character. Masking can start from the beginning or end of the string. 2645 # This can be used on data of any type (numbers, longs, and so on) and when 2646 # de-identifying structured data we'll attempt to preserve the original data's 2647 # type. (This allows you to take a long like 123 and modify it to a string like 2648 # **3. 2649 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 2650 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 2651 # mask 5 chars with * we would produce ***-*55-5555. 2652 { # Characters to skip when doing deidentification of a value. These will be left 2653 # alone and skipped. 2654 "commonCharactersToIgnore": "A String", 2655 "charactersToSkip": "A String", 2656 }, 2657 ], 2658 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 2659 # masked. Skipped characters do not count towards this tally. 2660 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 2661 # alphabetic string such as name, or "0" for a numeric string such as ZIP 2662 # code or credit card number. String must have length 1. If not supplied, we 2663 # will default to "*" for strings, 0 for digits. 2664 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 2665 # '0', number_to_mask is 14, and `reverse_order` is false, then 2666 # 1234-5678-9012-3456 -> 00000000000000-3456 2667 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 2668 # is true, then 12345 -> 12*** 2669 }, 2670 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 2671 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 2672 # output would be 'My phone number is '. 2673 }, 2674 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 2675 # input. Outputs a base64 encoded representation of the encrypted output. 2676 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 2677 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 2678 # a key encryption key (KEK) stored by KMS). 2679 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2680 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2681 # unwrap the data crypto key. 2682 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2683 # The wrapped key must be a 128/192/256 bit key. 2684 # Authorization requires the following IAM permissions when sending a request 2685 # to perform a crypto transformation using a kms-wrapped crypto key: 2686 # dlp.kms.encrypt 2687 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2688 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2689 }, 2690 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2691 # leaking the key. Choose another type of key if possible. 2692 "key": "A String", # A 128/192/256 bit key. [required] 2693 }, 2694 "transient": { # Use this to have a random data crypto key generated. 2695 # It will be discarded after the request finishes. 2696 "name": "A String", # Name of the key. [required] 2697 # This is an arbitrary string used to differentiate different keys. 2698 # A unique key is generated per name: two separate `TransientCryptoKey` 2699 # protos share the same generated key if their names are the same. 2700 # When the data crypto key is generated, this name is not used in any way 2701 # (repeating the api call will result in a different key being generated). 2702 }, 2703 }, 2704 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 2705 # referential integrity such that the same identifier in two different 2706 # contexts will be given a distinct surrogate. The context is appended to 2707 # plaintext value being encrypted. On decryption the provided context is 2708 # validated against the value used during encryption. If a context was 2709 # provided during encryption, same context must be provided during decryption 2710 # as well. 2711 # 2712 # If the context is not set, plaintext would be used as is for encryption. 2713 # If the context is set but: 2714 # 2715 # 1. there is no record present when transforming a given value or 2716 # 2. the field is not present when transforming a given value, 2717 # 2718 # plaintext would be used as is for encryption. 2719 # 2720 # Note that case (1) is expected when an `InfoTypeTransformation` is 2721 # applied to both structured and non-structured `ContentItem`s. 2722 "name": "A String", # Name describing the field. 2723 }, 2724 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 2725 # This annotation will be applied to the surrogate by prefixing it with 2726 # the name of the custom info type followed by the number of 2727 # characters comprising the surrogate. The following scheme defines the 2728 # format: <info type name>(<surrogate character count>):<surrogate> 2729 # 2730 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 2731 # the surrogate is 'abc', the full replacement value 2732 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 2733 # 2734 # This annotation identifies the surrogate when inspecting content using the 2735 # custom info type 'Surrogate'. This facilitates reversal of the 2736 # surrogate when it occurs in free text. 2737 # 2738 # In order for inspection to work properly, the name of this info type must 2739 # not occur naturally anywhere in your data; otherwise, inspection may either 2740 # 2741 # - reverse a surrogate that does not correspond to an actual identifier 2742 # - be unable to parse the surrogate and result in an error 2743 # 2744 # Therefore, choose your custom info type name carefully after considering 2745 # what your data looks like. One way to select a name that has a high chance 2746 # of yielding reliable detection is to include one or more unicode characters 2747 # that are highly improbable to exist in your data. 2748 # For example, assuming your data is entered from a regular ASCII keyboard, 2749 # the symbol with the hex code point 29DD might be used like so: 2750 # ⧝MY_TOKEN_TYPE 2751 "name": "A String", # Name of the information type. Either a name of your choosing when 2752 # creating a CustomInfoType, or one of the names listed 2753 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 2754 # a built-in type. InfoType names should conform to the pattern 2755 # [a-zA-Z0-9_]{1,64}. 2756 }, 2757 }, 2758 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 2759 # Bucketing transformation can provide all of this functionality, 2760 # but requires more configuration. This message is provided as a convenience to 2761 # the user for simple bucketing strategies. 2762 # 2763 # The transformed value will be a hyphenated string of 2764 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 2765 # all values that are within this bucket will be replaced with "10-20". 2766 # 2767 # This can be used on data of type: double, long. 2768 # 2769 # If the bound Value type differs from the type of data 2770 # being transformed, we will first attempt converting the type of the data to 2771 # be transformed to match the type of the bound before comparing. 2772 # 2773 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 2774 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 2775 # grouped together into a single bucket; for example if `lower_bound` = 10, 2776 # then all values less than 10 are replaced with the value “-10”. [Required]. 2777 # Note that for the purposes of inspection or transformation, the number 2778 # of bytes considered to comprise a 'Value' is based on its representation 2779 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2780 # 123456789, the number of bytes would be counted as 9, even though an 2781 # int64 only holds up to 8 bytes of data. 2782 "floatValue": 3.14, 2783 "timestampValue": "A String", 2784 "dayOfWeekValue": "A String", 2785 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2786 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2787 # types are google.type.Date and `google.protobuf.Timestamp`. 2788 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2789 # to allow the value "24:00:00" for scenarios like business closing time. 2790 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2791 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2792 # allow the value 60 if it allows leap-seconds. 2793 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2794 }, 2795 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2796 # and time zone are either specified elsewhere or are not significant. The date 2797 # is relative to the Proleptic Gregorian Calendar. This can represent: 2798 # 2799 # * A full date, with non-zero year, month and day values 2800 # * A month and day value, with a zero year, e.g. an anniversary 2801 # * A year on its own, with zero month and day values 2802 # * A year and month value, with a zero day, e.g. a credit card expiration date 2803 # 2804 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2805 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2806 # a year. 2807 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2808 # if specifying a year by itself or a year and month where the day is not 2809 # significant. 2810 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2811 # month and day. 2812 }, 2813 "stringValue": "A String", 2814 "booleanValue": True or False, 2815 "integerValue": "A String", 2816 }, 2817 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 2818 # grouped together into a single bucket; for example if `upper_bound` = 89, 2819 # then all values greater than 89 are replaced with the value “89+”. 2820 # [Required]. 2821 # Note that for the purposes of inspection or transformation, the number 2822 # of bytes considered to comprise a 'Value' is based on its representation 2823 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2824 # 123456789, the number of bytes would be counted as 9, even though an 2825 # int64 only holds up to 8 bytes of data. 2826 "floatValue": 3.14, 2827 "timestampValue": "A String", 2828 "dayOfWeekValue": "A String", 2829 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2830 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2831 # types are google.type.Date and `google.protobuf.Timestamp`. 2832 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2833 # to allow the value "24:00:00" for scenarios like business closing time. 2834 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2835 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2836 # allow the value 60 if it allows leap-seconds. 2837 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2838 }, 2839 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2840 # and time zone are either specified elsewhere or are not significant. The date 2841 # is relative to the Proleptic Gregorian Calendar. This can represent: 2842 # 2843 # * A full date, with non-zero year, month and day values 2844 # * A month and day value, with a zero year, e.g. an anniversary 2845 # * A year on its own, with zero month and day values 2846 # * A year and month value, with a zero day, e.g. a credit card expiration date 2847 # 2848 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2849 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2850 # a year. 2851 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2852 # if specifying a year by itself or a year and month where the day is not 2853 # significant. 2854 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2855 # month and day. 2856 }, 2857 "stringValue": "A String", 2858 "booleanValue": True or False, 2859 "integerValue": "A String", 2860 }, 2861 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 2862 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 2863 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 2864 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 2865 }, 2866 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 2867 }, 2868 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 2869 # portion of the value. 2870 "partToExtract": "A String", 2871 }, 2872 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 2873 # Uses SHA-256. 2874 # The key size must be either 32 or 64 bytes. 2875 # Outputs a base64 encoded representation of the hashed output 2876 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 2877 # Currently, only string and integer values can be hashed. 2878 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 2879 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 2880 # a key encryption key (KEK) stored by KMS). 2881 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2882 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2883 # unwrap the data crypto key. 2884 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2885 # The wrapped key must be a 128/192/256 bit key. 2886 # Authorization requires the following IAM permissions when sending a request 2887 # to perform a crypto transformation using a kms-wrapped crypto key: 2888 # dlp.kms.encrypt 2889 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2890 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2891 }, 2892 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2893 # leaking the key. Choose another type of key if possible. 2894 "key": "A String", # A 128/192/256 bit key. [required] 2895 }, 2896 "transient": { # Use this to have a random data crypto key generated. 2897 # It will be discarded after the request finishes. 2898 "name": "A String", # Name of the key. [required] 2899 # This is an arbitrary string used to differentiate different keys. 2900 # A unique key is generated per name: two separate `TransientCryptoKey` 2901 # protos share the same generated key if their names are the same. 2902 # When the data crypto key is generated, this name is not used in any way 2903 # (repeating the api call will result in a different key being generated). 2904 }, 2905 }, 2906 }, 2907 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 2908 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 2909 # to learn more. 2910 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 2911 # results in the same shift for the same context and crypto_key. 2912 # a key encryption key (KEK) stored by KMS). 2913 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 2914 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 2915 # unwrap the data crypto key. 2916 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 2917 # The wrapped key must be a 128/192/256 bit key. 2918 # Authorization requires the following IAM permissions when sending a request 2919 # to perform a crypto transformation using a kms-wrapped crypto key: 2920 # dlp.kms.encrypt 2921 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 2922 "wrappedKey": "A String", # The wrapped data crypto key. [required] 2923 }, 2924 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 2925 # leaking the key. Choose another type of key if possible. 2926 "key": "A String", # A 128/192/256 bit key. [required] 2927 }, 2928 "transient": { # Use this to have a random data crypto key generated. 2929 # It will be discarded after the request finishes. 2930 "name": "A String", # Name of the key. [required] 2931 # This is an arbitrary string used to differentiate different keys. 2932 # A unique key is generated per name: two separate `TransientCryptoKey` 2933 # protos share the same generated key if their names are the same. 2934 # When the data crypto key is generated, this name is not used in any way 2935 # (repeating the api call will result in a different key being generated). 2936 }, 2937 }, 2938 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 2939 # [Required] 2940 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 2941 # range (inclusive ends). Negative means shift to earlier in time. Must not 2942 # be more than 365250 days (1000 years) each direction. 2943 # 2944 # For example, 3 means shift date to at most 3 days into the future. 2945 # [Required] 2946 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 2947 # If set, must also set method. If set, shift will be consistent for the 2948 # given context. 2949 "name": "A String", # Name describing the field. 2950 }, 2951 }, 2952 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 2953 # replacement values are dynamically provided by the user for custom behavior, 2954 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 2955 # This can be used on 2956 # data of type: number, long, string, timestamp. 2957 # If the bound `Value` type differs from the type of data being transformed, we 2958 # will first attempt converting the type of the data to be transformed to match 2959 # the type of the bound before comparing. 2960 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 2961 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 2962 { # Bucket is represented as a range, along with replacement values. 2963 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 2964 # Note that for the purposes of inspection or transformation, the number 2965 # of bytes considered to comprise a 'Value' is based on its representation 2966 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 2967 # 123456789, the number of bytes would be counted as 9, even though an 2968 # int64 only holds up to 8 bytes of data. 2969 "floatValue": 3.14, 2970 "timestampValue": "A String", 2971 "dayOfWeekValue": "A String", 2972 "timeValue": { # Represents a time of day. The date and time zone are either not significant 2973 # or are specified elsewhere. An API may choose to allow leap seconds. Related 2974 # types are google.type.Date and `google.protobuf.Timestamp`. 2975 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 2976 # to allow the value "24:00:00" for scenarios like business closing time. 2977 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 2978 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 2979 # allow the value 60 if it allows leap-seconds. 2980 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 2981 }, 2982 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 2983 # and time zone are either specified elsewhere or are not significant. The date 2984 # is relative to the Proleptic Gregorian Calendar. This can represent: 2985 # 2986 # * A full date, with non-zero year, month and day values 2987 # * A month and day value, with a zero year, e.g. an anniversary 2988 # * A year on its own, with zero month and day values 2989 # * A year and month value, with a zero day, e.g. a credit card expiration date 2990 # 2991 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 2992 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 2993 # a year. 2994 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 2995 # if specifying a year by itself or a year and month where the day is not 2996 # significant. 2997 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 2998 # month and day. 2999 }, 3000 "stringValue": "A String", 3001 "booleanValue": True or False, 3002 "integerValue": "A String", 3003 }, 3004 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 3005 # the default behavior will be to hyphenate the min-max range. 3006 # Note that for the purposes of inspection or transformation, the number 3007 # of bytes considered to comprise a 'Value' is based on its representation 3008 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3009 # 123456789, the number of bytes would be counted as 9, even though an 3010 # int64 only holds up to 8 bytes of data. 3011 "floatValue": 3.14, 3012 "timestampValue": "A String", 3013 "dayOfWeekValue": "A String", 3014 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3015 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3016 # types are google.type.Date and `google.protobuf.Timestamp`. 3017 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3018 # to allow the value "24:00:00" for scenarios like business closing time. 3019 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3020 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3021 # allow the value 60 if it allows leap-seconds. 3022 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3023 }, 3024 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3025 # and time zone are either specified elsewhere or are not significant. The date 3026 # is relative to the Proleptic Gregorian Calendar. This can represent: 3027 # 3028 # * A full date, with non-zero year, month and day values 3029 # * A month and day value, with a zero year, e.g. an anniversary 3030 # * A year on its own, with zero month and day values 3031 # * A year and month value, with a zero day, e.g. a credit card expiration date 3032 # 3033 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3034 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3035 # a year. 3036 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3037 # if specifying a year by itself or a year and month where the day is not 3038 # significant. 3039 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3040 # month and day. 3041 }, 3042 "stringValue": "A String", 3043 "booleanValue": True or False, 3044 "integerValue": "A String", 3045 }, 3046 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 3047 # used. 3048 # Note that for the purposes of inspection or transformation, the number 3049 # of bytes considered to comprise a 'Value' is based on its representation 3050 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3051 # 123456789, the number of bytes would be counted as 9, even though an 3052 # int64 only holds up to 8 bytes of data. 3053 "floatValue": 3.14, 3054 "timestampValue": "A String", 3055 "dayOfWeekValue": "A String", 3056 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3057 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3058 # types are google.type.Date and `google.protobuf.Timestamp`. 3059 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3060 # to allow the value "24:00:00" for scenarios like business closing time. 3061 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3062 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3063 # allow the value 60 if it allows leap-seconds. 3064 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3065 }, 3066 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3067 # and time zone are either specified elsewhere or are not significant. The date 3068 # is relative to the Proleptic Gregorian Calendar. This can represent: 3069 # 3070 # * A full date, with non-zero year, month and day values 3071 # * A month and day value, with a zero year, e.g. an anniversary 3072 # * A year on its own, with zero month and day values 3073 # * A year and month value, with a zero day, e.g. a credit card expiration date 3074 # 3075 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3076 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3077 # a year. 3078 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3079 # if specifying a year by itself or a year and month where the day is not 3080 # significant. 3081 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3082 # month and day. 3083 }, 3084 "stringValue": "A String", 3085 "booleanValue": True or False, 3086 "integerValue": "A String", 3087 }, 3088 }, 3089 ], 3090 }, 3091 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 3092 # (FPE) with the FFX mode of operation; however when used in the 3093 # `ReidentifyContent` API method, it serves the opposite function by reversing 3094 # the surrogate back into the original identifier. The identifier must be 3095 # encoded as ASCII. For a given crypto key and context, the same identifier 3096 # will be replaced with the same surrogate. Identifiers must be at least two 3097 # characters long. In the case that the identifier is the empty string, it will 3098 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 3099 # more. 3100 # 3101 # Note: We recommend using CryptoDeterministicConfig for all use cases which 3102 # do not require preserving the input alphabet space and size, plus warrant 3103 # referential integrity. 3104 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 3105 # a key encryption key (KEK) stored by KMS). 3106 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3107 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3108 # unwrap the data crypto key. 3109 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3110 # The wrapped key must be a 128/192/256 bit key. 3111 # Authorization requires the following IAM permissions when sending a request 3112 # to perform a crypto transformation using a kms-wrapped crypto key: 3113 # dlp.kms.encrypt 3114 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3115 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3116 }, 3117 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3118 # leaking the key. Choose another type of key if possible. 3119 "key": "A String", # A 128/192/256 bit key. [required] 3120 }, 3121 "transient": { # Use this to have a random data crypto key generated. 3122 # It will be discarded after the request finishes. 3123 "name": "A String", # Name of the key. [required] 3124 # This is an arbitrary string used to differentiate different keys. 3125 # A unique key is generated per name: two separate `TransientCryptoKey` 3126 # protos share the same generated key if their names are the same. 3127 # When the data crypto key is generated, this name is not used in any way 3128 # (repeating the api call will result in a different key being generated). 3129 }, 3130 }, 3131 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 3132 "commonAlphabet": "A String", 3133 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 3134 # that the FFX mode natively supports. This happens before/after 3135 # encryption/decryption. 3136 # Each character listed must appear only once. 3137 # Number of characters must be in the range [2, 62]. 3138 # This must be encoded as ASCII. 3139 # The order of characters does not matter. 3140 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 3141 # identifier in two different contexts won't be given the same surrogate. If 3142 # the context is not set, a default tweak will be used. 3143 # 3144 # If the context is set but: 3145 # 3146 # 1. there is no record present when transforming a given value or 3147 # 1. the field is not present when transforming a given value, 3148 # 3149 # a default tweak will be used. 3150 # 3151 # Note that case (1) is expected when an `InfoTypeTransformation` is 3152 # applied to both structured and non-structured `ContentItem`s. 3153 # Currently, the referenced field may be of value type integer or string. 3154 # 3155 # The tweak is constructed as a sequence of bytes in big endian byte order 3156 # such that: 3157 # 3158 # - a 64 bit integer is encoded followed by a single byte of value 1 3159 # - a string is encoded in UTF-8 format followed by a single byte of value 2 3160 "name": "A String", # Name describing the field. 3161 }, 3162 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 3163 # This annotation will be applied to the surrogate by prefixing it with 3164 # the name of the custom infoType followed by the number of 3165 # characters comprising the surrogate. The following scheme defines the 3166 # format: info_type_name(surrogate_character_count):surrogate 3167 # 3168 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 3169 # the surrogate is 'abc', the full replacement value 3170 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 3171 # 3172 # This annotation identifies the surrogate when inspecting content using the 3173 # custom infoType 3174 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 3175 # This facilitates reversal of the surrogate when it occurs in free text. 3176 # 3177 # In order for inspection to work properly, the name of this infoType must 3178 # not occur naturally anywhere in your data; otherwise, inspection may 3179 # find a surrogate that does not correspond to an actual identifier. 3180 # Therefore, choose your custom infoType name carefully after considering 3181 # what your data looks like. One way to select a name that has a high chance 3182 # of yielding reliable detection is to include one or more unicode characters 3183 # that are highly improbable to exist in your data. 3184 # For example, assuming your data is entered from a regular ASCII keyboard, 3185 # the symbol with the hex code point 29DD might be used like so: 3186 # ⧝MY_TOKEN_TYPE 3187 "name": "A String", # Name of the information type. Either a name of your choosing when 3188 # creating a CustomInfoType, or one of the names listed 3189 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3190 # a built-in type. InfoType names should conform to the pattern 3191 # [a-zA-Z0-9_]{1,64}. 3192 }, 3193 }, 3194 "replaceConfig": { # Replace each input value with a given `Value`. 3195 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 3196 # Note that for the purposes of inspection or transformation, the number 3197 # of bytes considered to comprise a 'Value' is based on its representation 3198 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3199 # 123456789, the number of bytes would be counted as 9, even though an 3200 # int64 only holds up to 8 bytes of data. 3201 "floatValue": 3.14, 3202 "timestampValue": "A String", 3203 "dayOfWeekValue": "A String", 3204 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3205 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3206 # types are google.type.Date and `google.protobuf.Timestamp`. 3207 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3208 # to allow the value "24:00:00" for scenarios like business closing time. 3209 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3210 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3211 # allow the value 60 if it allows leap-seconds. 3212 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3213 }, 3214 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3215 # and time zone are either specified elsewhere or are not significant. The date 3216 # is relative to the Proleptic Gregorian Calendar. This can represent: 3217 # 3218 # * A full date, with non-zero year, month and day values 3219 # * A month and day value, with a zero year, e.g. an anniversary 3220 # * A year on its own, with zero month and day values 3221 # * A year and month value, with a zero day, e.g. a credit card expiration date 3222 # 3223 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3224 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3225 # a year. 3226 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3227 # if specifying a year by itself or a year and month where the day is not 3228 # significant. 3229 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3230 # month and day. 3231 }, 3232 "stringValue": "A String", 3233 "booleanValue": True or False, 3234 "integerValue": "A String", 3235 }, 3236 }, 3237 }, 3238 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 3239 # this transformation to apply to all findings that correspond to 3240 # infoTypes that were requested in `InspectConfig`. 3241 { # Type of information detected by the API. 3242 "name": "A String", # Name of the information type. Either a name of your choosing when 3243 # creating a CustomInfoType, or one of the names listed 3244 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3245 # a built-in type. InfoType names should conform to the pattern 3246 # [a-zA-Z0-9_]{1,64}. 3247 }, 3248 ], 3249 }, 3250 ], 3251 }, 3252 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 3253 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 3254 # fixed character. Masking can start from the beginning or end of the string. 3255 # This can be used on data of any type (numbers, longs, and so on) and when 3256 # de-identifying structured data we'll attempt to preserve the original data's 3257 # type. (This allows you to take a long like 123 and modify it to a string like 3258 # **3. 3259 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 3260 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 3261 # mask 5 chars with * we would produce ***-*55-5555. 3262 { # Characters to skip when doing deidentification of a value. These will be left 3263 # alone and skipped. 3264 "commonCharactersToIgnore": "A String", 3265 "charactersToSkip": "A String", 3266 }, 3267 ], 3268 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 3269 # masked. Skipped characters do not count towards this tally. 3270 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 3271 # alphabetic string such as name, or "0" for a numeric string such as ZIP 3272 # code or credit card number. String must have length 1. If not supplied, we 3273 # will default to "*" for strings, 0 for digits. 3274 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 3275 # '0', number_to_mask is 14, and `reverse_order` is false, then 3276 # 1234-5678-9012-3456 -> 00000000000000-3456 3277 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 3278 # is true, then 12345 -> 12*** 3279 }, 3280 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 3281 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 3282 # output would be 'My phone number is '. 3283 }, 3284 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 3285 # input. Outputs a base64 encoded representation of the encrypted output. 3286 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 3287 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 3288 # a key encryption key (KEK) stored by KMS). 3289 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3290 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3291 # unwrap the data crypto key. 3292 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3293 # The wrapped key must be a 128/192/256 bit key. 3294 # Authorization requires the following IAM permissions when sending a request 3295 # to perform a crypto transformation using a kms-wrapped crypto key: 3296 # dlp.kms.encrypt 3297 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3298 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3299 }, 3300 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3301 # leaking the key. Choose another type of key if possible. 3302 "key": "A String", # A 128/192/256 bit key. [required] 3303 }, 3304 "transient": { # Use this to have a random data crypto key generated. 3305 # It will be discarded after the request finishes. 3306 "name": "A String", # Name of the key. [required] 3307 # This is an arbitrary string used to differentiate different keys. 3308 # A unique key is generated per name: two separate `TransientCryptoKey` 3309 # protos share the same generated key if their names are the same. 3310 # When the data crypto key is generated, this name is not used in any way 3311 # (repeating the api call will result in a different key being generated). 3312 }, 3313 }, 3314 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 3315 # referential integrity such that the same identifier in two different 3316 # contexts will be given a distinct surrogate. The context is appended to 3317 # plaintext value being encrypted. On decryption the provided context is 3318 # validated against the value used during encryption. If a context was 3319 # provided during encryption, same context must be provided during decryption 3320 # as well. 3321 # 3322 # If the context is not set, plaintext would be used as is for encryption. 3323 # If the context is set but: 3324 # 3325 # 1. there is no record present when transforming a given value or 3326 # 2. the field is not present when transforming a given value, 3327 # 3328 # plaintext would be used as is for encryption. 3329 # 3330 # Note that case (1) is expected when an `InfoTypeTransformation` is 3331 # applied to both structured and non-structured `ContentItem`s. 3332 "name": "A String", # Name describing the field. 3333 }, 3334 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 3335 # This annotation will be applied to the surrogate by prefixing it with 3336 # the name of the custom info type followed by the number of 3337 # characters comprising the surrogate. The following scheme defines the 3338 # format: <info type name>(<surrogate character count>):<surrogate> 3339 # 3340 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 3341 # the surrogate is 'abc', the full replacement value 3342 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 3343 # 3344 # This annotation identifies the surrogate when inspecting content using the 3345 # custom info type 'Surrogate'. This facilitates reversal of the 3346 # surrogate when it occurs in free text. 3347 # 3348 # In order for inspection to work properly, the name of this info type must 3349 # not occur naturally anywhere in your data; otherwise, inspection may either 3350 # 3351 # - reverse a surrogate that does not correspond to an actual identifier 3352 # - be unable to parse the surrogate and result in an error 3353 # 3354 # Therefore, choose your custom info type name carefully after considering 3355 # what your data looks like. One way to select a name that has a high chance 3356 # of yielding reliable detection is to include one or more unicode characters 3357 # that are highly improbable to exist in your data. 3358 # For example, assuming your data is entered from a regular ASCII keyboard, 3359 # the symbol with the hex code point 29DD might be used like so: 3360 # ⧝MY_TOKEN_TYPE 3361 "name": "A String", # Name of the information type. Either a name of your choosing when 3362 # creating a CustomInfoType, or one of the names listed 3363 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3364 # a built-in type. InfoType names should conform to the pattern 3365 # [a-zA-Z0-9_]{1,64}. 3366 }, 3367 }, 3368 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 3369 # Bucketing transformation can provide all of this functionality, 3370 # but requires more configuration. This message is provided as a convenience to 3371 # the user for simple bucketing strategies. 3372 # 3373 # The transformed value will be a hyphenated string of 3374 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 3375 # all values that are within this bucket will be replaced with "10-20". 3376 # 3377 # This can be used on data of type: double, long. 3378 # 3379 # If the bound Value type differs from the type of data 3380 # being transformed, we will first attempt converting the type of the data to 3381 # be transformed to match the type of the bound before comparing. 3382 # 3383 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3384 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 3385 # grouped together into a single bucket; for example if `lower_bound` = 10, 3386 # then all values less than 10 are replaced with the value “-10”. [Required]. 3387 # Note that for the purposes of inspection or transformation, the number 3388 # of bytes considered to comprise a 'Value' is based on its representation 3389 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3390 # 123456789, the number of bytes would be counted as 9, even though an 3391 # int64 only holds up to 8 bytes of data. 3392 "floatValue": 3.14, 3393 "timestampValue": "A String", 3394 "dayOfWeekValue": "A String", 3395 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3396 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3397 # types are google.type.Date and `google.protobuf.Timestamp`. 3398 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3399 # to allow the value "24:00:00" for scenarios like business closing time. 3400 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3401 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3402 # allow the value 60 if it allows leap-seconds. 3403 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3404 }, 3405 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3406 # and time zone are either specified elsewhere or are not significant. The date 3407 # is relative to the Proleptic Gregorian Calendar. This can represent: 3408 # 3409 # * A full date, with non-zero year, month and day values 3410 # * A month and day value, with a zero year, e.g. an anniversary 3411 # * A year on its own, with zero month and day values 3412 # * A year and month value, with a zero day, e.g. a credit card expiration date 3413 # 3414 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3415 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3416 # a year. 3417 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3418 # if specifying a year by itself or a year and month where the day is not 3419 # significant. 3420 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3421 # month and day. 3422 }, 3423 "stringValue": "A String", 3424 "booleanValue": True or False, 3425 "integerValue": "A String", 3426 }, 3427 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 3428 # grouped together into a single bucket; for example if `upper_bound` = 89, 3429 # then all values greater than 89 are replaced with the value “89+”. 3430 # [Required]. 3431 # Note that for the purposes of inspection or transformation, the number 3432 # of bytes considered to comprise a 'Value' is based on its representation 3433 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3434 # 123456789, the number of bytes would be counted as 9, even though an 3435 # int64 only holds up to 8 bytes of data. 3436 "floatValue": 3.14, 3437 "timestampValue": "A String", 3438 "dayOfWeekValue": "A String", 3439 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3440 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3441 # types are google.type.Date and `google.protobuf.Timestamp`. 3442 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3443 # to allow the value "24:00:00" for scenarios like business closing time. 3444 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3445 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3446 # allow the value 60 if it allows leap-seconds. 3447 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3448 }, 3449 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3450 # and time zone are either specified elsewhere or are not significant. The date 3451 # is relative to the Proleptic Gregorian Calendar. This can represent: 3452 # 3453 # * A full date, with non-zero year, month and day values 3454 # * A month and day value, with a zero year, e.g. an anniversary 3455 # * A year on its own, with zero month and day values 3456 # * A year and month value, with a zero day, e.g. a credit card expiration date 3457 # 3458 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3459 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3460 # a year. 3461 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3462 # if specifying a year by itself or a year and month where the day is not 3463 # significant. 3464 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3465 # month and day. 3466 }, 3467 "stringValue": "A String", 3468 "booleanValue": True or False, 3469 "integerValue": "A String", 3470 }, 3471 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 3472 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 3473 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 3474 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 3475 }, 3476 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 3477 }, 3478 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 3479 # portion of the value. 3480 "partToExtract": "A String", 3481 }, 3482 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 3483 # Uses SHA-256. 3484 # The key size must be either 32 or 64 bytes. 3485 # Outputs a base64 encoded representation of the hashed output 3486 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 3487 # Currently, only string and integer values can be hashed. 3488 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 3489 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 3490 # a key encryption key (KEK) stored by KMS). 3491 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3492 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3493 # unwrap the data crypto key. 3494 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3495 # The wrapped key must be a 128/192/256 bit key. 3496 # Authorization requires the following IAM permissions when sending a request 3497 # to perform a crypto transformation using a kms-wrapped crypto key: 3498 # dlp.kms.encrypt 3499 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3500 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3501 }, 3502 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3503 # leaking the key. Choose another type of key if possible. 3504 "key": "A String", # A 128/192/256 bit key. [required] 3505 }, 3506 "transient": { # Use this to have a random data crypto key generated. 3507 # It will be discarded after the request finishes. 3508 "name": "A String", # Name of the key. [required] 3509 # This is an arbitrary string used to differentiate different keys. 3510 # A unique key is generated per name: two separate `TransientCryptoKey` 3511 # protos share the same generated key if their names are the same. 3512 # When the data crypto key is generated, this name is not used in any way 3513 # (repeating the api call will result in a different key being generated). 3514 }, 3515 }, 3516 }, 3517 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 3518 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 3519 # to learn more. 3520 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 3521 # results in the same shift for the same context and crypto_key. 3522 # a key encryption key (KEK) stored by KMS). 3523 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3524 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3525 # unwrap the data crypto key. 3526 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3527 # The wrapped key must be a 128/192/256 bit key. 3528 # Authorization requires the following IAM permissions when sending a request 3529 # to perform a crypto transformation using a kms-wrapped crypto key: 3530 # dlp.kms.encrypt 3531 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3532 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3533 }, 3534 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3535 # leaking the key. Choose another type of key if possible. 3536 "key": "A String", # A 128/192/256 bit key. [required] 3537 }, 3538 "transient": { # Use this to have a random data crypto key generated. 3539 # It will be discarded after the request finishes. 3540 "name": "A String", # Name of the key. [required] 3541 # This is an arbitrary string used to differentiate different keys. 3542 # A unique key is generated per name: two separate `TransientCryptoKey` 3543 # protos share the same generated key if their names are the same. 3544 # When the data crypto key is generated, this name is not used in any way 3545 # (repeating the api call will result in a different key being generated). 3546 }, 3547 }, 3548 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 3549 # [Required] 3550 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 3551 # range (inclusive ends). Negative means shift to earlier in time. Must not 3552 # be more than 365250 days (1000 years) each direction. 3553 # 3554 # For example, 3 means shift date to at most 3 days into the future. 3555 # [Required] 3556 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 3557 # If set, must also set method. If set, shift will be consistent for the 3558 # given context. 3559 "name": "A String", # Name describing the field. 3560 }, 3561 }, 3562 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 3563 # replacement values are dynamically provided by the user for custom behavior, 3564 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 3565 # This can be used on 3566 # data of type: number, long, string, timestamp. 3567 # If the bound `Value` type differs from the type of data being transformed, we 3568 # will first attempt converting the type of the data to be transformed to match 3569 # the type of the bound before comparing. 3570 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 3571 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 3572 { # Bucket is represented as a range, along with replacement values. 3573 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 3574 # Note that for the purposes of inspection or transformation, the number 3575 # of bytes considered to comprise a 'Value' is based on its representation 3576 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3577 # 123456789, the number of bytes would be counted as 9, even though an 3578 # int64 only holds up to 8 bytes of data. 3579 "floatValue": 3.14, 3580 "timestampValue": "A String", 3581 "dayOfWeekValue": "A String", 3582 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3583 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3584 # types are google.type.Date and `google.protobuf.Timestamp`. 3585 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3586 # to allow the value "24:00:00" for scenarios like business closing time. 3587 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3588 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3589 # allow the value 60 if it allows leap-seconds. 3590 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3591 }, 3592 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3593 # and time zone are either specified elsewhere or are not significant. The date 3594 # is relative to the Proleptic Gregorian Calendar. This can represent: 3595 # 3596 # * A full date, with non-zero year, month and day values 3597 # * A month and day value, with a zero year, e.g. an anniversary 3598 # * A year on its own, with zero month and day values 3599 # * A year and month value, with a zero day, e.g. a credit card expiration date 3600 # 3601 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3602 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3603 # a year. 3604 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3605 # if specifying a year by itself or a year and month where the day is not 3606 # significant. 3607 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3608 # month and day. 3609 }, 3610 "stringValue": "A String", 3611 "booleanValue": True or False, 3612 "integerValue": "A String", 3613 }, 3614 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 3615 # the default behavior will be to hyphenate the min-max range. 3616 # Note that for the purposes of inspection or transformation, the number 3617 # of bytes considered to comprise a 'Value' is based on its representation 3618 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3619 # 123456789, the number of bytes would be counted as 9, even though an 3620 # int64 only holds up to 8 bytes of data. 3621 "floatValue": 3.14, 3622 "timestampValue": "A String", 3623 "dayOfWeekValue": "A String", 3624 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3625 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3626 # types are google.type.Date and `google.protobuf.Timestamp`. 3627 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3628 # to allow the value "24:00:00" for scenarios like business closing time. 3629 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3630 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3631 # allow the value 60 if it allows leap-seconds. 3632 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3633 }, 3634 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3635 # and time zone are either specified elsewhere or are not significant. The date 3636 # is relative to the Proleptic Gregorian Calendar. This can represent: 3637 # 3638 # * A full date, with non-zero year, month and day values 3639 # * A month and day value, with a zero year, e.g. an anniversary 3640 # * A year on its own, with zero month and day values 3641 # * A year and month value, with a zero day, e.g. a credit card expiration date 3642 # 3643 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3644 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3645 # a year. 3646 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3647 # if specifying a year by itself or a year and month where the day is not 3648 # significant. 3649 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3650 # month and day. 3651 }, 3652 "stringValue": "A String", 3653 "booleanValue": True or False, 3654 "integerValue": "A String", 3655 }, 3656 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 3657 # used. 3658 # Note that for the purposes of inspection or transformation, the number 3659 # of bytes considered to comprise a 'Value' is based on its representation 3660 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3661 # 123456789, the number of bytes would be counted as 9, even though an 3662 # int64 only holds up to 8 bytes of data. 3663 "floatValue": 3.14, 3664 "timestampValue": "A String", 3665 "dayOfWeekValue": "A String", 3666 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3667 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3668 # types are google.type.Date and `google.protobuf.Timestamp`. 3669 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3670 # to allow the value "24:00:00" for scenarios like business closing time. 3671 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3672 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3673 # allow the value 60 if it allows leap-seconds. 3674 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3675 }, 3676 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3677 # and time zone are either specified elsewhere or are not significant. The date 3678 # is relative to the Proleptic Gregorian Calendar. This can represent: 3679 # 3680 # * A full date, with non-zero year, month and day values 3681 # * A month and day value, with a zero year, e.g. an anniversary 3682 # * A year on its own, with zero month and day values 3683 # * A year and month value, with a zero day, e.g. a credit card expiration date 3684 # 3685 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3686 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3687 # a year. 3688 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3689 # if specifying a year by itself or a year and month where the day is not 3690 # significant. 3691 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3692 # month and day. 3693 }, 3694 "stringValue": "A String", 3695 "booleanValue": True or False, 3696 "integerValue": "A String", 3697 }, 3698 }, 3699 ], 3700 }, 3701 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 3702 # (FPE) with the FFX mode of operation; however when used in the 3703 # `ReidentifyContent` API method, it serves the opposite function by reversing 3704 # the surrogate back into the original identifier. The identifier must be 3705 # encoded as ASCII. For a given crypto key and context, the same identifier 3706 # will be replaced with the same surrogate. Identifiers must be at least two 3707 # characters long. In the case that the identifier is the empty string, it will 3708 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 3709 # more. 3710 # 3711 # Note: We recommend using CryptoDeterministicConfig for all use cases which 3712 # do not require preserving the input alphabet space and size, plus warrant 3713 # referential integrity. 3714 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 3715 # a key encryption key (KEK) stored by KMS). 3716 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3717 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3718 # unwrap the data crypto key. 3719 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3720 # The wrapped key must be a 128/192/256 bit key. 3721 # Authorization requires the following IAM permissions when sending a request 3722 # to perform a crypto transformation using a kms-wrapped crypto key: 3723 # dlp.kms.encrypt 3724 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3725 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3726 }, 3727 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3728 # leaking the key. Choose another type of key if possible. 3729 "key": "A String", # A 128/192/256 bit key. [required] 3730 }, 3731 "transient": { # Use this to have a random data crypto key generated. 3732 # It will be discarded after the request finishes. 3733 "name": "A String", # Name of the key. [required] 3734 # This is an arbitrary string used to differentiate different keys. 3735 # A unique key is generated per name: two separate `TransientCryptoKey` 3736 # protos share the same generated key if their names are the same. 3737 # When the data crypto key is generated, this name is not used in any way 3738 # (repeating the api call will result in a different key being generated). 3739 }, 3740 }, 3741 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 3742 "commonAlphabet": "A String", 3743 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 3744 # that the FFX mode natively supports. This happens before/after 3745 # encryption/decryption. 3746 # Each character listed must appear only once. 3747 # Number of characters must be in the range [2, 62]. 3748 # This must be encoded as ASCII. 3749 # The order of characters does not matter. 3750 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 3751 # identifier in two different contexts won't be given the same surrogate. If 3752 # the context is not set, a default tweak will be used. 3753 # 3754 # If the context is set but: 3755 # 3756 # 1. there is no record present when transforming a given value or 3757 # 1. the field is not present when transforming a given value, 3758 # 3759 # a default tweak will be used. 3760 # 3761 # Note that case (1) is expected when an `InfoTypeTransformation` is 3762 # applied to both structured and non-structured `ContentItem`s. 3763 # Currently, the referenced field may be of value type integer or string. 3764 # 3765 # The tweak is constructed as a sequence of bytes in big endian byte order 3766 # such that: 3767 # 3768 # - a 64 bit integer is encoded followed by a single byte of value 1 3769 # - a string is encoded in UTF-8 format followed by a single byte of value 2 3770 "name": "A String", # Name describing the field. 3771 }, 3772 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 3773 # This annotation will be applied to the surrogate by prefixing it with 3774 # the name of the custom infoType followed by the number of 3775 # characters comprising the surrogate. The following scheme defines the 3776 # format: info_type_name(surrogate_character_count):surrogate 3777 # 3778 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 3779 # the surrogate is 'abc', the full replacement value 3780 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 3781 # 3782 # This annotation identifies the surrogate when inspecting content using the 3783 # custom infoType 3784 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 3785 # This facilitates reversal of the surrogate when it occurs in free text. 3786 # 3787 # In order for inspection to work properly, the name of this infoType must 3788 # not occur naturally anywhere in your data; otherwise, inspection may 3789 # find a surrogate that does not correspond to an actual identifier. 3790 # Therefore, choose your custom infoType name carefully after considering 3791 # what your data looks like. One way to select a name that has a high chance 3792 # of yielding reliable detection is to include one or more unicode characters 3793 # that are highly improbable to exist in your data. 3794 # For example, assuming your data is entered from a regular ASCII keyboard, 3795 # the symbol with the hex code point 29DD might be used like so: 3796 # ⧝MY_TOKEN_TYPE 3797 "name": "A String", # Name of the information type. Either a name of your choosing when 3798 # creating a CustomInfoType, or one of the names listed 3799 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 3800 # a built-in type. InfoType names should conform to the pattern 3801 # [a-zA-Z0-9_]{1,64}. 3802 }, 3803 }, 3804 "replaceConfig": { # Replace each input value with a given `Value`. 3805 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 3806 # Note that for the purposes of inspection or transformation, the number 3807 # of bytes considered to comprise a 'Value' is based on its representation 3808 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3809 # 123456789, the number of bytes would be counted as 9, even though an 3810 # int64 only holds up to 8 bytes of data. 3811 "floatValue": 3.14, 3812 "timestampValue": "A String", 3813 "dayOfWeekValue": "A String", 3814 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3815 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3816 # types are google.type.Date and `google.protobuf.Timestamp`. 3817 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3818 # to allow the value "24:00:00" for scenarios like business closing time. 3819 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3820 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3821 # allow the value 60 if it allows leap-seconds. 3822 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3823 }, 3824 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3825 # and time zone are either specified elsewhere or are not significant. The date 3826 # is relative to the Proleptic Gregorian Calendar. This can represent: 3827 # 3828 # * A full date, with non-zero year, month and day values 3829 # * A month and day value, with a zero year, e.g. an anniversary 3830 # * A year on its own, with zero month and day values 3831 # * A year and month value, with a zero day, e.g. a credit card expiration date 3832 # 3833 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3834 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3835 # a year. 3836 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3837 # if specifying a year by itself or a year and month where the day is not 3838 # significant. 3839 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3840 # month and day. 3841 }, 3842 "stringValue": "A String", 3843 "booleanValue": True or False, 3844 "integerValue": "A String", 3845 }, 3846 }, 3847 }, 3848 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 3849 # given `RecordCondition`. The conditions are allowed to reference fields 3850 # that are not used in the actual transformation. [optional] 3851 # 3852 # Example Use Cases: 3853 # 3854 # - Apply a different bucket transformation to an age column if the zip code 3855 # column for the same record is within a specific range. 3856 # - Redact a field if the date of birth field is greater than 85. 3857 # a field. 3858 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 3859 "conditions": { # A collection of conditions. 3860 "conditions": [ 3861 { # The field type of `value` and `field` do not need to match to be 3862 # considered equal, but not all comparisons are possible. 3863 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 3864 # but all other comparisons are invalid with incompatible types. 3865 # A `value` of type: 3866 # 3867 # - `string` can be compared against all other types 3868 # - `boolean` can only be compared against other booleans 3869 # - `integer` can be compared against doubles or a string if the string value 3870 # can be parsed as an integer. 3871 # - `double` can be compared against integers or a string if the string can 3872 # be parsed as a double. 3873 # - `Timestamp` can be compared against strings in RFC 3339 date string 3874 # format. 3875 # - `TimeOfDay` can be compared against timestamps and strings in the format 3876 # of 'HH:mm:ss'. 3877 # 3878 # If we fail to compare do to type mismatch, a warning will be given and 3879 # the condition will evaluate to false. 3880 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 3881 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 3882 "name": "A String", # Name describing the field. 3883 }, 3884 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 3885 # Note that for the purposes of inspection or transformation, the number 3886 # of bytes considered to comprise a 'Value' is based on its representation 3887 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 3888 # 123456789, the number of bytes would be counted as 9, even though an 3889 # int64 only holds up to 8 bytes of data. 3890 "floatValue": 3.14, 3891 "timestampValue": "A String", 3892 "dayOfWeekValue": "A String", 3893 "timeValue": { # Represents a time of day. The date and time zone are either not significant 3894 # or are specified elsewhere. An API may choose to allow leap seconds. Related 3895 # types are google.type.Date and `google.protobuf.Timestamp`. 3896 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 3897 # to allow the value "24:00:00" for scenarios like business closing time. 3898 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 3899 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 3900 # allow the value 60 if it allows leap-seconds. 3901 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 3902 }, 3903 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 3904 # and time zone are either specified elsewhere or are not significant. The date 3905 # is relative to the Proleptic Gregorian Calendar. This can represent: 3906 # 3907 # * A full date, with non-zero year, month and day values 3908 # * A month and day value, with a zero year, e.g. an anniversary 3909 # * A year on its own, with zero month and day values 3910 # * A year and month value, with a zero day, e.g. a credit card expiration date 3911 # 3912 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 3913 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 3914 # a year. 3915 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 3916 # if specifying a year by itself or a year and month where the day is not 3917 # significant. 3918 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 3919 # month and day. 3920 }, 3921 "stringValue": "A String", 3922 "booleanValue": True or False, 3923 "integerValue": "A String", 3924 }, 3925 }, 3926 ], 3927 }, 3928 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 3929 # only supported value is `AND`. 3930 }, 3931 }, 3932 "fields": [ # Input field(s) to apply the transformation to. [required] 3933 { # General identifier of a data field in a storage service. 3934 "name": "A String", # Name describing the field. 3935 }, 3936 ], 3937 }, 3938 ], 3939 "transformedBytes": "A String", # Total size in bytes that were transformed in some way. 3940 "transformation": { # A rule for transforming a value. # The specific transformation these stats apply to. 3941 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 3942 # fixed character. Masking can start from the beginning or end of the string. 3943 # This can be used on data of any type (numbers, longs, and so on) and when 3944 # de-identifying structured data we'll attempt to preserve the original data's 3945 # type. (This allows you to take a long like 123 and modify it to a string like 3946 # **3. 3947 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 3948 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 3949 # mask 5 chars with * we would produce ***-*55-5555. 3950 { # Characters to skip when doing deidentification of a value. These will be left 3951 # alone and skipped. 3952 "commonCharactersToIgnore": "A String", 3953 "charactersToSkip": "A String", 3954 }, 3955 ], 3956 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 3957 # masked. Skipped characters do not count towards this tally. 3958 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 3959 # alphabetic string such as name, or "0" for a numeric string such as ZIP 3960 # code or credit card number. String must have length 1. If not supplied, we 3961 # will default to "*" for strings, 0 for digits. 3962 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 3963 # '0', number_to_mask is 14, and `reverse_order` is false, then 3964 # 1234-5678-9012-3456 -> 00000000000000-3456 3965 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 3966 # is true, then 12345 -> 12*** 3967 }, 3968 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 3969 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 3970 # output would be 'My phone number is '. 3971 }, 3972 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 3973 # input. Outputs a base64 encoded representation of the encrypted output. 3974 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 3975 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 3976 # a key encryption key (KEK) stored by KMS). 3977 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 3978 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 3979 # unwrap the data crypto key. 3980 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 3981 # The wrapped key must be a 128/192/256 bit key. 3982 # Authorization requires the following IAM permissions when sending a request 3983 # to perform a crypto transformation using a kms-wrapped crypto key: 3984 # dlp.kms.encrypt 3985 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 3986 "wrappedKey": "A String", # The wrapped data crypto key. [required] 3987 }, 3988 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 3989 # leaking the key. Choose another type of key if possible. 3990 "key": "A String", # A 128/192/256 bit key. [required] 3991 }, 3992 "transient": { # Use this to have a random data crypto key generated. 3993 # It will be discarded after the request finishes. 3994 "name": "A String", # Name of the key. [required] 3995 # This is an arbitrary string used to differentiate different keys. 3996 # A unique key is generated per name: two separate `TransientCryptoKey` 3997 # protos share the same generated key if their names are the same. 3998 # When the data crypto key is generated, this name is not used in any way 3999 # (repeating the api call will result in a different key being generated). 4000 }, 4001 }, 4002 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 4003 # referential integrity such that the same identifier in two different 4004 # contexts will be given a distinct surrogate. The context is appended to 4005 # plaintext value being encrypted. On decryption the provided context is 4006 # validated against the value used during encryption. If a context was 4007 # provided during encryption, same context must be provided during decryption 4008 # as well. 4009 # 4010 # If the context is not set, plaintext would be used as is for encryption. 4011 # If the context is set but: 4012 # 4013 # 1. there is no record present when transforming a given value or 4014 # 2. the field is not present when transforming a given value, 4015 # 4016 # plaintext would be used as is for encryption. 4017 # 4018 # Note that case (1) is expected when an `InfoTypeTransformation` is 4019 # applied to both structured and non-structured `ContentItem`s. 4020 "name": "A String", # Name describing the field. 4021 }, 4022 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 4023 # This annotation will be applied to the surrogate by prefixing it with 4024 # the name of the custom info type followed by the number of 4025 # characters comprising the surrogate. The following scheme defines the 4026 # format: <info type name>(<surrogate character count>):<surrogate> 4027 # 4028 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 4029 # the surrogate is 'abc', the full replacement value 4030 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 4031 # 4032 # This annotation identifies the surrogate when inspecting content using the 4033 # custom info type 'Surrogate'. This facilitates reversal of the 4034 # surrogate when it occurs in free text. 4035 # 4036 # In order for inspection to work properly, the name of this info type must 4037 # not occur naturally anywhere in your data; otherwise, inspection may either 4038 # 4039 # - reverse a surrogate that does not correspond to an actual identifier 4040 # - be unable to parse the surrogate and result in an error 4041 # 4042 # Therefore, choose your custom info type name carefully after considering 4043 # what your data looks like. One way to select a name that has a high chance 4044 # of yielding reliable detection is to include one or more unicode characters 4045 # that are highly improbable to exist in your data. 4046 # For example, assuming your data is entered from a regular ASCII keyboard, 4047 # the symbol with the hex code point 29DD might be used like so: 4048 # ⧝MY_TOKEN_TYPE 4049 "name": "A String", # Name of the information type. Either a name of your choosing when 4050 # creating a CustomInfoType, or one of the names listed 4051 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4052 # a built-in type. InfoType names should conform to the pattern 4053 # [a-zA-Z0-9_]{1,64}. 4054 }, 4055 }, 4056 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 4057 # Bucketing transformation can provide all of this functionality, 4058 # but requires more configuration. This message is provided as a convenience to 4059 # the user for simple bucketing strategies. 4060 # 4061 # The transformed value will be a hyphenated string of 4062 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 4063 # all values that are within this bucket will be replaced with "10-20". 4064 # 4065 # This can be used on data of type: double, long. 4066 # 4067 # If the bound Value type differs from the type of data 4068 # being transformed, we will first attempt converting the type of the data to 4069 # be transformed to match the type of the bound before comparing. 4070 # 4071 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 4072 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 4073 # grouped together into a single bucket; for example if `lower_bound` = 10, 4074 # then all values less than 10 are replaced with the value “-10”. [Required]. 4075 # Note that for the purposes of inspection or transformation, the number 4076 # of bytes considered to comprise a 'Value' is based on its representation 4077 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4078 # 123456789, the number of bytes would be counted as 9, even though an 4079 # int64 only holds up to 8 bytes of data. 4080 "floatValue": 3.14, 4081 "timestampValue": "A String", 4082 "dayOfWeekValue": "A String", 4083 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4084 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4085 # types are google.type.Date and `google.protobuf.Timestamp`. 4086 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4087 # to allow the value "24:00:00" for scenarios like business closing time. 4088 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4089 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4090 # allow the value 60 if it allows leap-seconds. 4091 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4092 }, 4093 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4094 # and time zone are either specified elsewhere or are not significant. The date 4095 # is relative to the Proleptic Gregorian Calendar. This can represent: 4096 # 4097 # * A full date, with non-zero year, month and day values 4098 # * A month and day value, with a zero year, e.g. an anniversary 4099 # * A year on its own, with zero month and day values 4100 # * A year and month value, with a zero day, e.g. a credit card expiration date 4101 # 4102 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4103 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4104 # a year. 4105 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4106 # if specifying a year by itself or a year and month where the day is not 4107 # significant. 4108 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4109 # month and day. 4110 }, 4111 "stringValue": "A String", 4112 "booleanValue": True or False, 4113 "integerValue": "A String", 4114 }, 4115 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 4116 # grouped together into a single bucket; for example if `upper_bound` = 89, 4117 # then all values greater than 89 are replaced with the value “89+”. 4118 # [Required]. 4119 # Note that for the purposes of inspection or transformation, the number 4120 # of bytes considered to comprise a 'Value' is based on its representation 4121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4122 # 123456789, the number of bytes would be counted as 9, even though an 4123 # int64 only holds up to 8 bytes of data. 4124 "floatValue": 3.14, 4125 "timestampValue": "A String", 4126 "dayOfWeekValue": "A String", 4127 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4128 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4129 # types are google.type.Date and `google.protobuf.Timestamp`. 4130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4131 # to allow the value "24:00:00" for scenarios like business closing time. 4132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4134 # allow the value 60 if it allows leap-seconds. 4135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4136 }, 4137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4138 # and time zone are either specified elsewhere or are not significant. The date 4139 # is relative to the Proleptic Gregorian Calendar. This can represent: 4140 # 4141 # * A full date, with non-zero year, month and day values 4142 # * A month and day value, with a zero year, e.g. an anniversary 4143 # * A year on its own, with zero month and day values 4144 # * A year and month value, with a zero day, e.g. a credit card expiration date 4145 # 4146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4148 # a year. 4149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4150 # if specifying a year by itself or a year and month where the day is not 4151 # significant. 4152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4153 # month and day. 4154 }, 4155 "stringValue": "A String", 4156 "booleanValue": True or False, 4157 "integerValue": "A String", 4158 }, 4159 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 4160 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 4161 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 4162 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 4163 }, 4164 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 4165 }, 4166 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 4167 # portion of the value. 4168 "partToExtract": "A String", 4169 }, 4170 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 4171 # Uses SHA-256. 4172 # The key size must be either 32 or 64 bytes. 4173 # Outputs a base64 encoded representation of the hashed output 4174 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 4175 # Currently, only string and integer values can be hashed. 4176 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 4177 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 4178 # a key encryption key (KEK) stored by KMS). 4179 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4180 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4181 # unwrap the data crypto key. 4182 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4183 # The wrapped key must be a 128/192/256 bit key. 4184 # Authorization requires the following IAM permissions when sending a request 4185 # to perform a crypto transformation using a kms-wrapped crypto key: 4186 # dlp.kms.encrypt 4187 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4188 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4189 }, 4190 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4191 # leaking the key. Choose another type of key if possible. 4192 "key": "A String", # A 128/192/256 bit key. [required] 4193 }, 4194 "transient": { # Use this to have a random data crypto key generated. 4195 # It will be discarded after the request finishes. 4196 "name": "A String", # Name of the key. [required] 4197 # This is an arbitrary string used to differentiate different keys. 4198 # A unique key is generated per name: two separate `TransientCryptoKey` 4199 # protos share the same generated key if their names are the same. 4200 # When the data crypto key is generated, this name is not used in any way 4201 # (repeating the api call will result in a different key being generated). 4202 }, 4203 }, 4204 }, 4205 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 4206 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 4207 # to learn more. 4208 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 4209 # results in the same shift for the same context and crypto_key. 4210 # a key encryption key (KEK) stored by KMS). 4211 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4212 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4213 # unwrap the data crypto key. 4214 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4215 # The wrapped key must be a 128/192/256 bit key. 4216 # Authorization requires the following IAM permissions when sending a request 4217 # to perform a crypto transformation using a kms-wrapped crypto key: 4218 # dlp.kms.encrypt 4219 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4220 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4221 }, 4222 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4223 # leaking the key. Choose another type of key if possible. 4224 "key": "A String", # A 128/192/256 bit key. [required] 4225 }, 4226 "transient": { # Use this to have a random data crypto key generated. 4227 # It will be discarded after the request finishes. 4228 "name": "A String", # Name of the key. [required] 4229 # This is an arbitrary string used to differentiate different keys. 4230 # A unique key is generated per name: two separate `TransientCryptoKey` 4231 # protos share the same generated key if their names are the same. 4232 # When the data crypto key is generated, this name is not used in any way 4233 # (repeating the api call will result in a different key being generated). 4234 }, 4235 }, 4236 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 4237 # [Required] 4238 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 4239 # range (inclusive ends). Negative means shift to earlier in time. Must not 4240 # be more than 365250 days (1000 years) each direction. 4241 # 4242 # For example, 3 means shift date to at most 3 days into the future. 4243 # [Required] 4244 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 4245 # If set, must also set method. If set, shift will be consistent for the 4246 # given context. 4247 "name": "A String", # Name describing the field. 4248 }, 4249 }, 4250 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 4251 # replacement values are dynamically provided by the user for custom behavior, 4252 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 4253 # This can be used on 4254 # data of type: number, long, string, timestamp. 4255 # If the bound `Value` type differs from the type of data being transformed, we 4256 # will first attempt converting the type of the data to be transformed to match 4257 # the type of the bound before comparing. 4258 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 4259 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 4260 { # Bucket is represented as a range, along with replacement values. 4261 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 4262 # Note that for the purposes of inspection or transformation, the number 4263 # of bytes considered to comprise a 'Value' is based on its representation 4264 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4265 # 123456789, the number of bytes would be counted as 9, even though an 4266 # int64 only holds up to 8 bytes of data. 4267 "floatValue": 3.14, 4268 "timestampValue": "A String", 4269 "dayOfWeekValue": "A String", 4270 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4271 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4272 # types are google.type.Date and `google.protobuf.Timestamp`. 4273 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4274 # to allow the value "24:00:00" for scenarios like business closing time. 4275 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4276 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4277 # allow the value 60 if it allows leap-seconds. 4278 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4279 }, 4280 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4281 # and time zone are either specified elsewhere or are not significant. The date 4282 # is relative to the Proleptic Gregorian Calendar. This can represent: 4283 # 4284 # * A full date, with non-zero year, month and day values 4285 # * A month and day value, with a zero year, e.g. an anniversary 4286 # * A year on its own, with zero month and day values 4287 # * A year and month value, with a zero day, e.g. a credit card expiration date 4288 # 4289 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4290 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4291 # a year. 4292 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4293 # if specifying a year by itself or a year and month where the day is not 4294 # significant. 4295 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4296 # month and day. 4297 }, 4298 "stringValue": "A String", 4299 "booleanValue": True or False, 4300 "integerValue": "A String", 4301 }, 4302 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 4303 # the default behavior will be to hyphenate the min-max range. 4304 # Note that for the purposes of inspection or transformation, the number 4305 # of bytes considered to comprise a 'Value' is based on its representation 4306 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4307 # 123456789, the number of bytes would be counted as 9, even though an 4308 # int64 only holds up to 8 bytes of data. 4309 "floatValue": 3.14, 4310 "timestampValue": "A String", 4311 "dayOfWeekValue": "A String", 4312 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4313 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4314 # types are google.type.Date and `google.protobuf.Timestamp`. 4315 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4316 # to allow the value "24:00:00" for scenarios like business closing time. 4317 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4318 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4319 # allow the value 60 if it allows leap-seconds. 4320 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4321 }, 4322 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4323 # and time zone are either specified elsewhere or are not significant. The date 4324 # is relative to the Proleptic Gregorian Calendar. This can represent: 4325 # 4326 # * A full date, with non-zero year, month and day values 4327 # * A month and day value, with a zero year, e.g. an anniversary 4328 # * A year on its own, with zero month and day values 4329 # * A year and month value, with a zero day, e.g. a credit card expiration date 4330 # 4331 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4332 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4333 # a year. 4334 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4335 # if specifying a year by itself or a year and month where the day is not 4336 # significant. 4337 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4338 # month and day. 4339 }, 4340 "stringValue": "A String", 4341 "booleanValue": True or False, 4342 "integerValue": "A String", 4343 }, 4344 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 4345 # used. 4346 # Note that for the purposes of inspection or transformation, the number 4347 # of bytes considered to comprise a 'Value' is based on its representation 4348 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4349 # 123456789, the number of bytes would be counted as 9, even though an 4350 # int64 only holds up to 8 bytes of data. 4351 "floatValue": 3.14, 4352 "timestampValue": "A String", 4353 "dayOfWeekValue": "A String", 4354 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4355 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4356 # types are google.type.Date and `google.protobuf.Timestamp`. 4357 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4358 # to allow the value "24:00:00" for scenarios like business closing time. 4359 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4360 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4361 # allow the value 60 if it allows leap-seconds. 4362 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4363 }, 4364 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4365 # and time zone are either specified elsewhere or are not significant. The date 4366 # is relative to the Proleptic Gregorian Calendar. This can represent: 4367 # 4368 # * A full date, with non-zero year, month and day values 4369 # * A month and day value, with a zero year, e.g. an anniversary 4370 # * A year on its own, with zero month and day values 4371 # * A year and month value, with a zero day, e.g. a credit card expiration date 4372 # 4373 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4374 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4375 # a year. 4376 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4377 # if specifying a year by itself or a year and month where the day is not 4378 # significant. 4379 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4380 # month and day. 4381 }, 4382 "stringValue": "A String", 4383 "booleanValue": True or False, 4384 "integerValue": "A String", 4385 }, 4386 }, 4387 ], 4388 }, 4389 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 4390 # (FPE) with the FFX mode of operation; however when used in the 4391 # `ReidentifyContent` API method, it serves the opposite function by reversing 4392 # the surrogate back into the original identifier. The identifier must be 4393 # encoded as ASCII. For a given crypto key and context, the same identifier 4394 # will be replaced with the same surrogate. Identifiers must be at least two 4395 # characters long. In the case that the identifier is the empty string, it will 4396 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 4397 # more. 4398 # 4399 # Note: We recommend using CryptoDeterministicConfig for all use cases which 4400 # do not require preserving the input alphabet space and size, plus warrant 4401 # referential integrity. 4402 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 4403 # a key encryption key (KEK) stored by KMS). 4404 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 4405 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 4406 # unwrap the data crypto key. 4407 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 4408 # The wrapped key must be a 128/192/256 bit key. 4409 # Authorization requires the following IAM permissions when sending a request 4410 # to perform a crypto transformation using a kms-wrapped crypto key: 4411 # dlp.kms.encrypt 4412 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 4413 "wrappedKey": "A String", # The wrapped data crypto key. [required] 4414 }, 4415 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 4416 # leaking the key. Choose another type of key if possible. 4417 "key": "A String", # A 128/192/256 bit key. [required] 4418 }, 4419 "transient": { # Use this to have a random data crypto key generated. 4420 # It will be discarded after the request finishes. 4421 "name": "A String", # Name of the key. [required] 4422 # This is an arbitrary string used to differentiate different keys. 4423 # A unique key is generated per name: two separate `TransientCryptoKey` 4424 # protos share the same generated key if their names are the same. 4425 # When the data crypto key is generated, this name is not used in any way 4426 # (repeating the api call will result in a different key being generated). 4427 }, 4428 }, 4429 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 4430 "commonAlphabet": "A String", 4431 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 4432 # that the FFX mode natively supports. This happens before/after 4433 # encryption/decryption. 4434 # Each character listed must appear only once. 4435 # Number of characters must be in the range [2, 62]. 4436 # This must be encoded as ASCII. 4437 # The order of characters does not matter. 4438 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 4439 # identifier in two different contexts won't be given the same surrogate. If 4440 # the context is not set, a default tweak will be used. 4441 # 4442 # If the context is set but: 4443 # 4444 # 1. there is no record present when transforming a given value or 4445 # 1. the field is not present when transforming a given value, 4446 # 4447 # a default tweak will be used. 4448 # 4449 # Note that case (1) is expected when an `InfoTypeTransformation` is 4450 # applied to both structured and non-structured `ContentItem`s. 4451 # Currently, the referenced field may be of value type integer or string. 4452 # 4453 # The tweak is constructed as a sequence of bytes in big endian byte order 4454 # such that: 4455 # 4456 # - a 64 bit integer is encoded followed by a single byte of value 1 4457 # - a string is encoded in UTF-8 format followed by a single byte of value 2 4458 "name": "A String", # Name describing the field. 4459 }, 4460 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 4461 # This annotation will be applied to the surrogate by prefixing it with 4462 # the name of the custom infoType followed by the number of 4463 # characters comprising the surrogate. The following scheme defines the 4464 # format: info_type_name(surrogate_character_count):surrogate 4465 # 4466 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 4467 # the surrogate is 'abc', the full replacement value 4468 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 4469 # 4470 # This annotation identifies the surrogate when inspecting content using the 4471 # custom infoType 4472 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 4473 # This facilitates reversal of the surrogate when it occurs in free text. 4474 # 4475 # In order for inspection to work properly, the name of this infoType must 4476 # not occur naturally anywhere in your data; otherwise, inspection may 4477 # find a surrogate that does not correspond to an actual identifier. 4478 # Therefore, choose your custom infoType name carefully after considering 4479 # what your data looks like. One way to select a name that has a high chance 4480 # of yielding reliable detection is to include one or more unicode characters 4481 # that are highly improbable to exist in your data. 4482 # For example, assuming your data is entered from a regular ASCII keyboard, 4483 # the symbol with the hex code point 29DD might be used like so: 4484 # ⧝MY_TOKEN_TYPE 4485 "name": "A String", # Name of the information type. Either a name of your choosing when 4486 # creating a CustomInfoType, or one of the names listed 4487 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4488 # a built-in type. InfoType names should conform to the pattern 4489 # [a-zA-Z0-9_]{1,64}. 4490 }, 4491 }, 4492 "replaceConfig": { # Replace each input value with a given `Value`. 4493 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 4494 # Note that for the purposes of inspection or transformation, the number 4495 # of bytes considered to comprise a 'Value' is based on its representation 4496 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4497 # 123456789, the number of bytes would be counted as 9, even though an 4498 # int64 only holds up to 8 bytes of data. 4499 "floatValue": 3.14, 4500 "timestampValue": "A String", 4501 "dayOfWeekValue": "A String", 4502 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4503 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4504 # types are google.type.Date and `google.protobuf.Timestamp`. 4505 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4506 # to allow the value "24:00:00" for scenarios like business closing time. 4507 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4508 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4509 # allow the value 60 if it allows leap-seconds. 4510 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4511 }, 4512 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4513 # and time zone are either specified elsewhere or are not significant. The date 4514 # is relative to the Proleptic Gregorian Calendar. This can represent: 4515 # 4516 # * A full date, with non-zero year, month and day values 4517 # * A month and day value, with a zero year, e.g. an anniversary 4518 # * A year on its own, with zero month and day values 4519 # * A year and month value, with a zero day, e.g. a credit card expiration date 4520 # 4521 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4522 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4523 # a year. 4524 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4525 # if specifying a year by itself or a year and month where the day is not 4526 # significant. 4527 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4528 # month and day. 4529 }, 4530 "stringValue": "A String", 4531 "booleanValue": True or False, 4532 "integerValue": "A String", 4533 }, 4534 }, 4535 }, 4536 }, 4537 ], 4538 "transformedBytes": "A String", # Total size in bytes that were transformed in some way. 4539 }, 4540 "item": { # Container structure for the content to inspect. # The de-identified item. 4541 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See 4542 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 4543 # learn more. 4544 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 4545 # learn more. 4546 "headers": [ 4547 { # General identifier of a data field in a storage service. 4548 "name": "A String", # Name describing the field. 4549 }, 4550 ], 4551 "rows": [ 4552 { 4553 "values": [ 4554 { # Set of primitive values supported by the system. 4555 # Note that for the purposes of inspection or transformation, the number 4556 # of bytes considered to comprise a 'Value' is based on its representation 4557 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4558 # 123456789, the number of bytes would be counted as 9, even though an 4559 # int64 only holds up to 8 bytes of data. 4560 "floatValue": 3.14, 4561 "timestampValue": "A String", 4562 "dayOfWeekValue": "A String", 4563 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4564 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4565 # types are google.type.Date and `google.protobuf.Timestamp`. 4566 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4567 # to allow the value "24:00:00" for scenarios like business closing time. 4568 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4569 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4570 # allow the value 60 if it allows leap-seconds. 4571 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4572 }, 4573 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4574 # and time zone are either specified elsewhere or are not significant. The date 4575 # is relative to the Proleptic Gregorian Calendar. This can represent: 4576 # 4577 # * A full date, with non-zero year, month and day values 4578 # * A month and day value, with a zero year, e.g. an anniversary 4579 # * A year on its own, with zero month and day values 4580 # * A year and month value, with a zero day, e.g. a credit card expiration date 4581 # 4582 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4583 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4584 # a year. 4585 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4586 # if specifying a year by itself or a year and month where the day is not 4587 # significant. 4588 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4589 # month and day. 4590 }, 4591 "stringValue": "A String", 4592 "booleanValue": True or False, 4593 "integerValue": "A String", 4594 }, 4595 ], 4596 }, 4597 ], 4598 }, 4599 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`. 4600 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8. 4601 "data": "A String", # Content data to inspect or redact. 4602 }, 4603 "value": "A String", # String data to inspect or redact. 4604 }, 4605 }</pre> 4606</div> 4607 4608<div class="method"> 4609 <code class="details" id="inspect">inspect(parent, body, x__xgafv=None)</code> 4610 <pre>Finds potentially sensitive info in content. 4611This method has limits on input size, processing time, and output size. 4612 4613When no InfoTypes or CustomInfoTypes are specified in this request, the 4614system will automatically choose what detectors to run. By default this may 4615be all types, but may change over time as detectors are updated. 4616 4617For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images 4618and https://cloud.google.com/dlp/docs/inspecting-text, 4619 4620Args: 4621 parent: string, The parent resource name, for example projects/my-project-id. (required) 4622 body: object, The request body. (required) 4623 The object takes the form of: 4624 4625{ # Request to search for potentially sensitive info in a ContentItem. 4626 "item": { # Container structure for the content to inspect. # The item to inspect. 4627 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See 4628 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 4629 # learn more. 4630 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 4631 # learn more. 4632 "headers": [ 4633 { # General identifier of a data field in a storage service. 4634 "name": "A String", # Name describing the field. 4635 }, 4636 ], 4637 "rows": [ 4638 { 4639 "values": [ 4640 { # Set of primitive values supported by the system. 4641 # Note that for the purposes of inspection or transformation, the number 4642 # of bytes considered to comprise a 'Value' is based on its representation 4643 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 4644 # 123456789, the number of bytes would be counted as 9, even though an 4645 # int64 only holds up to 8 bytes of data. 4646 "floatValue": 3.14, 4647 "timestampValue": "A String", 4648 "dayOfWeekValue": "A String", 4649 "timeValue": { # Represents a time of day. The date and time zone are either not significant 4650 # or are specified elsewhere. An API may choose to allow leap seconds. Related 4651 # types are google.type.Date and `google.protobuf.Timestamp`. 4652 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 4653 # to allow the value "24:00:00" for scenarios like business closing time. 4654 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 4655 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 4656 # allow the value 60 if it allows leap-seconds. 4657 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 4658 }, 4659 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 4660 # and time zone are either specified elsewhere or are not significant. The date 4661 # is relative to the Proleptic Gregorian Calendar. This can represent: 4662 # 4663 # * A full date, with non-zero year, month and day values 4664 # * A month and day value, with a zero year, e.g. an anniversary 4665 # * A year on its own, with zero month and day values 4666 # * A year and month value, with a zero day, e.g. a credit card expiration date 4667 # 4668 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 4669 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 4670 # a year. 4671 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 4672 # if specifying a year by itself or a year and month where the day is not 4673 # significant. 4674 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 4675 # month and day. 4676 }, 4677 "stringValue": "A String", 4678 "booleanValue": True or False, 4679 "integerValue": "A String", 4680 }, 4681 ], 4682 }, 4683 ], 4684 }, 4685 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`. 4686 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8. 4687 "data": "A String", # Content data to inspect or redact. 4688 }, 4689 "value": "A String", # String data to inspect or redact. 4690 }, 4691 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector. What specified here will override 4692 # the template referenced by the inspect_template_name argument. 4693 # When used with redactContent only info_types and min_likelihood are currently 4694 # used. 4695 "excludeInfoTypes": True or False, # When true, excludes type information of the findings. 4696 "limits": { 4697 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job. 4698 # When set within `InspectContentRequest`, the maximum returned is 2000 4699 # regardless if this is set higher. 4700 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes. 4701 { # Max findings configuration per infoType, per content item or long 4702 # running DlpJob. 4703 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per 4704 # info_type should be provided. If InfoTypeLimit does not have an 4705 # info_type, the DLP API applies the limit against all info_types that 4706 # are found but not specified in another InfoTypeLimit. 4707 "name": "A String", # Name of the information type. Either a name of your choosing when 4708 # creating a CustomInfoType, or one of the names listed 4709 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4710 # a built-in type. InfoType names should conform to the pattern 4711 # [a-zA-Z0-9_]{1,64}. 4712 }, 4713 "maxFindings": 42, # Max findings limit for the given infoType. 4714 }, 4715 ], 4716 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned. 4717 # When set within `InspectDataSourceRequest`, 4718 # the maximum returned is 2000 regardless if this is set higher. 4719 # When set within `InspectContentRequest`, this field is ignored. 4720 }, 4721 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is 4722 # POSSIBLE. 4723 # See https://cloud.google.com/dlp/docs/likelihood to learn more. 4724 "customInfoTypes": [ # CustomInfoTypes provided by the user. See 4725 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. 4726 { # Custom information type provided by the user. Used to find domain-specific 4727 # sensitive information configurable to the data in question. 4728 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType. 4729 "pattern": "A String", # Pattern defining the regular expression. Its syntax 4730 # (https://github.com/google/re2/wiki/Syntax) can be found under the 4731 # google/re2 repository on GitHub. 4732 "groupIndexes": [ # The index of the submatch to extract as findings. When not 4733 # specified, the entire match is returned. No more than 3 may be included. 4734 42, 4735 ], 4736 }, 4737 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that 4738 # support reversing. 4739 # such as 4740 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig). 4741 # These types of transformations are 4742 # those that perform pseudonymization, thereby producing a "surrogate" as 4743 # output. This should be used in conjunction with a field on the 4744 # transformation such as `surrogate_info_type`. This CustomInfoType does 4745 # not support the use of `detection_rules`. 4746 }, 4747 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in 4748 # infoType, when the name matches one of existing infoTypes and that infoType 4749 # is specified in `InspectContent.info_types` field. Specifying the latter 4750 # adds findings to the one detected by the system. If built-in info type is 4751 # not specified in `InspectContent.info_types` list then the name is treated 4752 # as a custom info type. 4753 "name": "A String", # Name of the information type. Either a name of your choosing when 4754 # creating a CustomInfoType, or one of the names listed 4755 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4756 # a built-in type. InfoType names should conform to the pattern 4757 # [a-zA-Z0-9_]{1,64}. 4758 }, 4759 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType. 4760 # be used to match sensitive information specific to the data, such as a list 4761 # of employee IDs or job titles. 4762 # 4763 # Dictionary words are case-insensitive and all characters other than letters 4764 # and digits in the unicode [Basic Multilingual 4765 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 4766 # will be replaced with whitespace when scanning for matches, so the 4767 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 4768 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 4769 # surrounding any match must be of a different type than the adjacent 4770 # characters within the word, so letters must be next to non-letters and 4771 # digits next to non-digits. For example, the dictionary word "jen" will 4772 # match the first three letters of the text "jen123" but will return no 4773 # matches for "jennifer". 4774 # 4775 # Dictionary words containing a large number of characters that are not 4776 # letters or digits may result in unexpected findings because such characters 4777 # are treated as whitespace. The 4778 # [limits](https://cloud.google.com/dlp/limits) page contains details about 4779 # the size limits of dictionaries. For dictionaries that do not fit within 4780 # these constraints, consider using `LargeCustomDictionaryConfig` in the 4781 # `StoredInfoType` API. 4782 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 4783 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 4784 # at least one phrase and every phrase must contain at least 2 characters 4785 # that are letters or digits. [required] 4786 "A String", 4787 ], 4788 }, 4789 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 4790 # is accepted. 4791 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 4792 # Example: gs://[BUCKET_NAME]/dictionary.txt 4793 }, 4794 }, 4795 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in 4796 # `InspectDataSource`. Not currently supported in `InspectContent`. 4797 "name": "A String", # Resource name of the requested `StoredInfoType`, for example 4798 # `organizations/433245324/storedInfoTypes/432452342` or 4799 # `projects/project-id/storedInfoTypes/432452342`. 4800 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for 4801 # inspection was created. Output-only field, populated by the system. 4802 }, 4803 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType. 4804 # Rules are applied in order that they are specified. Not supported for the 4805 # `surrogate_type` CustomInfoType. 4806 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a 4807 # `CustomInfoType` to alter behavior under certain circumstances, depending 4808 # on the specific details of the rule. Not supported for the `surrogate_type` 4809 # custom infoType. 4810 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 4811 # proximity of hotwords. 4812 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 4813 # The total length of the window cannot exceed 1000 characters. Note that 4814 # the finding itself will be included in the window, so that hotwords may 4815 # be used to match substrings of the finding itself. For example, the 4816 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 4817 # adjusted upwards if the area code is known to be the local area code of 4818 # a company office using the hotword regex "\(xxx\)", where "xxx" 4819 # is the area code in question. 4820 # rule. 4821 "windowAfter": 42, # Number of characters after the finding to consider. 4822 "windowBefore": 42, # Number of characters before the finding to consider. 4823 }, 4824 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 4825 "pattern": "A String", # Pattern defining the regular expression. Its syntax 4826 # (https://github.com/google/re2/wiki/Syntax) can be found under the 4827 # google/re2 repository on GitHub. 4828 "groupIndexes": [ # The index of the submatch to extract as findings. When not 4829 # specified, the entire match is returned. No more than 3 may be included. 4830 42, 4831 ], 4832 }, 4833 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 4834 # part of a detection rule. 4835 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 4836 # levels. For example, if a finding would be `POSSIBLE` without the 4837 # detection rule and `relative_likelihood` is 1, then it is upgraded to 4838 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 4839 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 4840 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 4841 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 4842 # a final likelihood of `LIKELY`. 4843 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 4844 }, 4845 }, 4846 }, 4847 ], 4848 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding 4849 # to be returned. It still can be used for rules matching. 4850 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be 4851 # altered by a detection rule if the finding meets the criteria specified by 4852 # the rule. Defaults to `VERY_LIKELY` if not specified. 4853 }, 4854 ], 4855 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is 4856 # included in the response; see Finding.quote. 4857 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig. 4858 # Exclusion rules, contained in the set are executed in the end, other 4859 # rules are executed in the order they are specified for each info type. 4860 { # Rule set for modifying a set of infoTypes to alter behavior under certain 4861 # circumstances, depending on the specific details of the rules within the set. 4862 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order. 4863 { # A single inspection rule to be applied to infoTypes, specified in 4864 # `InspectionRuleSet`. 4865 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 4866 # proximity of hotwords. 4867 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 4868 # The total length of the window cannot exceed 1000 characters. Note that 4869 # the finding itself will be included in the window, so that hotwords may 4870 # be used to match substrings of the finding itself. For example, the 4871 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 4872 # adjusted upwards if the area code is known to be the local area code of 4873 # a company office using the hotword regex "\(xxx\)", where "xxx" 4874 # is the area code in question. 4875 # rule. 4876 "windowAfter": 42, # Number of characters after the finding to consider. 4877 "windowBefore": 42, # Number of characters before the finding to consider. 4878 }, 4879 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 4880 "pattern": "A String", # Pattern defining the regular expression. Its syntax 4881 # (https://github.com/google/re2/wiki/Syntax) can be found under the 4882 # google/re2 repository on GitHub. 4883 "groupIndexes": [ # The index of the submatch to extract as findings. When not 4884 # specified, the entire match is returned. No more than 3 may be included. 4885 42, 4886 ], 4887 }, 4888 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 4889 # part of a detection rule. 4890 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 4891 # levels. For example, if a finding would be `POSSIBLE` without the 4892 # detection rule and `relative_likelihood` is 1, then it is upgraded to 4893 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 4894 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 4895 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 4896 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 4897 # a final likelihood of `LIKELY`. 4898 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 4899 }, 4900 }, 4901 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule. 4902 # `InspectionRuleSet` are removed from results. 4903 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule. 4904 "pattern": "A String", # Pattern defining the regular expression. Its syntax 4905 # (https://github.com/google/re2/wiki/Syntax) can be found under the 4906 # google/re2 repository on GitHub. 4907 "groupIndexes": [ # The index of the submatch to extract as findings. When not 4908 # specified, the entire match is returned. No more than 3 may be included. 4909 42, 4910 ], 4911 }, 4912 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule. 4913 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or 4914 # contained within with a finding of an infoType from this list. For 4915 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and 4916 # `exclusion_rule` containing `exclude_info_types.info_types` with 4917 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap 4918 # with EMAIL_ADDRESS finding. 4919 # That leads to "555-222-2222@example.org" to generate only a single 4920 # finding, namely email address. 4921 { # Type of information detected by the API. 4922 "name": "A String", # Name of the information type. Either a name of your choosing when 4923 # creating a CustomInfoType, or one of the names listed 4924 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4925 # a built-in type. InfoType names should conform to the pattern 4926 # [a-zA-Z0-9_]{1,64}. 4927 }, 4928 ], 4929 }, 4930 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule. 4931 # be used to match sensitive information specific to the data, such as a list 4932 # of employee IDs or job titles. 4933 # 4934 # Dictionary words are case-insensitive and all characters other than letters 4935 # and digits in the unicode [Basic Multilingual 4936 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 4937 # will be replaced with whitespace when scanning for matches, so the 4938 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 4939 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 4940 # surrounding any match must be of a different type than the adjacent 4941 # characters within the word, so letters must be next to non-letters and 4942 # digits next to non-digits. For example, the dictionary word "jen" will 4943 # match the first three letters of the text "jen123" but will return no 4944 # matches for "jennifer". 4945 # 4946 # Dictionary words containing a large number of characters that are not 4947 # letters or digits may result in unexpected findings because such characters 4948 # are treated as whitespace. The 4949 # [limits](https://cloud.google.com/dlp/limits) page contains details about 4950 # the size limits of dictionaries. For dictionaries that do not fit within 4951 # these constraints, consider using `LargeCustomDictionaryConfig` in the 4952 # `StoredInfoType` API. 4953 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 4954 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 4955 # at least one phrase and every phrase must contain at least 2 characters 4956 # that are letters or digits. [required] 4957 "A String", 4958 ], 4959 }, 4960 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 4961 # is accepted. 4962 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 4963 # Example: gs://[BUCKET_NAME]/dictionary.txt 4964 }, 4965 }, 4966 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details. 4967 }, 4968 }, 4969 ], 4970 "infoTypes": [ # List of infoTypes this rule set is applied to. 4971 { # Type of information detected by the API. 4972 "name": "A String", # Name of the information type. Either a name of your choosing when 4973 # creating a CustomInfoType, or one of the names listed 4974 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 4975 # a built-in type. InfoType names should conform to the pattern 4976 # [a-zA-Z0-9_]{1,64}. 4977 }, 4978 ], 4979 }, 4980 ], 4981 "contentOptions": [ # List of options defining data content to scan. 4982 # If empty, text, images, and other content will be included. 4983 "A String", 4984 ], 4985 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to 4986 # InfoType values returned by ListInfoTypes or listed at 4987 # https://cloud.google.com/dlp/docs/infotypes-reference. 4988 # 4989 # When no InfoTypes or CustomInfoTypes are specified in a request, the 4990 # system may automatically choose what detectors to run. By default this may 4991 # be all types, but may change over time as detectors are updated. 4992 # 4993 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors, 4994 # but may change over time as new InfoTypes are added. If you need precise 4995 # control and predictability as to what detectors are run you should specify 4996 # specific InfoTypes listed in the reference. 4997 { # Type of information detected by the API. 4998 "name": "A String", # Name of the information type. Either a name of your choosing when 4999 # creating a CustomInfoType, or one of the names listed 5000 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5001 # a built-in type. InfoType names should conform to the pattern 5002 # [a-zA-Z0-9_]{1,64}. 5003 }, 5004 ], 5005 }, 5006 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in 5007 # inspect_config will override those set in the template. Singular fields 5008 # that are set in this request will replace their corresponding fields in the 5009 # template. Repeated fields are appended. Singular sub-messages and groups 5010 # are recursively merged. 5011 } 5012 5013 x__xgafv: string, V1 error format. 5014 Allowed values 5015 1 - v1 error format 5016 2 - v2 error format 5017 5018Returns: 5019 An object of the form: 5020 5021 { # Results of inspecting an item. 5022 "result": { # All the findings for a single scanned item. # The findings. 5023 "findingsTruncated": True or False, # If true, then this item might have more findings than were returned, 5024 # and the findings returned are an arbitrary subset of all findings. 5025 # The findings list might be truncated because the input items were too 5026 # large, or because the server reached the maximum amount of resources 5027 # allowed for a single API call. For best results, divide the input into 5028 # smaller batches. 5029 "findings": [ # List of findings for an item. 5030 { # Represents a piece of potentially sensitive content. 5031 "infoType": { # Type of information detected by the API. # The type of content that might have been found. 5032 # Provided if `excluded_types` is false. 5033 "name": "A String", # Name of the information type. Either a name of your choosing when 5034 # creating a CustomInfoType, or one of the names listed 5035 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5036 # a built-in type. InfoType names should conform to the pattern 5037 # [a-zA-Z0-9_]{1,64}. 5038 }, 5039 "quote": "A String", # The content that was found. Even if the content is not textual, it 5040 # may be converted to a textual representation here. 5041 # Provided if `include_quote` is true and the finding is 5042 # less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes 5043 # in length, the quote may be omitted. 5044 "quoteInfo": { # Message for infoType-dependent details parsed from quote. # Contains data parsed from quotes. Only populated if include_quote was set 5045 # to true and a supported infoType was requested. Currently supported 5046 # infoTypes: DATE, DATE_OF_BIRTH and TIME. 5047 "dateTime": { # Message for a date time object. # The date time indicated by the quote. 5048 # e.g. 2018-01-01, 5th August. 5049 "dayOfWeek": "A String", 5050 "timeZone": { 5051 "offsetMinutes": 42, # Set only if the offset can be determined. Positive for time ahead of UTC. 5052 # E.g. For "UTC-9", this value is -540. 5053 }, 5054 "date": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day # One or more of the following must be set. All fields are optional, but 5055 # when set must be valid date or time values. 5056 # and time zone are either specified elsewhere or are not significant. The date 5057 # is relative to the Proleptic Gregorian Calendar. This can represent: 5058 # 5059 # * A full date, with non-zero year, month and day values 5060 # * A month and day value, with a zero year, e.g. an anniversary 5061 # * A year on its own, with zero month and day values 5062 # * A year and month value, with a zero day, e.g. a credit card expiration date 5063 # 5064 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5065 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5066 # a year. 5067 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5068 # if specifying a year by itself or a year and month where the day is not 5069 # significant. 5070 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5071 # month and day. 5072 }, 5073 "time": { # Represents a time of day. The date and time zone are either not significant 5074 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5075 # types are google.type.Date and `google.protobuf.Timestamp`. 5076 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5077 # to allow the value "24:00:00" for scenarios like business closing time. 5078 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5079 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5080 # allow the value 60 if it allows leap-seconds. 5081 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5082 }, 5083 }, 5084 }, 5085 "location": { # Specifies the location of the finding. # Where the content was found. 5086 "byteRange": { # Generic half-open interval [start, end) # Zero-based byte offsets delimiting the finding. 5087 # These are relative to the finding's containing element. 5088 # Note that when the content is not textual, this references 5089 # the UTF-8 encoded textual representation of the content. 5090 # Omitted if content is an image. 5091 "start": "A String", # Index of the first character of the range (inclusive). 5092 "end": "A String", # Index of the last character of the range (exclusive). 5093 }, 5094 "codepointRange": { # Generic half-open interval [start, end) # Unicode character offsets delimiting the finding. 5095 # These are relative to the finding's containing element. 5096 # Provided when the content is text. 5097 "start": "A String", # Index of the first character of the range (inclusive). 5098 "end": "A String", # Index of the last character of the range (exclusive). 5099 }, 5100 "contentLocations": [ # List of nested objects pointing to the precise location of the finding 5101 # within the file or record. 5102 { # Findings container location data. 5103 "containerName": "A String", # Name of the container where the finding is located. 5104 # The top level name is the source file name or table name. Names of some 5105 # common storage containers are formatted as follows: 5106 # 5107 # * BigQuery tables: `<project_id>:<dataset_id>.<table_id>` 5108 # * Cloud Storage files: `gs://<bucket>/<path>` 5109 # * Datastore namespace: <namespace> 5110 # 5111 # Nested names could be absent if the embedded object has no string 5112 # identifier (for an example an image contained within a document). 5113 "containerVersion": "A String", # Findings container version, if available 5114 # ("generation" for Google Cloud Storage). 5115 "containerTimestamp": "A String", # Findings container modification timestamp, if applicable. 5116 # For Google Cloud Storage contains last file modification timestamp. 5117 # For BigQuery table contains last_modified_time property. 5118 # For Datastore - not populated. 5119 "documentLocation": { # Location of a finding within a document. # Location data for document files. 5120 "fileOffset": "A String", # Offset of the line, from the beginning of the file, where the finding 5121 # is located. 5122 }, 5123 "imageLocation": { # Location of the finding within an image. # Location within an image's pixels. 5124 "boundingBoxes": [ # Bounding boxes locating the pixels within the image containing the finding. 5125 { # Bounding box encompassing detected text within an image. 5126 "width": 42, # Width of the bounding box in pixels. 5127 "top": 42, # Top coordinate of the bounding box. (0,0) is upper left. 5128 "left": 42, # Left coordinate of the bounding box. (0,0) is upper left. 5129 "height": 42, # Height of the bounding box in pixels. 5130 }, 5131 ], 5132 }, 5133 "recordLocation": { # Location of a finding within a row or record. # Location within a row or record of a database table. 5134 "fieldId": { # General identifier of a data field in a storage service. # Field id of the field containing the finding. 5135 "name": "A String", # Name describing the field. 5136 }, 5137 "tableLocation": { # Location of a finding within a table. # Location within a `ContentItem.Table`. 5138 "rowIndex": "A String", # The zero-based index of the row where the finding is located. 5139 }, 5140 "recordKey": { # Message for a unique key indicating a record that contains a finding. # Key of the finding. 5141 "bigQueryKey": { # Row key for identifying a record in BigQuery table. 5142 "tableReference": { # Message defining the location of a BigQuery table. A table is uniquely # Complete BigQuery table reference. 5143 # identified by its project_id, dataset_id, and table_name. Within a query 5144 # a table is often referenced with a string in the format of: 5145 # `<project_id>:<dataset_id>.<table_id>` or 5146 # `<project_id>.<dataset_id>.<table_id>`. 5147 "projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. 5148 # If omitted, project ID is inferred from the API call. 5149 "tableId": "A String", # Name of the table. 5150 "datasetId": "A String", # Dataset ID of the table. 5151 }, 5152 "rowNumber": "A String", # Absolute number of the row from the beginning of the table at the time 5153 # of scanning. 5154 }, 5155 "idValues": [ # Values of identifying columns in the given row. Order of values matches 5156 # the order of field identifiers specified in the scanning request. 5157 "A String", 5158 ], 5159 "datastoreKey": { # Record key for a finding in Cloud Datastore. 5160 "entityKey": { # A unique identifier for a Datastore entity. # Datastore entity key. 5161 # If a key's partition ID or any of its path kinds or names are 5162 # reserved/read-only, the key is reserved/read-only. 5163 # A reserved/read-only key is forbidden in certain documented contexts. 5164 "path": [ # The entity path. 5165 # An entity path consists of one or more elements composed of a kind and a 5166 # string or numerical identifier, which identify entities. The first 5167 # element identifies a _root entity_, the second element identifies 5168 # a _child_ of the root entity, the third element identifies a child of the 5169 # second entity, and so forth. The entities identified by all prefixes of 5170 # the path are called the element's _ancestors_. 5171 # 5172 # A path can never be empty, and a path can have at most 100 elements. 5173 { # A (kind, ID/name) pair used to construct a key path. 5174 # 5175 # If either name or ID is set, the element is complete. 5176 # If neither is set, the element is incomplete. 5177 "kind": "A String", # The kind of the entity. 5178 # A kind matching regex `__.*__` is reserved/read-only. 5179 # A kind must not contain more than 1500 bytes when UTF-8 encoded. 5180 # Cannot be `""`. 5181 "name": "A String", # The name of the entity. 5182 # A name matching regex `__.*__` is reserved/read-only. 5183 # A name must not be more than 1500 bytes when UTF-8 encoded. 5184 # Cannot be `""`. 5185 "id": "A String", # The auto-allocated ID of the entity. 5186 # Never equal to zero. Values less than zero are discouraged and may not 5187 # be supported in the future. 5188 }, 5189 ], 5190 "partitionId": { # Datastore partition ID. # Entities are partitioned into subsets, currently identified by a project 5191 # ID and namespace ID. 5192 # Queries are scoped to a single partition. 5193 # A partition ID identifies a grouping of entities. The grouping is always 5194 # by project and namespace, however the namespace ID may be empty. 5195 # 5196 # A partition ID contains several dimensions: 5197 # project ID and namespace ID. 5198 "projectId": "A String", # The ID of the project to which the entities belong. 5199 "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong. 5200 }, 5201 }, 5202 }, 5203 }, 5204 }, 5205 }, 5206 ], 5207 }, 5208 "likelihood": "A String", # Confidence of how likely it is that the `info_type` is correct. 5209 "createTime": "A String", # Timestamp when finding was detected. 5210 }, 5211 ], 5212 }, 5213 }</pre> 5214</div> 5215 5216<div class="method"> 5217 <code class="details" id="reidentify">reidentify(parent, body, x__xgafv=None)</code> 5218 <pre>Re-identifies content that has been de-identified. 5219See 5220https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example 5221to learn more. 5222 5223Args: 5224 parent: string, The parent resource name. (required) 5225 body: object, The request body. (required) 5226 The object takes the form of: 5227 5228{ # Request to re-identify an item. 5229 "reidentifyConfig": { # The configuration that controls how the data will change. # Configuration for the re-identification of the content item. 5230 # This field shares the same proto message type that is used for 5231 # de-identification, however its usage here is for the reversal of the 5232 # previous de-identification. Re-identification is performed by examining 5233 # the transformations used to de-identify the items and executing the 5234 # reverse. This requires that only reversible transformations 5235 # be provided here. The reversible transformations are: 5236 # 5237 # - `CryptoReplaceFfxFpeConfig` 5238 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the dataset as free-form text and apply the same free text 5239 # transformation everywhere. 5240 # apply various `PrimitiveTransformation`s to each finding, where the 5241 # transformation is applied to only values that were identified as a specific 5242 # info_type. 5243 "transformations": [ # Transformation for each infoType. Cannot specify more than one 5244 # for a given infoType. [required] 5245 { # A transformation to apply to text that is identified as a specific 5246 # info_type. 5247 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 5248 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 5249 # fixed character. Masking can start from the beginning or end of the string. 5250 # This can be used on data of any type (numbers, longs, and so on) and when 5251 # de-identifying structured data we'll attempt to preserve the original data's 5252 # type. (This allows you to take a long like 123 and modify it to a string like 5253 # **3. 5254 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 5255 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 5256 # mask 5 chars with * we would produce ***-*55-5555. 5257 { # Characters to skip when doing deidentification of a value. These will be left 5258 # alone and skipped. 5259 "commonCharactersToIgnore": "A String", 5260 "charactersToSkip": "A String", 5261 }, 5262 ], 5263 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 5264 # masked. Skipped characters do not count towards this tally. 5265 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 5266 # alphabetic string such as name, or "0" for a numeric string such as ZIP 5267 # code or credit card number. String must have length 1. If not supplied, we 5268 # will default to "*" for strings, 0 for digits. 5269 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 5270 # '0', number_to_mask is 14, and `reverse_order` is false, then 5271 # 1234-5678-9012-3456 -> 00000000000000-3456 5272 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 5273 # is true, then 12345 -> 12*** 5274 }, 5275 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 5276 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 5277 # output would be 'My phone number is '. 5278 }, 5279 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 5280 # input. Outputs a base64 encoded representation of the encrypted output. 5281 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 5282 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 5283 # a key encryption key (KEK) stored by KMS). 5284 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5285 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5286 # unwrap the data crypto key. 5287 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5288 # The wrapped key must be a 128/192/256 bit key. 5289 # Authorization requires the following IAM permissions when sending a request 5290 # to perform a crypto transformation using a kms-wrapped crypto key: 5291 # dlp.kms.encrypt 5292 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5293 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5294 }, 5295 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5296 # leaking the key. Choose another type of key if possible. 5297 "key": "A String", # A 128/192/256 bit key. [required] 5298 }, 5299 "transient": { # Use this to have a random data crypto key generated. 5300 # It will be discarded after the request finishes. 5301 "name": "A String", # Name of the key. [required] 5302 # This is an arbitrary string used to differentiate different keys. 5303 # A unique key is generated per name: two separate `TransientCryptoKey` 5304 # protos share the same generated key if their names are the same. 5305 # When the data crypto key is generated, this name is not used in any way 5306 # (repeating the api call will result in a different key being generated). 5307 }, 5308 }, 5309 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 5310 # referential integrity such that the same identifier in two different 5311 # contexts will be given a distinct surrogate. The context is appended to 5312 # plaintext value being encrypted. On decryption the provided context is 5313 # validated against the value used during encryption. If a context was 5314 # provided during encryption, same context must be provided during decryption 5315 # as well. 5316 # 5317 # If the context is not set, plaintext would be used as is for encryption. 5318 # If the context is set but: 5319 # 5320 # 1. there is no record present when transforming a given value or 5321 # 2. the field is not present when transforming a given value, 5322 # 5323 # plaintext would be used as is for encryption. 5324 # 5325 # Note that case (1) is expected when an `InfoTypeTransformation` is 5326 # applied to both structured and non-structured `ContentItem`s. 5327 "name": "A String", # Name describing the field. 5328 }, 5329 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 5330 # This annotation will be applied to the surrogate by prefixing it with 5331 # the name of the custom info type followed by the number of 5332 # characters comprising the surrogate. The following scheme defines the 5333 # format: <info type name>(<surrogate character count>):<surrogate> 5334 # 5335 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 5336 # the surrogate is 'abc', the full replacement value 5337 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 5338 # 5339 # This annotation identifies the surrogate when inspecting content using the 5340 # custom info type 'Surrogate'. This facilitates reversal of the 5341 # surrogate when it occurs in free text. 5342 # 5343 # In order for inspection to work properly, the name of this info type must 5344 # not occur naturally anywhere in your data; otherwise, inspection may either 5345 # 5346 # - reverse a surrogate that does not correspond to an actual identifier 5347 # - be unable to parse the surrogate and result in an error 5348 # 5349 # Therefore, choose your custom info type name carefully after considering 5350 # what your data looks like. One way to select a name that has a high chance 5351 # of yielding reliable detection is to include one or more unicode characters 5352 # that are highly improbable to exist in your data. 5353 # For example, assuming your data is entered from a regular ASCII keyboard, 5354 # the symbol with the hex code point 29DD might be used like so: 5355 # ⧝MY_TOKEN_TYPE 5356 "name": "A String", # Name of the information type. Either a name of your choosing when 5357 # creating a CustomInfoType, or one of the names listed 5358 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5359 # a built-in type. InfoType names should conform to the pattern 5360 # [a-zA-Z0-9_]{1,64}. 5361 }, 5362 }, 5363 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 5364 # Bucketing transformation can provide all of this functionality, 5365 # but requires more configuration. This message is provided as a convenience to 5366 # the user for simple bucketing strategies. 5367 # 5368 # The transformed value will be a hyphenated string of 5369 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 5370 # all values that are within this bucket will be replaced with "10-20". 5371 # 5372 # This can be used on data of type: double, long. 5373 # 5374 # If the bound Value type differs from the type of data 5375 # being transformed, we will first attempt converting the type of the data to 5376 # be transformed to match the type of the bound before comparing. 5377 # 5378 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5379 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 5380 # grouped together into a single bucket; for example if `lower_bound` = 10, 5381 # then all values less than 10 are replaced with the value “-10”. [Required]. 5382 # Note that for the purposes of inspection or transformation, the number 5383 # of bytes considered to comprise a 'Value' is based on its representation 5384 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5385 # 123456789, the number of bytes would be counted as 9, even though an 5386 # int64 only holds up to 8 bytes of data. 5387 "floatValue": 3.14, 5388 "timestampValue": "A String", 5389 "dayOfWeekValue": "A String", 5390 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5391 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5392 # types are google.type.Date and `google.protobuf.Timestamp`. 5393 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5394 # to allow the value "24:00:00" for scenarios like business closing time. 5395 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5396 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5397 # allow the value 60 if it allows leap-seconds. 5398 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5399 }, 5400 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5401 # and time zone are either specified elsewhere or are not significant. The date 5402 # is relative to the Proleptic Gregorian Calendar. This can represent: 5403 # 5404 # * A full date, with non-zero year, month and day values 5405 # * A month and day value, with a zero year, e.g. an anniversary 5406 # * A year on its own, with zero month and day values 5407 # * A year and month value, with a zero day, e.g. a credit card expiration date 5408 # 5409 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5410 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5411 # a year. 5412 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5413 # if specifying a year by itself or a year and month where the day is not 5414 # significant. 5415 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5416 # month and day. 5417 }, 5418 "stringValue": "A String", 5419 "booleanValue": True or False, 5420 "integerValue": "A String", 5421 }, 5422 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 5423 # grouped together into a single bucket; for example if `upper_bound` = 89, 5424 # then all values greater than 89 are replaced with the value “89+”. 5425 # [Required]. 5426 # Note that for the purposes of inspection or transformation, the number 5427 # of bytes considered to comprise a 'Value' is based on its representation 5428 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5429 # 123456789, the number of bytes would be counted as 9, even though an 5430 # int64 only holds up to 8 bytes of data. 5431 "floatValue": 3.14, 5432 "timestampValue": "A String", 5433 "dayOfWeekValue": "A String", 5434 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5435 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5436 # types are google.type.Date and `google.protobuf.Timestamp`. 5437 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5438 # to allow the value "24:00:00" for scenarios like business closing time. 5439 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5440 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5441 # allow the value 60 if it allows leap-seconds. 5442 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5443 }, 5444 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5445 # and time zone are either specified elsewhere or are not significant. The date 5446 # is relative to the Proleptic Gregorian Calendar. This can represent: 5447 # 5448 # * A full date, with non-zero year, month and day values 5449 # * A month and day value, with a zero year, e.g. an anniversary 5450 # * A year on its own, with zero month and day values 5451 # * A year and month value, with a zero day, e.g. a credit card expiration date 5452 # 5453 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5454 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5455 # a year. 5456 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5457 # if specifying a year by itself or a year and month where the day is not 5458 # significant. 5459 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5460 # month and day. 5461 }, 5462 "stringValue": "A String", 5463 "booleanValue": True or False, 5464 "integerValue": "A String", 5465 }, 5466 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 5467 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 5468 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 5469 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 5470 }, 5471 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 5472 }, 5473 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 5474 # portion of the value. 5475 "partToExtract": "A String", 5476 }, 5477 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 5478 # Uses SHA-256. 5479 # The key size must be either 32 or 64 bytes. 5480 # Outputs a base64 encoded representation of the hashed output 5481 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 5482 # Currently, only string and integer values can be hashed. 5483 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 5484 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 5485 # a key encryption key (KEK) stored by KMS). 5486 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5487 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5488 # unwrap the data crypto key. 5489 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5490 # The wrapped key must be a 128/192/256 bit key. 5491 # Authorization requires the following IAM permissions when sending a request 5492 # to perform a crypto transformation using a kms-wrapped crypto key: 5493 # dlp.kms.encrypt 5494 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5495 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5496 }, 5497 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5498 # leaking the key. Choose another type of key if possible. 5499 "key": "A String", # A 128/192/256 bit key. [required] 5500 }, 5501 "transient": { # Use this to have a random data crypto key generated. 5502 # It will be discarded after the request finishes. 5503 "name": "A String", # Name of the key. [required] 5504 # This is an arbitrary string used to differentiate different keys. 5505 # A unique key is generated per name: two separate `TransientCryptoKey` 5506 # protos share the same generated key if their names are the same. 5507 # When the data crypto key is generated, this name is not used in any way 5508 # (repeating the api call will result in a different key being generated). 5509 }, 5510 }, 5511 }, 5512 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 5513 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 5514 # to learn more. 5515 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 5516 # results in the same shift for the same context and crypto_key. 5517 # a key encryption key (KEK) stored by KMS). 5518 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5519 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5520 # unwrap the data crypto key. 5521 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5522 # The wrapped key must be a 128/192/256 bit key. 5523 # Authorization requires the following IAM permissions when sending a request 5524 # to perform a crypto transformation using a kms-wrapped crypto key: 5525 # dlp.kms.encrypt 5526 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5527 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5528 }, 5529 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5530 # leaking the key. Choose another type of key if possible. 5531 "key": "A String", # A 128/192/256 bit key. [required] 5532 }, 5533 "transient": { # Use this to have a random data crypto key generated. 5534 # It will be discarded after the request finishes. 5535 "name": "A String", # Name of the key. [required] 5536 # This is an arbitrary string used to differentiate different keys. 5537 # A unique key is generated per name: two separate `TransientCryptoKey` 5538 # protos share the same generated key if their names are the same. 5539 # When the data crypto key is generated, this name is not used in any way 5540 # (repeating the api call will result in a different key being generated). 5541 }, 5542 }, 5543 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 5544 # [Required] 5545 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 5546 # range (inclusive ends). Negative means shift to earlier in time. Must not 5547 # be more than 365250 days (1000 years) each direction. 5548 # 5549 # For example, 3 means shift date to at most 3 days into the future. 5550 # [Required] 5551 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 5552 # If set, must also set method. If set, shift will be consistent for the 5553 # given context. 5554 "name": "A String", # Name describing the field. 5555 }, 5556 }, 5557 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 5558 # replacement values are dynamically provided by the user for custom behavior, 5559 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 5560 # This can be used on 5561 # data of type: number, long, string, timestamp. 5562 # If the bound `Value` type differs from the type of data being transformed, we 5563 # will first attempt converting the type of the data to be transformed to match 5564 # the type of the bound before comparing. 5565 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 5566 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 5567 { # Bucket is represented as a range, along with replacement values. 5568 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 5569 # Note that for the purposes of inspection or transformation, the number 5570 # of bytes considered to comprise a 'Value' is based on its representation 5571 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5572 # 123456789, the number of bytes would be counted as 9, even though an 5573 # int64 only holds up to 8 bytes of data. 5574 "floatValue": 3.14, 5575 "timestampValue": "A String", 5576 "dayOfWeekValue": "A String", 5577 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5578 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5579 # types are google.type.Date and `google.protobuf.Timestamp`. 5580 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5581 # to allow the value "24:00:00" for scenarios like business closing time. 5582 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5583 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5584 # allow the value 60 if it allows leap-seconds. 5585 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5586 }, 5587 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5588 # and time zone are either specified elsewhere or are not significant. The date 5589 # is relative to the Proleptic Gregorian Calendar. This can represent: 5590 # 5591 # * A full date, with non-zero year, month and day values 5592 # * A month and day value, with a zero year, e.g. an anniversary 5593 # * A year on its own, with zero month and day values 5594 # * A year and month value, with a zero day, e.g. a credit card expiration date 5595 # 5596 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5597 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5598 # a year. 5599 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5600 # if specifying a year by itself or a year and month where the day is not 5601 # significant. 5602 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5603 # month and day. 5604 }, 5605 "stringValue": "A String", 5606 "booleanValue": True or False, 5607 "integerValue": "A String", 5608 }, 5609 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 5610 # the default behavior will be to hyphenate the min-max range. 5611 # Note that for the purposes of inspection or transformation, the number 5612 # of bytes considered to comprise a 'Value' is based on its representation 5613 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5614 # 123456789, the number of bytes would be counted as 9, even though an 5615 # int64 only holds up to 8 bytes of data. 5616 "floatValue": 3.14, 5617 "timestampValue": "A String", 5618 "dayOfWeekValue": "A String", 5619 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5620 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5621 # types are google.type.Date and `google.protobuf.Timestamp`. 5622 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5623 # to allow the value "24:00:00" for scenarios like business closing time. 5624 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5625 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5626 # allow the value 60 if it allows leap-seconds. 5627 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5628 }, 5629 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5630 # and time zone are either specified elsewhere or are not significant. The date 5631 # is relative to the Proleptic Gregorian Calendar. This can represent: 5632 # 5633 # * A full date, with non-zero year, month and day values 5634 # * A month and day value, with a zero year, e.g. an anniversary 5635 # * A year on its own, with zero month and day values 5636 # * A year and month value, with a zero day, e.g. a credit card expiration date 5637 # 5638 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5639 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5640 # a year. 5641 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5642 # if specifying a year by itself or a year and month where the day is not 5643 # significant. 5644 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5645 # month and day. 5646 }, 5647 "stringValue": "A String", 5648 "booleanValue": True or False, 5649 "integerValue": "A String", 5650 }, 5651 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 5652 # used. 5653 # Note that for the purposes of inspection or transformation, the number 5654 # of bytes considered to comprise a 'Value' is based on its representation 5655 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5656 # 123456789, the number of bytes would be counted as 9, even though an 5657 # int64 only holds up to 8 bytes of data. 5658 "floatValue": 3.14, 5659 "timestampValue": "A String", 5660 "dayOfWeekValue": "A String", 5661 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5662 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5663 # types are google.type.Date and `google.protobuf.Timestamp`. 5664 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5665 # to allow the value "24:00:00" for scenarios like business closing time. 5666 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5667 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5668 # allow the value 60 if it allows leap-seconds. 5669 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5670 }, 5671 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5672 # and time zone are either specified elsewhere or are not significant. The date 5673 # is relative to the Proleptic Gregorian Calendar. This can represent: 5674 # 5675 # * A full date, with non-zero year, month and day values 5676 # * A month and day value, with a zero year, e.g. an anniversary 5677 # * A year on its own, with zero month and day values 5678 # * A year and month value, with a zero day, e.g. a credit card expiration date 5679 # 5680 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5681 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5682 # a year. 5683 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5684 # if specifying a year by itself or a year and month where the day is not 5685 # significant. 5686 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5687 # month and day. 5688 }, 5689 "stringValue": "A String", 5690 "booleanValue": True or False, 5691 "integerValue": "A String", 5692 }, 5693 }, 5694 ], 5695 }, 5696 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 5697 # (FPE) with the FFX mode of operation; however when used in the 5698 # `ReidentifyContent` API method, it serves the opposite function by reversing 5699 # the surrogate back into the original identifier. The identifier must be 5700 # encoded as ASCII. For a given crypto key and context, the same identifier 5701 # will be replaced with the same surrogate. Identifiers must be at least two 5702 # characters long. In the case that the identifier is the empty string, it will 5703 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 5704 # more. 5705 # 5706 # Note: We recommend using CryptoDeterministicConfig for all use cases which 5707 # do not require preserving the input alphabet space and size, plus warrant 5708 # referential integrity. 5709 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 5710 # a key encryption key (KEK) stored by KMS). 5711 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5712 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5713 # unwrap the data crypto key. 5714 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5715 # The wrapped key must be a 128/192/256 bit key. 5716 # Authorization requires the following IAM permissions when sending a request 5717 # to perform a crypto transformation using a kms-wrapped crypto key: 5718 # dlp.kms.encrypt 5719 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 5720 "wrappedKey": "A String", # The wrapped data crypto key. [required] 5721 }, 5722 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 5723 # leaking the key. Choose another type of key if possible. 5724 "key": "A String", # A 128/192/256 bit key. [required] 5725 }, 5726 "transient": { # Use this to have a random data crypto key generated. 5727 # It will be discarded after the request finishes. 5728 "name": "A String", # Name of the key. [required] 5729 # This is an arbitrary string used to differentiate different keys. 5730 # A unique key is generated per name: two separate `TransientCryptoKey` 5731 # protos share the same generated key if their names are the same. 5732 # When the data crypto key is generated, this name is not used in any way 5733 # (repeating the api call will result in a different key being generated). 5734 }, 5735 }, 5736 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 5737 "commonAlphabet": "A String", 5738 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 5739 # that the FFX mode natively supports. This happens before/after 5740 # encryption/decryption. 5741 # Each character listed must appear only once. 5742 # Number of characters must be in the range [2, 62]. 5743 # This must be encoded as ASCII. 5744 # The order of characters does not matter. 5745 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 5746 # identifier in two different contexts won't be given the same surrogate. If 5747 # the context is not set, a default tweak will be used. 5748 # 5749 # If the context is set but: 5750 # 5751 # 1. there is no record present when transforming a given value or 5752 # 1. the field is not present when transforming a given value, 5753 # 5754 # a default tweak will be used. 5755 # 5756 # Note that case (1) is expected when an `InfoTypeTransformation` is 5757 # applied to both structured and non-structured `ContentItem`s. 5758 # Currently, the referenced field may be of value type integer or string. 5759 # 5760 # The tweak is constructed as a sequence of bytes in big endian byte order 5761 # such that: 5762 # 5763 # - a 64 bit integer is encoded followed by a single byte of value 1 5764 # - a string is encoded in UTF-8 format followed by a single byte of value 2 5765 "name": "A String", # Name describing the field. 5766 }, 5767 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 5768 # This annotation will be applied to the surrogate by prefixing it with 5769 # the name of the custom infoType followed by the number of 5770 # characters comprising the surrogate. The following scheme defines the 5771 # format: info_type_name(surrogate_character_count):surrogate 5772 # 5773 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 5774 # the surrogate is 'abc', the full replacement value 5775 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 5776 # 5777 # This annotation identifies the surrogate when inspecting content using the 5778 # custom infoType 5779 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 5780 # This facilitates reversal of the surrogate when it occurs in free text. 5781 # 5782 # In order for inspection to work properly, the name of this infoType must 5783 # not occur naturally anywhere in your data; otherwise, inspection may 5784 # find a surrogate that does not correspond to an actual identifier. 5785 # Therefore, choose your custom infoType name carefully after considering 5786 # what your data looks like. One way to select a name that has a high chance 5787 # of yielding reliable detection is to include one or more unicode characters 5788 # that are highly improbable to exist in your data. 5789 # For example, assuming your data is entered from a regular ASCII keyboard, 5790 # the symbol with the hex code point 29DD might be used like so: 5791 # ⧝MY_TOKEN_TYPE 5792 "name": "A String", # Name of the information type. Either a name of your choosing when 5793 # creating a CustomInfoType, or one of the names listed 5794 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5795 # a built-in type. InfoType names should conform to the pattern 5796 # [a-zA-Z0-9_]{1,64}. 5797 }, 5798 }, 5799 "replaceConfig": { # Replace each input value with a given `Value`. 5800 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 5801 # Note that for the purposes of inspection or transformation, the number 5802 # of bytes considered to comprise a 'Value' is based on its representation 5803 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5804 # 123456789, the number of bytes would be counted as 9, even though an 5805 # int64 only holds up to 8 bytes of data. 5806 "floatValue": 3.14, 5807 "timestampValue": "A String", 5808 "dayOfWeekValue": "A String", 5809 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5810 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5811 # types are google.type.Date and `google.protobuf.Timestamp`. 5812 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5813 # to allow the value "24:00:00" for scenarios like business closing time. 5814 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5815 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5816 # allow the value 60 if it allows leap-seconds. 5817 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5818 }, 5819 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5820 # and time zone are either specified elsewhere or are not significant. The date 5821 # is relative to the Proleptic Gregorian Calendar. This can represent: 5822 # 5823 # * A full date, with non-zero year, month and day values 5824 # * A month and day value, with a zero year, e.g. an anniversary 5825 # * A year on its own, with zero month and day values 5826 # * A year and month value, with a zero day, e.g. a credit card expiration date 5827 # 5828 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5829 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5830 # a year. 5831 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5832 # if specifying a year by itself or a year and month where the day is not 5833 # significant. 5834 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5835 # month and day. 5836 }, 5837 "stringValue": "A String", 5838 "booleanValue": True or False, 5839 "integerValue": "A String", 5840 }, 5841 }, 5842 }, 5843 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 5844 # this transformation to apply to all findings that correspond to 5845 # infoTypes that were requested in `InspectConfig`. 5846 { # Type of information detected by the API. 5847 "name": "A String", # Name of the information type. Either a name of your choosing when 5848 # creating a CustomInfoType, or one of the names listed 5849 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 5850 # a built-in type. InfoType names should conform to the pattern 5851 # [a-zA-Z0-9_]{1,64}. 5852 }, 5853 ], 5854 }, 5855 ], 5856 }, 5857 "recordTransformations": { # A type of transformation that is applied over structured data such as a # Treat the dataset as structured. Transformations can be applied to 5858 # specific locations within structured datasets, such as transforming 5859 # a column within a table. 5860 # table. 5861 "recordSuppressions": [ # Configuration defining which records get suppressed entirely. Records that 5862 # match any suppression rule are omitted from the output [optional]. 5863 { # Configuration to suppress records whose suppression conditions evaluate to 5864 # true. 5865 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 5866 # evaluated to be suppressed from the transformed content. 5867 # a field. 5868 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 5869 "conditions": { # A collection of conditions. 5870 "conditions": [ 5871 { # The field type of `value` and `field` do not need to match to be 5872 # considered equal, but not all comparisons are possible. 5873 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 5874 # but all other comparisons are invalid with incompatible types. 5875 # A `value` of type: 5876 # 5877 # - `string` can be compared against all other types 5878 # - `boolean` can only be compared against other booleans 5879 # - `integer` can be compared against doubles or a string if the string value 5880 # can be parsed as an integer. 5881 # - `double` can be compared against integers or a string if the string can 5882 # be parsed as a double. 5883 # - `Timestamp` can be compared against strings in RFC 3339 date string 5884 # format. 5885 # - `TimeOfDay` can be compared against timestamps and strings in the format 5886 # of 'HH:mm:ss'. 5887 # 5888 # If we fail to compare do to type mismatch, a warning will be given and 5889 # the condition will evaluate to false. 5890 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 5891 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 5892 "name": "A String", # Name describing the field. 5893 }, 5894 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 5895 # Note that for the purposes of inspection or transformation, the number 5896 # of bytes considered to comprise a 'Value' is based on its representation 5897 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 5898 # 123456789, the number of bytes would be counted as 9, even though an 5899 # int64 only holds up to 8 bytes of data. 5900 "floatValue": 3.14, 5901 "timestampValue": "A String", 5902 "dayOfWeekValue": "A String", 5903 "timeValue": { # Represents a time of day. The date and time zone are either not significant 5904 # or are specified elsewhere. An API may choose to allow leap seconds. Related 5905 # types are google.type.Date and `google.protobuf.Timestamp`. 5906 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 5907 # to allow the value "24:00:00" for scenarios like business closing time. 5908 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 5909 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 5910 # allow the value 60 if it allows leap-seconds. 5911 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 5912 }, 5913 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 5914 # and time zone are either specified elsewhere or are not significant. The date 5915 # is relative to the Proleptic Gregorian Calendar. This can represent: 5916 # 5917 # * A full date, with non-zero year, month and day values 5918 # * A month and day value, with a zero year, e.g. an anniversary 5919 # * A year on its own, with zero month and day values 5920 # * A year and month value, with a zero day, e.g. a credit card expiration date 5921 # 5922 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 5923 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 5924 # a year. 5925 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 5926 # if specifying a year by itself or a year and month where the day is not 5927 # significant. 5928 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 5929 # month and day. 5930 }, 5931 "stringValue": "A String", 5932 "booleanValue": True or False, 5933 "integerValue": "A String", 5934 }, 5935 }, 5936 ], 5937 }, 5938 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 5939 # only supported value is `AND`. 5940 }, 5941 }, 5942 }, 5943 ], 5944 "fieldTransformations": [ # Transform the record by applying various field transformations. 5945 { # The transformation to apply to the field. 5946 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 5947 # transform content that matches an `InfoType`. 5948 # apply various `PrimitiveTransformation`s to each finding, where the 5949 # transformation is applied to only values that were identified as a specific 5950 # info_type. 5951 "transformations": [ # Transformation for each infoType. Cannot specify more than one 5952 # for a given infoType. [required] 5953 { # A transformation to apply to text that is identified as a specific 5954 # info_type. 5955 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 5956 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 5957 # fixed character. Masking can start from the beginning or end of the string. 5958 # This can be used on data of any type (numbers, longs, and so on) and when 5959 # de-identifying structured data we'll attempt to preserve the original data's 5960 # type. (This allows you to take a long like 123 and modify it to a string like 5961 # **3. 5962 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 5963 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 5964 # mask 5 chars with * we would produce ***-*55-5555. 5965 { # Characters to skip when doing deidentification of a value. These will be left 5966 # alone and skipped. 5967 "commonCharactersToIgnore": "A String", 5968 "charactersToSkip": "A String", 5969 }, 5970 ], 5971 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 5972 # masked. Skipped characters do not count towards this tally. 5973 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 5974 # alphabetic string such as name, or "0" for a numeric string such as ZIP 5975 # code or credit card number. String must have length 1. If not supplied, we 5976 # will default to "*" for strings, 0 for digits. 5977 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 5978 # '0', number_to_mask is 14, and `reverse_order` is false, then 5979 # 1234-5678-9012-3456 -> 00000000000000-3456 5980 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 5981 # is true, then 12345 -> 12*** 5982 }, 5983 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 5984 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 5985 # output would be 'My phone number is '. 5986 }, 5987 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 5988 # input. Outputs a base64 encoded representation of the encrypted output. 5989 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 5990 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 5991 # a key encryption key (KEK) stored by KMS). 5992 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 5993 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 5994 # unwrap the data crypto key. 5995 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 5996 # The wrapped key must be a 128/192/256 bit key. 5997 # Authorization requires the following IAM permissions when sending a request 5998 # to perform a crypto transformation using a kms-wrapped crypto key: 5999 # dlp.kms.encrypt 6000 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6001 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6002 }, 6003 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6004 # leaking the key. Choose another type of key if possible. 6005 "key": "A String", # A 128/192/256 bit key. [required] 6006 }, 6007 "transient": { # Use this to have a random data crypto key generated. 6008 # It will be discarded after the request finishes. 6009 "name": "A String", # Name of the key. [required] 6010 # This is an arbitrary string used to differentiate different keys. 6011 # A unique key is generated per name: two separate `TransientCryptoKey` 6012 # protos share the same generated key if their names are the same. 6013 # When the data crypto key is generated, this name is not used in any way 6014 # (repeating the api call will result in a different key being generated). 6015 }, 6016 }, 6017 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 6018 # referential integrity such that the same identifier in two different 6019 # contexts will be given a distinct surrogate. The context is appended to 6020 # plaintext value being encrypted. On decryption the provided context is 6021 # validated against the value used during encryption. If a context was 6022 # provided during encryption, same context must be provided during decryption 6023 # as well. 6024 # 6025 # If the context is not set, plaintext would be used as is for encryption. 6026 # If the context is set but: 6027 # 6028 # 1. there is no record present when transforming a given value or 6029 # 2. the field is not present when transforming a given value, 6030 # 6031 # plaintext would be used as is for encryption. 6032 # 6033 # Note that case (1) is expected when an `InfoTypeTransformation` is 6034 # applied to both structured and non-structured `ContentItem`s. 6035 "name": "A String", # Name describing the field. 6036 }, 6037 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 6038 # This annotation will be applied to the surrogate by prefixing it with 6039 # the name of the custom info type followed by the number of 6040 # characters comprising the surrogate. The following scheme defines the 6041 # format: <info type name>(<surrogate character count>):<surrogate> 6042 # 6043 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 6044 # the surrogate is 'abc', the full replacement value 6045 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6046 # 6047 # This annotation identifies the surrogate when inspecting content using the 6048 # custom info type 'Surrogate'. This facilitates reversal of the 6049 # surrogate when it occurs in free text. 6050 # 6051 # In order for inspection to work properly, the name of this info type must 6052 # not occur naturally anywhere in your data; otherwise, inspection may either 6053 # 6054 # - reverse a surrogate that does not correspond to an actual identifier 6055 # - be unable to parse the surrogate and result in an error 6056 # 6057 # Therefore, choose your custom info type name carefully after considering 6058 # what your data looks like. One way to select a name that has a high chance 6059 # of yielding reliable detection is to include one or more unicode characters 6060 # that are highly improbable to exist in your data. 6061 # For example, assuming your data is entered from a regular ASCII keyboard, 6062 # the symbol with the hex code point 29DD might be used like so: 6063 # ⧝MY_TOKEN_TYPE 6064 "name": "A String", # Name of the information type. Either a name of your choosing when 6065 # creating a CustomInfoType, or one of the names listed 6066 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6067 # a built-in type. InfoType names should conform to the pattern 6068 # [a-zA-Z0-9_]{1,64}. 6069 }, 6070 }, 6071 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 6072 # Bucketing transformation can provide all of this functionality, 6073 # but requires more configuration. This message is provided as a convenience to 6074 # the user for simple bucketing strategies. 6075 # 6076 # The transformed value will be a hyphenated string of 6077 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 6078 # all values that are within this bucket will be replaced with "10-20". 6079 # 6080 # This can be used on data of type: double, long. 6081 # 6082 # If the bound Value type differs from the type of data 6083 # being transformed, we will first attempt converting the type of the data to 6084 # be transformed to match the type of the bound before comparing. 6085 # 6086 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6087 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 6088 # grouped together into a single bucket; for example if `lower_bound` = 10, 6089 # then all values less than 10 are replaced with the value “-10”. [Required]. 6090 # Note that for the purposes of inspection or transformation, the number 6091 # of bytes considered to comprise a 'Value' is based on its representation 6092 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6093 # 123456789, the number of bytes would be counted as 9, even though an 6094 # int64 only holds up to 8 bytes of data. 6095 "floatValue": 3.14, 6096 "timestampValue": "A String", 6097 "dayOfWeekValue": "A String", 6098 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6099 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6100 # types are google.type.Date and `google.protobuf.Timestamp`. 6101 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6102 # to allow the value "24:00:00" for scenarios like business closing time. 6103 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6104 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6105 # allow the value 60 if it allows leap-seconds. 6106 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6107 }, 6108 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6109 # and time zone are either specified elsewhere or are not significant. The date 6110 # is relative to the Proleptic Gregorian Calendar. This can represent: 6111 # 6112 # * A full date, with non-zero year, month and day values 6113 # * A month and day value, with a zero year, e.g. an anniversary 6114 # * A year on its own, with zero month and day values 6115 # * A year and month value, with a zero day, e.g. a credit card expiration date 6116 # 6117 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6118 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6119 # a year. 6120 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6121 # if specifying a year by itself or a year and month where the day is not 6122 # significant. 6123 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6124 # month and day. 6125 }, 6126 "stringValue": "A String", 6127 "booleanValue": True or False, 6128 "integerValue": "A String", 6129 }, 6130 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 6131 # grouped together into a single bucket; for example if `upper_bound` = 89, 6132 # then all values greater than 89 are replaced with the value “89+”. 6133 # [Required]. 6134 # Note that for the purposes of inspection or transformation, the number 6135 # of bytes considered to comprise a 'Value' is based on its representation 6136 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6137 # 123456789, the number of bytes would be counted as 9, even though an 6138 # int64 only holds up to 8 bytes of data. 6139 "floatValue": 3.14, 6140 "timestampValue": "A String", 6141 "dayOfWeekValue": "A String", 6142 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6143 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6144 # types are google.type.Date and `google.protobuf.Timestamp`. 6145 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6146 # to allow the value "24:00:00" for scenarios like business closing time. 6147 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6148 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6149 # allow the value 60 if it allows leap-seconds. 6150 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6151 }, 6152 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6153 # and time zone are either specified elsewhere or are not significant. The date 6154 # is relative to the Proleptic Gregorian Calendar. This can represent: 6155 # 6156 # * A full date, with non-zero year, month and day values 6157 # * A month and day value, with a zero year, e.g. an anniversary 6158 # * A year on its own, with zero month and day values 6159 # * A year and month value, with a zero day, e.g. a credit card expiration date 6160 # 6161 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6162 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6163 # a year. 6164 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6165 # if specifying a year by itself or a year and month where the day is not 6166 # significant. 6167 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6168 # month and day. 6169 }, 6170 "stringValue": "A String", 6171 "booleanValue": True or False, 6172 "integerValue": "A String", 6173 }, 6174 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 6175 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 6176 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 6177 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 6178 }, 6179 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 6180 }, 6181 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 6182 # portion of the value. 6183 "partToExtract": "A String", 6184 }, 6185 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 6186 # Uses SHA-256. 6187 # The key size must be either 32 or 64 bytes. 6188 # Outputs a base64 encoded representation of the hashed output 6189 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 6190 # Currently, only string and integer values can be hashed. 6191 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 6192 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 6193 # a key encryption key (KEK) stored by KMS). 6194 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6195 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6196 # unwrap the data crypto key. 6197 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6198 # The wrapped key must be a 128/192/256 bit key. 6199 # Authorization requires the following IAM permissions when sending a request 6200 # to perform a crypto transformation using a kms-wrapped crypto key: 6201 # dlp.kms.encrypt 6202 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6203 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6204 }, 6205 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6206 # leaking the key. Choose another type of key if possible. 6207 "key": "A String", # A 128/192/256 bit key. [required] 6208 }, 6209 "transient": { # Use this to have a random data crypto key generated. 6210 # It will be discarded after the request finishes. 6211 "name": "A String", # Name of the key. [required] 6212 # This is an arbitrary string used to differentiate different keys. 6213 # A unique key is generated per name: two separate `TransientCryptoKey` 6214 # protos share the same generated key if their names are the same. 6215 # When the data crypto key is generated, this name is not used in any way 6216 # (repeating the api call will result in a different key being generated). 6217 }, 6218 }, 6219 }, 6220 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 6221 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 6222 # to learn more. 6223 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 6224 # results in the same shift for the same context and crypto_key. 6225 # a key encryption key (KEK) stored by KMS). 6226 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6227 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6228 # unwrap the data crypto key. 6229 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6230 # The wrapped key must be a 128/192/256 bit key. 6231 # Authorization requires the following IAM permissions when sending a request 6232 # to perform a crypto transformation using a kms-wrapped crypto key: 6233 # dlp.kms.encrypt 6234 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6235 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6236 }, 6237 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6238 # leaking the key. Choose another type of key if possible. 6239 "key": "A String", # A 128/192/256 bit key. [required] 6240 }, 6241 "transient": { # Use this to have a random data crypto key generated. 6242 # It will be discarded after the request finishes. 6243 "name": "A String", # Name of the key. [required] 6244 # This is an arbitrary string used to differentiate different keys. 6245 # A unique key is generated per name: two separate `TransientCryptoKey` 6246 # protos share the same generated key if their names are the same. 6247 # When the data crypto key is generated, this name is not used in any way 6248 # (repeating the api call will result in a different key being generated). 6249 }, 6250 }, 6251 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 6252 # [Required] 6253 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 6254 # range (inclusive ends). Negative means shift to earlier in time. Must not 6255 # be more than 365250 days (1000 years) each direction. 6256 # 6257 # For example, 3 means shift date to at most 3 days into the future. 6258 # [Required] 6259 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 6260 # If set, must also set method. If set, shift will be consistent for the 6261 # given context. 6262 "name": "A String", # Name describing the field. 6263 }, 6264 }, 6265 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 6266 # replacement values are dynamically provided by the user for custom behavior, 6267 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 6268 # This can be used on 6269 # data of type: number, long, string, timestamp. 6270 # If the bound `Value` type differs from the type of data being transformed, we 6271 # will first attempt converting the type of the data to be transformed to match 6272 # the type of the bound before comparing. 6273 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6274 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 6275 { # Bucket is represented as a range, along with replacement values. 6276 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 6277 # Note that for the purposes of inspection or transformation, the number 6278 # of bytes considered to comprise a 'Value' is based on its representation 6279 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6280 # 123456789, the number of bytes would be counted as 9, even though an 6281 # int64 only holds up to 8 bytes of data. 6282 "floatValue": 3.14, 6283 "timestampValue": "A String", 6284 "dayOfWeekValue": "A String", 6285 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6286 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6287 # types are google.type.Date and `google.protobuf.Timestamp`. 6288 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6289 # to allow the value "24:00:00" for scenarios like business closing time. 6290 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6291 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6292 # allow the value 60 if it allows leap-seconds. 6293 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6294 }, 6295 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6296 # and time zone are either specified elsewhere or are not significant. The date 6297 # is relative to the Proleptic Gregorian Calendar. This can represent: 6298 # 6299 # * A full date, with non-zero year, month and day values 6300 # * A month and day value, with a zero year, e.g. an anniversary 6301 # * A year on its own, with zero month and day values 6302 # * A year and month value, with a zero day, e.g. a credit card expiration date 6303 # 6304 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6305 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6306 # a year. 6307 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6308 # if specifying a year by itself or a year and month where the day is not 6309 # significant. 6310 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6311 # month and day. 6312 }, 6313 "stringValue": "A String", 6314 "booleanValue": True or False, 6315 "integerValue": "A String", 6316 }, 6317 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 6318 # the default behavior will be to hyphenate the min-max range. 6319 # Note that for the purposes of inspection or transformation, the number 6320 # of bytes considered to comprise a 'Value' is based on its representation 6321 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6322 # 123456789, the number of bytes would be counted as 9, even though an 6323 # int64 only holds up to 8 bytes of data. 6324 "floatValue": 3.14, 6325 "timestampValue": "A String", 6326 "dayOfWeekValue": "A String", 6327 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6328 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6329 # types are google.type.Date and `google.protobuf.Timestamp`. 6330 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6331 # to allow the value "24:00:00" for scenarios like business closing time. 6332 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6333 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6334 # allow the value 60 if it allows leap-seconds. 6335 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6336 }, 6337 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6338 # and time zone are either specified elsewhere or are not significant. The date 6339 # is relative to the Proleptic Gregorian Calendar. This can represent: 6340 # 6341 # * A full date, with non-zero year, month and day values 6342 # * A month and day value, with a zero year, e.g. an anniversary 6343 # * A year on its own, with zero month and day values 6344 # * A year and month value, with a zero day, e.g. a credit card expiration date 6345 # 6346 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6347 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6348 # a year. 6349 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6350 # if specifying a year by itself or a year and month where the day is not 6351 # significant. 6352 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6353 # month and day. 6354 }, 6355 "stringValue": "A String", 6356 "booleanValue": True or False, 6357 "integerValue": "A String", 6358 }, 6359 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 6360 # used. 6361 # Note that for the purposes of inspection or transformation, the number 6362 # of bytes considered to comprise a 'Value' is based on its representation 6363 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6364 # 123456789, the number of bytes would be counted as 9, even though an 6365 # int64 only holds up to 8 bytes of data. 6366 "floatValue": 3.14, 6367 "timestampValue": "A String", 6368 "dayOfWeekValue": "A String", 6369 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6370 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6371 # types are google.type.Date and `google.protobuf.Timestamp`. 6372 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6373 # to allow the value "24:00:00" for scenarios like business closing time. 6374 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6375 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6376 # allow the value 60 if it allows leap-seconds. 6377 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6378 }, 6379 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6380 # and time zone are either specified elsewhere or are not significant. The date 6381 # is relative to the Proleptic Gregorian Calendar. This can represent: 6382 # 6383 # * A full date, with non-zero year, month and day values 6384 # * A month and day value, with a zero year, e.g. an anniversary 6385 # * A year on its own, with zero month and day values 6386 # * A year and month value, with a zero day, e.g. a credit card expiration date 6387 # 6388 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6389 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6390 # a year. 6391 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6392 # if specifying a year by itself or a year and month where the day is not 6393 # significant. 6394 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6395 # month and day. 6396 }, 6397 "stringValue": "A String", 6398 "booleanValue": True or False, 6399 "integerValue": "A String", 6400 }, 6401 }, 6402 ], 6403 }, 6404 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 6405 # (FPE) with the FFX mode of operation; however when used in the 6406 # `ReidentifyContent` API method, it serves the opposite function by reversing 6407 # the surrogate back into the original identifier. The identifier must be 6408 # encoded as ASCII. For a given crypto key and context, the same identifier 6409 # will be replaced with the same surrogate. Identifiers must be at least two 6410 # characters long. In the case that the identifier is the empty string, it will 6411 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 6412 # more. 6413 # 6414 # Note: We recommend using CryptoDeterministicConfig for all use cases which 6415 # do not require preserving the input alphabet space and size, plus warrant 6416 # referential integrity. 6417 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 6418 # a key encryption key (KEK) stored by KMS). 6419 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6420 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6421 # unwrap the data crypto key. 6422 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6423 # The wrapped key must be a 128/192/256 bit key. 6424 # Authorization requires the following IAM permissions when sending a request 6425 # to perform a crypto transformation using a kms-wrapped crypto key: 6426 # dlp.kms.encrypt 6427 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6428 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6429 }, 6430 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6431 # leaking the key. Choose another type of key if possible. 6432 "key": "A String", # A 128/192/256 bit key. [required] 6433 }, 6434 "transient": { # Use this to have a random data crypto key generated. 6435 # It will be discarded after the request finishes. 6436 "name": "A String", # Name of the key. [required] 6437 # This is an arbitrary string used to differentiate different keys. 6438 # A unique key is generated per name: two separate `TransientCryptoKey` 6439 # protos share the same generated key if their names are the same. 6440 # When the data crypto key is generated, this name is not used in any way 6441 # (repeating the api call will result in a different key being generated). 6442 }, 6443 }, 6444 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 6445 "commonAlphabet": "A String", 6446 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 6447 # that the FFX mode natively supports. This happens before/after 6448 # encryption/decryption. 6449 # Each character listed must appear only once. 6450 # Number of characters must be in the range [2, 62]. 6451 # This must be encoded as ASCII. 6452 # The order of characters does not matter. 6453 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 6454 # identifier in two different contexts won't be given the same surrogate. If 6455 # the context is not set, a default tweak will be used. 6456 # 6457 # If the context is set but: 6458 # 6459 # 1. there is no record present when transforming a given value or 6460 # 1. the field is not present when transforming a given value, 6461 # 6462 # a default tweak will be used. 6463 # 6464 # Note that case (1) is expected when an `InfoTypeTransformation` is 6465 # applied to both structured and non-structured `ContentItem`s. 6466 # Currently, the referenced field may be of value type integer or string. 6467 # 6468 # The tweak is constructed as a sequence of bytes in big endian byte order 6469 # such that: 6470 # 6471 # - a 64 bit integer is encoded followed by a single byte of value 1 6472 # - a string is encoded in UTF-8 format followed by a single byte of value 2 6473 "name": "A String", # Name describing the field. 6474 }, 6475 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 6476 # This annotation will be applied to the surrogate by prefixing it with 6477 # the name of the custom infoType followed by the number of 6478 # characters comprising the surrogate. The following scheme defines the 6479 # format: info_type_name(surrogate_character_count):surrogate 6480 # 6481 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 6482 # the surrogate is 'abc', the full replacement value 6483 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6484 # 6485 # This annotation identifies the surrogate when inspecting content using the 6486 # custom infoType 6487 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 6488 # This facilitates reversal of the surrogate when it occurs in free text. 6489 # 6490 # In order for inspection to work properly, the name of this infoType must 6491 # not occur naturally anywhere in your data; otherwise, inspection may 6492 # find a surrogate that does not correspond to an actual identifier. 6493 # Therefore, choose your custom infoType name carefully after considering 6494 # what your data looks like. One way to select a name that has a high chance 6495 # of yielding reliable detection is to include one or more unicode characters 6496 # that are highly improbable to exist in your data. 6497 # For example, assuming your data is entered from a regular ASCII keyboard, 6498 # the symbol with the hex code point 29DD might be used like so: 6499 # ⧝MY_TOKEN_TYPE 6500 "name": "A String", # Name of the information type. Either a name of your choosing when 6501 # creating a CustomInfoType, or one of the names listed 6502 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6503 # a built-in type. InfoType names should conform to the pattern 6504 # [a-zA-Z0-9_]{1,64}. 6505 }, 6506 }, 6507 "replaceConfig": { # Replace each input value with a given `Value`. 6508 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 6509 # Note that for the purposes of inspection or transformation, the number 6510 # of bytes considered to comprise a 'Value' is based on its representation 6511 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6512 # 123456789, the number of bytes would be counted as 9, even though an 6513 # int64 only holds up to 8 bytes of data. 6514 "floatValue": 3.14, 6515 "timestampValue": "A String", 6516 "dayOfWeekValue": "A String", 6517 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6518 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6519 # types are google.type.Date and `google.protobuf.Timestamp`. 6520 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6521 # to allow the value "24:00:00" for scenarios like business closing time. 6522 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6523 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6524 # allow the value 60 if it allows leap-seconds. 6525 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6526 }, 6527 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6528 # and time zone are either specified elsewhere or are not significant. The date 6529 # is relative to the Proleptic Gregorian Calendar. This can represent: 6530 # 6531 # * A full date, with non-zero year, month and day values 6532 # * A month and day value, with a zero year, e.g. an anniversary 6533 # * A year on its own, with zero month and day values 6534 # * A year and month value, with a zero day, e.g. a credit card expiration date 6535 # 6536 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6537 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6538 # a year. 6539 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6540 # if specifying a year by itself or a year and month where the day is not 6541 # significant. 6542 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6543 # month and day. 6544 }, 6545 "stringValue": "A String", 6546 "booleanValue": True or False, 6547 "integerValue": "A String", 6548 }, 6549 }, 6550 }, 6551 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 6552 # this transformation to apply to all findings that correspond to 6553 # infoTypes that were requested in `InspectConfig`. 6554 { # Type of information detected by the API. 6555 "name": "A String", # Name of the information type. Either a name of your choosing when 6556 # creating a CustomInfoType, or one of the names listed 6557 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6558 # a built-in type. InfoType names should conform to the pattern 6559 # [a-zA-Z0-9_]{1,64}. 6560 }, 6561 ], 6562 }, 6563 ], 6564 }, 6565 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 6566 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 6567 # fixed character. Masking can start from the beginning or end of the string. 6568 # This can be used on data of any type (numbers, longs, and so on) and when 6569 # de-identifying structured data we'll attempt to preserve the original data's 6570 # type. (This allows you to take a long like 123 and modify it to a string like 6571 # **3. 6572 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 6573 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 6574 # mask 5 chars with * we would produce ***-*55-5555. 6575 { # Characters to skip when doing deidentification of a value. These will be left 6576 # alone and skipped. 6577 "commonCharactersToIgnore": "A String", 6578 "charactersToSkip": "A String", 6579 }, 6580 ], 6581 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 6582 # masked. Skipped characters do not count towards this tally. 6583 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 6584 # alphabetic string such as name, or "0" for a numeric string such as ZIP 6585 # code or credit card number. String must have length 1. If not supplied, we 6586 # will default to "*" for strings, 0 for digits. 6587 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 6588 # '0', number_to_mask is 14, and `reverse_order` is false, then 6589 # 1234-5678-9012-3456 -> 00000000000000-3456 6590 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 6591 # is true, then 12345 -> 12*** 6592 }, 6593 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 6594 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 6595 # output would be 'My phone number is '. 6596 }, 6597 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 6598 # input. Outputs a base64 encoded representation of the encrypted output. 6599 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 6600 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 6601 # a key encryption key (KEK) stored by KMS). 6602 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6603 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6604 # unwrap the data crypto key. 6605 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6606 # The wrapped key must be a 128/192/256 bit key. 6607 # Authorization requires the following IAM permissions when sending a request 6608 # to perform a crypto transformation using a kms-wrapped crypto key: 6609 # dlp.kms.encrypt 6610 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6611 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6612 }, 6613 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6614 # leaking the key. Choose another type of key if possible. 6615 "key": "A String", # A 128/192/256 bit key. [required] 6616 }, 6617 "transient": { # Use this to have a random data crypto key generated. 6618 # It will be discarded after the request finishes. 6619 "name": "A String", # Name of the key. [required] 6620 # This is an arbitrary string used to differentiate different keys. 6621 # A unique key is generated per name: two separate `TransientCryptoKey` 6622 # protos share the same generated key if their names are the same. 6623 # When the data crypto key is generated, this name is not used in any way 6624 # (repeating the api call will result in a different key being generated). 6625 }, 6626 }, 6627 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 6628 # referential integrity such that the same identifier in two different 6629 # contexts will be given a distinct surrogate. The context is appended to 6630 # plaintext value being encrypted. On decryption the provided context is 6631 # validated against the value used during encryption. If a context was 6632 # provided during encryption, same context must be provided during decryption 6633 # as well. 6634 # 6635 # If the context is not set, plaintext would be used as is for encryption. 6636 # If the context is set but: 6637 # 6638 # 1. there is no record present when transforming a given value or 6639 # 2. the field is not present when transforming a given value, 6640 # 6641 # plaintext would be used as is for encryption. 6642 # 6643 # Note that case (1) is expected when an `InfoTypeTransformation` is 6644 # applied to both structured and non-structured `ContentItem`s. 6645 "name": "A String", # Name describing the field. 6646 }, 6647 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 6648 # This annotation will be applied to the surrogate by prefixing it with 6649 # the name of the custom info type followed by the number of 6650 # characters comprising the surrogate. The following scheme defines the 6651 # format: <info type name>(<surrogate character count>):<surrogate> 6652 # 6653 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 6654 # the surrogate is 'abc', the full replacement value 6655 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 6656 # 6657 # This annotation identifies the surrogate when inspecting content using the 6658 # custom info type 'Surrogate'. This facilitates reversal of the 6659 # surrogate when it occurs in free text. 6660 # 6661 # In order for inspection to work properly, the name of this info type must 6662 # not occur naturally anywhere in your data; otherwise, inspection may either 6663 # 6664 # - reverse a surrogate that does not correspond to an actual identifier 6665 # - be unable to parse the surrogate and result in an error 6666 # 6667 # Therefore, choose your custom info type name carefully after considering 6668 # what your data looks like. One way to select a name that has a high chance 6669 # of yielding reliable detection is to include one or more unicode characters 6670 # that are highly improbable to exist in your data. 6671 # For example, assuming your data is entered from a regular ASCII keyboard, 6672 # the symbol with the hex code point 29DD might be used like so: 6673 # ⧝MY_TOKEN_TYPE 6674 "name": "A String", # Name of the information type. Either a name of your choosing when 6675 # creating a CustomInfoType, or one of the names listed 6676 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 6677 # a built-in type. InfoType names should conform to the pattern 6678 # [a-zA-Z0-9_]{1,64}. 6679 }, 6680 }, 6681 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 6682 # Bucketing transformation can provide all of this functionality, 6683 # but requires more configuration. This message is provided as a convenience to 6684 # the user for simple bucketing strategies. 6685 # 6686 # The transformed value will be a hyphenated string of 6687 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 6688 # all values that are within this bucket will be replaced with "10-20". 6689 # 6690 # This can be used on data of type: double, long. 6691 # 6692 # If the bound Value type differs from the type of data 6693 # being transformed, we will first attempt converting the type of the data to 6694 # be transformed to match the type of the bound before comparing. 6695 # 6696 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6697 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 6698 # grouped together into a single bucket; for example if `lower_bound` = 10, 6699 # then all values less than 10 are replaced with the value “-10”. [Required]. 6700 # Note that for the purposes of inspection or transformation, the number 6701 # of bytes considered to comprise a 'Value' is based on its representation 6702 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6703 # 123456789, the number of bytes would be counted as 9, even though an 6704 # int64 only holds up to 8 bytes of data. 6705 "floatValue": 3.14, 6706 "timestampValue": "A String", 6707 "dayOfWeekValue": "A String", 6708 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6709 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6710 # types are google.type.Date and `google.protobuf.Timestamp`. 6711 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6712 # to allow the value "24:00:00" for scenarios like business closing time. 6713 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6714 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6715 # allow the value 60 if it allows leap-seconds. 6716 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6717 }, 6718 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6719 # and time zone are either specified elsewhere or are not significant. The date 6720 # is relative to the Proleptic Gregorian Calendar. This can represent: 6721 # 6722 # * A full date, with non-zero year, month and day values 6723 # * A month and day value, with a zero year, e.g. an anniversary 6724 # * A year on its own, with zero month and day values 6725 # * A year and month value, with a zero day, e.g. a credit card expiration date 6726 # 6727 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6728 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6729 # a year. 6730 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6731 # if specifying a year by itself or a year and month where the day is not 6732 # significant. 6733 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6734 # month and day. 6735 }, 6736 "stringValue": "A String", 6737 "booleanValue": True or False, 6738 "integerValue": "A String", 6739 }, 6740 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 6741 # grouped together into a single bucket; for example if `upper_bound` = 89, 6742 # then all values greater than 89 are replaced with the value “89+”. 6743 # [Required]. 6744 # Note that for the purposes of inspection or transformation, the number 6745 # of bytes considered to comprise a 'Value' is based on its representation 6746 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6747 # 123456789, the number of bytes would be counted as 9, even though an 6748 # int64 only holds up to 8 bytes of data. 6749 "floatValue": 3.14, 6750 "timestampValue": "A String", 6751 "dayOfWeekValue": "A String", 6752 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6753 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6754 # types are google.type.Date and `google.protobuf.Timestamp`. 6755 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6756 # to allow the value "24:00:00" for scenarios like business closing time. 6757 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6758 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6759 # allow the value 60 if it allows leap-seconds. 6760 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6761 }, 6762 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6763 # and time zone are either specified elsewhere or are not significant. The date 6764 # is relative to the Proleptic Gregorian Calendar. This can represent: 6765 # 6766 # * A full date, with non-zero year, month and day values 6767 # * A month and day value, with a zero year, e.g. an anniversary 6768 # * A year on its own, with zero month and day values 6769 # * A year and month value, with a zero day, e.g. a credit card expiration date 6770 # 6771 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6772 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6773 # a year. 6774 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6775 # if specifying a year by itself or a year and month where the day is not 6776 # significant. 6777 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6778 # month and day. 6779 }, 6780 "stringValue": "A String", 6781 "booleanValue": True or False, 6782 "integerValue": "A String", 6783 }, 6784 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 6785 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 6786 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 6787 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 6788 }, 6789 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 6790 }, 6791 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 6792 # portion of the value. 6793 "partToExtract": "A String", 6794 }, 6795 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 6796 # Uses SHA-256. 6797 # The key size must be either 32 or 64 bytes. 6798 # Outputs a base64 encoded representation of the hashed output 6799 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 6800 # Currently, only string and integer values can be hashed. 6801 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 6802 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 6803 # a key encryption key (KEK) stored by KMS). 6804 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6805 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6806 # unwrap the data crypto key. 6807 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6808 # The wrapped key must be a 128/192/256 bit key. 6809 # Authorization requires the following IAM permissions when sending a request 6810 # to perform a crypto transformation using a kms-wrapped crypto key: 6811 # dlp.kms.encrypt 6812 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6813 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6814 }, 6815 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6816 # leaking the key. Choose another type of key if possible. 6817 "key": "A String", # A 128/192/256 bit key. [required] 6818 }, 6819 "transient": { # Use this to have a random data crypto key generated. 6820 # It will be discarded after the request finishes. 6821 "name": "A String", # Name of the key. [required] 6822 # This is an arbitrary string used to differentiate different keys. 6823 # A unique key is generated per name: two separate `TransientCryptoKey` 6824 # protos share the same generated key if their names are the same. 6825 # When the data crypto key is generated, this name is not used in any way 6826 # (repeating the api call will result in a different key being generated). 6827 }, 6828 }, 6829 }, 6830 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 6831 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 6832 # to learn more. 6833 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 6834 # results in the same shift for the same context and crypto_key. 6835 # a key encryption key (KEK) stored by KMS). 6836 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 6837 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 6838 # unwrap the data crypto key. 6839 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 6840 # The wrapped key must be a 128/192/256 bit key. 6841 # Authorization requires the following IAM permissions when sending a request 6842 # to perform a crypto transformation using a kms-wrapped crypto key: 6843 # dlp.kms.encrypt 6844 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 6845 "wrappedKey": "A String", # The wrapped data crypto key. [required] 6846 }, 6847 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 6848 # leaking the key. Choose another type of key if possible. 6849 "key": "A String", # A 128/192/256 bit key. [required] 6850 }, 6851 "transient": { # Use this to have a random data crypto key generated. 6852 # It will be discarded after the request finishes. 6853 "name": "A String", # Name of the key. [required] 6854 # This is an arbitrary string used to differentiate different keys. 6855 # A unique key is generated per name: two separate `TransientCryptoKey` 6856 # protos share the same generated key if their names are the same. 6857 # When the data crypto key is generated, this name is not used in any way 6858 # (repeating the api call will result in a different key being generated). 6859 }, 6860 }, 6861 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 6862 # [Required] 6863 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 6864 # range (inclusive ends). Negative means shift to earlier in time. Must not 6865 # be more than 365250 days (1000 years) each direction. 6866 # 6867 # For example, 3 means shift date to at most 3 days into the future. 6868 # [Required] 6869 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 6870 # If set, must also set method. If set, shift will be consistent for the 6871 # given context. 6872 "name": "A String", # Name describing the field. 6873 }, 6874 }, 6875 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 6876 # replacement values are dynamically provided by the user for custom behavior, 6877 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 6878 # This can be used on 6879 # data of type: number, long, string, timestamp. 6880 # If the bound `Value` type differs from the type of data being transformed, we 6881 # will first attempt converting the type of the data to be transformed to match 6882 # the type of the bound before comparing. 6883 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 6884 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 6885 { # Bucket is represented as a range, along with replacement values. 6886 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 6887 # Note that for the purposes of inspection or transformation, the number 6888 # of bytes considered to comprise a 'Value' is based on its representation 6889 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6890 # 123456789, the number of bytes would be counted as 9, even though an 6891 # int64 only holds up to 8 bytes of data. 6892 "floatValue": 3.14, 6893 "timestampValue": "A String", 6894 "dayOfWeekValue": "A String", 6895 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6896 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6897 # types are google.type.Date and `google.protobuf.Timestamp`. 6898 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6899 # to allow the value "24:00:00" for scenarios like business closing time. 6900 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6901 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6902 # allow the value 60 if it allows leap-seconds. 6903 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6904 }, 6905 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6906 # and time zone are either specified elsewhere or are not significant. The date 6907 # is relative to the Proleptic Gregorian Calendar. This can represent: 6908 # 6909 # * A full date, with non-zero year, month and day values 6910 # * A month and day value, with a zero year, e.g. an anniversary 6911 # * A year on its own, with zero month and day values 6912 # * A year and month value, with a zero day, e.g. a credit card expiration date 6913 # 6914 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6915 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6916 # a year. 6917 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6918 # if specifying a year by itself or a year and month where the day is not 6919 # significant. 6920 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6921 # month and day. 6922 }, 6923 "stringValue": "A String", 6924 "booleanValue": True or False, 6925 "integerValue": "A String", 6926 }, 6927 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 6928 # the default behavior will be to hyphenate the min-max range. 6929 # Note that for the purposes of inspection or transformation, the number 6930 # of bytes considered to comprise a 'Value' is based on its representation 6931 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6932 # 123456789, the number of bytes would be counted as 9, even though an 6933 # int64 only holds up to 8 bytes of data. 6934 "floatValue": 3.14, 6935 "timestampValue": "A String", 6936 "dayOfWeekValue": "A String", 6937 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6938 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6939 # types are google.type.Date and `google.protobuf.Timestamp`. 6940 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6941 # to allow the value "24:00:00" for scenarios like business closing time. 6942 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6943 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6944 # allow the value 60 if it allows leap-seconds. 6945 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6946 }, 6947 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6948 # and time zone are either specified elsewhere or are not significant. The date 6949 # is relative to the Proleptic Gregorian Calendar. This can represent: 6950 # 6951 # * A full date, with non-zero year, month and day values 6952 # * A month and day value, with a zero year, e.g. an anniversary 6953 # * A year on its own, with zero month and day values 6954 # * A year and month value, with a zero day, e.g. a credit card expiration date 6955 # 6956 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6957 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 6958 # a year. 6959 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 6960 # if specifying a year by itself or a year and month where the day is not 6961 # significant. 6962 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 6963 # month and day. 6964 }, 6965 "stringValue": "A String", 6966 "booleanValue": True or False, 6967 "integerValue": "A String", 6968 }, 6969 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 6970 # used. 6971 # Note that for the purposes of inspection or transformation, the number 6972 # of bytes considered to comprise a 'Value' is based on its representation 6973 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 6974 # 123456789, the number of bytes would be counted as 9, even though an 6975 # int64 only holds up to 8 bytes of data. 6976 "floatValue": 3.14, 6977 "timestampValue": "A String", 6978 "dayOfWeekValue": "A String", 6979 "timeValue": { # Represents a time of day. The date and time zone are either not significant 6980 # or are specified elsewhere. An API may choose to allow leap seconds. Related 6981 # types are google.type.Date and `google.protobuf.Timestamp`. 6982 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 6983 # to allow the value "24:00:00" for scenarios like business closing time. 6984 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 6985 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 6986 # allow the value 60 if it allows leap-seconds. 6987 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 6988 }, 6989 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 6990 # and time zone are either specified elsewhere or are not significant. The date 6991 # is relative to the Proleptic Gregorian Calendar. This can represent: 6992 # 6993 # * A full date, with non-zero year, month and day values 6994 # * A month and day value, with a zero year, e.g. an anniversary 6995 # * A year on its own, with zero month and day values 6996 # * A year and month value, with a zero day, e.g. a credit card expiration date 6997 # 6998 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 6999 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7000 # a year. 7001 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7002 # if specifying a year by itself or a year and month where the day is not 7003 # significant. 7004 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7005 # month and day. 7006 }, 7007 "stringValue": "A String", 7008 "booleanValue": True or False, 7009 "integerValue": "A String", 7010 }, 7011 }, 7012 ], 7013 }, 7014 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 7015 # (FPE) with the FFX mode of operation; however when used in the 7016 # `ReidentifyContent` API method, it serves the opposite function by reversing 7017 # the surrogate back into the original identifier. The identifier must be 7018 # encoded as ASCII. For a given crypto key and context, the same identifier 7019 # will be replaced with the same surrogate. Identifiers must be at least two 7020 # characters long. In the case that the identifier is the empty string, it will 7021 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 7022 # more. 7023 # 7024 # Note: We recommend using CryptoDeterministicConfig for all use cases which 7025 # do not require preserving the input alphabet space and size, plus warrant 7026 # referential integrity. 7027 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 7028 # a key encryption key (KEK) stored by KMS). 7029 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7030 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7031 # unwrap the data crypto key. 7032 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7033 # The wrapped key must be a 128/192/256 bit key. 7034 # Authorization requires the following IAM permissions when sending a request 7035 # to perform a crypto transformation using a kms-wrapped crypto key: 7036 # dlp.kms.encrypt 7037 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7038 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7039 }, 7040 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7041 # leaking the key. Choose another type of key if possible. 7042 "key": "A String", # A 128/192/256 bit key. [required] 7043 }, 7044 "transient": { # Use this to have a random data crypto key generated. 7045 # It will be discarded after the request finishes. 7046 "name": "A String", # Name of the key. [required] 7047 # This is an arbitrary string used to differentiate different keys. 7048 # A unique key is generated per name: two separate `TransientCryptoKey` 7049 # protos share the same generated key if their names are the same. 7050 # When the data crypto key is generated, this name is not used in any way 7051 # (repeating the api call will result in a different key being generated). 7052 }, 7053 }, 7054 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 7055 "commonAlphabet": "A String", 7056 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 7057 # that the FFX mode natively supports. This happens before/after 7058 # encryption/decryption. 7059 # Each character listed must appear only once. 7060 # Number of characters must be in the range [2, 62]. 7061 # This must be encoded as ASCII. 7062 # The order of characters does not matter. 7063 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 7064 # identifier in two different contexts won't be given the same surrogate. If 7065 # the context is not set, a default tweak will be used. 7066 # 7067 # If the context is set but: 7068 # 7069 # 1. there is no record present when transforming a given value or 7070 # 1. the field is not present when transforming a given value, 7071 # 7072 # a default tweak will be used. 7073 # 7074 # Note that case (1) is expected when an `InfoTypeTransformation` is 7075 # applied to both structured and non-structured `ContentItem`s. 7076 # Currently, the referenced field may be of value type integer or string. 7077 # 7078 # The tweak is constructed as a sequence of bytes in big endian byte order 7079 # such that: 7080 # 7081 # - a 64 bit integer is encoded followed by a single byte of value 1 7082 # - a string is encoded in UTF-8 format followed by a single byte of value 2 7083 "name": "A String", # Name describing the field. 7084 }, 7085 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 7086 # This annotation will be applied to the surrogate by prefixing it with 7087 # the name of the custom infoType followed by the number of 7088 # characters comprising the surrogate. The following scheme defines the 7089 # format: info_type_name(surrogate_character_count):surrogate 7090 # 7091 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 7092 # the surrogate is 'abc', the full replacement value 7093 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 7094 # 7095 # This annotation identifies the surrogate when inspecting content using the 7096 # custom infoType 7097 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 7098 # This facilitates reversal of the surrogate when it occurs in free text. 7099 # 7100 # In order for inspection to work properly, the name of this infoType must 7101 # not occur naturally anywhere in your data; otherwise, inspection may 7102 # find a surrogate that does not correspond to an actual identifier. 7103 # Therefore, choose your custom infoType name carefully after considering 7104 # what your data looks like. One way to select a name that has a high chance 7105 # of yielding reliable detection is to include one or more unicode characters 7106 # that are highly improbable to exist in your data. 7107 # For example, assuming your data is entered from a regular ASCII keyboard, 7108 # the symbol with the hex code point 29DD might be used like so: 7109 # ⧝MY_TOKEN_TYPE 7110 "name": "A String", # Name of the information type. Either a name of your choosing when 7111 # creating a CustomInfoType, or one of the names listed 7112 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7113 # a built-in type. InfoType names should conform to the pattern 7114 # [a-zA-Z0-9_]{1,64}. 7115 }, 7116 }, 7117 "replaceConfig": { # Replace each input value with a given `Value`. 7118 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 7119 # Note that for the purposes of inspection or transformation, the number 7120 # of bytes considered to comprise a 'Value' is based on its representation 7121 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7122 # 123456789, the number of bytes would be counted as 9, even though an 7123 # int64 only holds up to 8 bytes of data. 7124 "floatValue": 3.14, 7125 "timestampValue": "A String", 7126 "dayOfWeekValue": "A String", 7127 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7128 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7129 # types are google.type.Date and `google.protobuf.Timestamp`. 7130 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7131 # to allow the value "24:00:00" for scenarios like business closing time. 7132 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7133 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7134 # allow the value 60 if it allows leap-seconds. 7135 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7136 }, 7137 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7138 # and time zone are either specified elsewhere or are not significant. The date 7139 # is relative to the Proleptic Gregorian Calendar. This can represent: 7140 # 7141 # * A full date, with non-zero year, month and day values 7142 # * A month and day value, with a zero year, e.g. an anniversary 7143 # * A year on its own, with zero month and day values 7144 # * A year and month value, with a zero day, e.g. a credit card expiration date 7145 # 7146 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7147 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7148 # a year. 7149 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7150 # if specifying a year by itself or a year and month where the day is not 7151 # significant. 7152 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7153 # month and day. 7154 }, 7155 "stringValue": "A String", 7156 "booleanValue": True or False, 7157 "integerValue": "A String", 7158 }, 7159 }, 7160 }, 7161 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 7162 # given `RecordCondition`. The conditions are allowed to reference fields 7163 # that are not used in the actual transformation. [optional] 7164 # 7165 # Example Use Cases: 7166 # 7167 # - Apply a different bucket transformation to an age column if the zip code 7168 # column for the same record is within a specific range. 7169 # - Redact a field if the date of birth field is greater than 85. 7170 # a field. 7171 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 7172 "conditions": { # A collection of conditions. 7173 "conditions": [ 7174 { # The field type of `value` and `field` do not need to match to be 7175 # considered equal, but not all comparisons are possible. 7176 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 7177 # but all other comparisons are invalid with incompatible types. 7178 # A `value` of type: 7179 # 7180 # - `string` can be compared against all other types 7181 # - `boolean` can only be compared against other booleans 7182 # - `integer` can be compared against doubles or a string if the string value 7183 # can be parsed as an integer. 7184 # - `double` can be compared against integers or a string if the string can 7185 # be parsed as a double. 7186 # - `Timestamp` can be compared against strings in RFC 3339 date string 7187 # format. 7188 # - `TimeOfDay` can be compared against timestamps and strings in the format 7189 # of 'HH:mm:ss'. 7190 # 7191 # If we fail to compare do to type mismatch, a warning will be given and 7192 # the condition will evaluate to false. 7193 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 7194 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 7195 "name": "A String", # Name describing the field. 7196 }, 7197 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 7198 # Note that for the purposes of inspection or transformation, the number 7199 # of bytes considered to comprise a 'Value' is based on its representation 7200 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7201 # 123456789, the number of bytes would be counted as 9, even though an 7202 # int64 only holds up to 8 bytes of data. 7203 "floatValue": 3.14, 7204 "timestampValue": "A String", 7205 "dayOfWeekValue": "A String", 7206 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7207 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7208 # types are google.type.Date and `google.protobuf.Timestamp`. 7209 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7210 # to allow the value "24:00:00" for scenarios like business closing time. 7211 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7212 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7213 # allow the value 60 if it allows leap-seconds. 7214 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7215 }, 7216 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7217 # and time zone are either specified elsewhere or are not significant. The date 7218 # is relative to the Proleptic Gregorian Calendar. This can represent: 7219 # 7220 # * A full date, with non-zero year, month and day values 7221 # * A month and day value, with a zero year, e.g. an anniversary 7222 # * A year on its own, with zero month and day values 7223 # * A year and month value, with a zero day, e.g. a credit card expiration date 7224 # 7225 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7226 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7227 # a year. 7228 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7229 # if specifying a year by itself or a year and month where the day is not 7230 # significant. 7231 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7232 # month and day. 7233 }, 7234 "stringValue": "A String", 7235 "booleanValue": True or False, 7236 "integerValue": "A String", 7237 }, 7238 }, 7239 ], 7240 }, 7241 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 7242 # only supported value is `AND`. 7243 }, 7244 }, 7245 "fields": [ # Input field(s) to apply the transformation to. [required] 7246 { # General identifier of a data field in a storage service. 7247 "name": "A String", # Name describing the field. 7248 }, 7249 ], 7250 }, 7251 ], 7252 }, 7253 }, 7254 "reidentifyTemplateName": "A String", # Optional template to use. References an instance of `DeidentifyTemplate`. 7255 # Any configuration directly specified in `reidentify_config` or 7256 # `inspect_config` will override those set in the template. Singular fields 7257 # that are set in this request will replace their corresponding fields in the 7258 # template. Repeated fields are appended. Singular sub-messages and groups 7259 # are recursively merged. 7260 "inspectConfig": { # Configuration description of the scanning process. # Configuration for the inspector. 7261 # When used with redactContent only info_types and min_likelihood are currently 7262 # used. 7263 "excludeInfoTypes": True or False, # When true, excludes type information of the findings. 7264 "limits": { 7265 "maxFindingsPerRequest": 42, # Max number of findings that will be returned per request/job. 7266 # When set within `InspectContentRequest`, the maximum returned is 2000 7267 # regardless if this is set higher. 7268 "maxFindingsPerInfoType": [ # Configuration of findings limit given for specified infoTypes. 7269 { # Max findings configuration per infoType, per content item or long 7270 # running DlpJob. 7271 "infoType": { # Type of information detected by the API. # Type of information the findings limit applies to. Only one limit per 7272 # info_type should be provided. If InfoTypeLimit does not have an 7273 # info_type, the DLP API applies the limit against all info_types that 7274 # are found but not specified in another InfoTypeLimit. 7275 "name": "A String", # Name of the information type. Either a name of your choosing when 7276 # creating a CustomInfoType, or one of the names listed 7277 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7278 # a built-in type. InfoType names should conform to the pattern 7279 # [a-zA-Z0-9_]{1,64}. 7280 }, 7281 "maxFindings": 42, # Max findings limit for the given infoType. 7282 }, 7283 ], 7284 "maxFindingsPerItem": 42, # Max number of findings that will be returned for each item scanned. 7285 # When set within `InspectDataSourceRequest`, 7286 # the maximum returned is 2000 regardless if this is set higher. 7287 # When set within `InspectContentRequest`, this field is ignored. 7288 }, 7289 "minLikelihood": "A String", # Only returns findings equal or above this threshold. The default is 7290 # POSSIBLE. 7291 # See https://cloud.google.com/dlp/docs/likelihood to learn more. 7292 "customInfoTypes": [ # CustomInfoTypes provided by the user. See 7293 # https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. 7294 { # Custom information type provided by the user. Used to find domain-specific 7295 # sensitive information configurable to the data in question. 7296 "regex": { # Message defining a custom regular expression. # Regular expression based CustomInfoType. 7297 "pattern": "A String", # Pattern defining the regular expression. Its syntax 7298 # (https://github.com/google/re2/wiki/Syntax) can be found under the 7299 # google/re2 repository on GitHub. 7300 "groupIndexes": [ # The index of the submatch to extract as findings. When not 7301 # specified, the entire match is returned. No more than 3 may be included. 7302 42, 7303 ], 7304 }, 7305 "surrogateType": { # Message for detecting output from deidentification transformations # Message for detecting output from deidentification transformations that 7306 # support reversing. 7307 # such as 7308 # [`CryptoReplaceFfxFpeConfig`](/dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig). 7309 # These types of transformations are 7310 # those that perform pseudonymization, thereby producing a "surrogate" as 7311 # output. This should be used in conjunction with a field on the 7312 # transformation such as `surrogate_info_type`. This CustomInfoType does 7313 # not support the use of `detection_rules`. 7314 }, 7315 "infoType": { # Type of information detected by the API. # CustomInfoType can either be a new infoType, or an extension of built-in 7316 # infoType, when the name matches one of existing infoTypes and that infoType 7317 # is specified in `InspectContent.info_types` field. Specifying the latter 7318 # adds findings to the one detected by the system. If built-in info type is 7319 # not specified in `InspectContent.info_types` list then the name is treated 7320 # as a custom info type. 7321 "name": "A String", # Name of the information type. Either a name of your choosing when 7322 # creating a CustomInfoType, or one of the names listed 7323 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7324 # a built-in type. InfoType names should conform to the pattern 7325 # [a-zA-Z0-9_]{1,64}. 7326 }, 7327 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # A list of phrases to detect as a CustomInfoType. 7328 # be used to match sensitive information specific to the data, such as a list 7329 # of employee IDs or job titles. 7330 # 7331 # Dictionary words are case-insensitive and all characters other than letters 7332 # and digits in the unicode [Basic Multilingual 7333 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 7334 # will be replaced with whitespace when scanning for matches, so the 7335 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 7336 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 7337 # surrounding any match must be of a different type than the adjacent 7338 # characters within the word, so letters must be next to non-letters and 7339 # digits next to non-digits. For example, the dictionary word "jen" will 7340 # match the first three letters of the text "jen123" but will return no 7341 # matches for "jennifer". 7342 # 7343 # Dictionary words containing a large number of characters that are not 7344 # letters or digits may result in unexpected findings because such characters 7345 # are treated as whitespace. The 7346 # [limits](https://cloud.google.com/dlp/limits) page contains details about 7347 # the size limits of dictionaries. For dictionaries that do not fit within 7348 # these constraints, consider using `LargeCustomDictionaryConfig` in the 7349 # `StoredInfoType` API. 7350 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 7351 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 7352 # at least one phrase and every phrase must contain at least 2 characters 7353 # that are letters or digits. [required] 7354 "A String", 7355 ], 7356 }, 7357 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 7358 # is accepted. 7359 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 7360 # Example: gs://[BUCKET_NAME]/dictionary.txt 7361 }, 7362 }, 7363 "storedType": { # A reference to a StoredInfoType to use with scanning. # Load an existing `StoredInfoType` resource for use in 7364 # `InspectDataSource`. Not currently supported in `InspectContent`. 7365 "name": "A String", # Resource name of the requested `StoredInfoType`, for example 7366 # `organizations/433245324/storedInfoTypes/432452342` or 7367 # `projects/project-id/storedInfoTypes/432452342`. 7368 "createTime": "A String", # Timestamp indicating when the version of the `StoredInfoType` used for 7369 # inspection was created. Output-only field, populated by the system. 7370 }, 7371 "detectionRules": [ # Set of detection rules to apply to all findings of this CustomInfoType. 7372 # Rules are applied in order that they are specified. Not supported for the 7373 # `surrogate_type` CustomInfoType. 7374 { # Deprecated; use `InspectionRuleSet` instead. Rule for modifying a 7375 # `CustomInfoType` to alter behavior under certain circumstances, depending 7376 # on the specific details of the rule. Not supported for the `surrogate_type` 7377 # custom infoType. 7378 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 7379 # proximity of hotwords. 7380 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 7381 # The total length of the window cannot exceed 1000 characters. Note that 7382 # the finding itself will be included in the window, so that hotwords may 7383 # be used to match substrings of the finding itself. For example, the 7384 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 7385 # adjusted upwards if the area code is known to be the local area code of 7386 # a company office using the hotword regex "\(xxx\)", where "xxx" 7387 # is the area code in question. 7388 # rule. 7389 "windowAfter": 42, # Number of characters after the finding to consider. 7390 "windowBefore": 42, # Number of characters before the finding to consider. 7391 }, 7392 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 7393 "pattern": "A String", # Pattern defining the regular expression. Its syntax 7394 # (https://github.com/google/re2/wiki/Syntax) can be found under the 7395 # google/re2 repository on GitHub. 7396 "groupIndexes": [ # The index of the submatch to extract as findings. When not 7397 # specified, the entire match is returned. No more than 3 may be included. 7398 42, 7399 ], 7400 }, 7401 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 7402 # part of a detection rule. 7403 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 7404 # levels. For example, if a finding would be `POSSIBLE` without the 7405 # detection rule and `relative_likelihood` is 1, then it is upgraded to 7406 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 7407 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 7408 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 7409 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 7410 # a final likelihood of `LIKELY`. 7411 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 7412 }, 7413 }, 7414 }, 7415 ], 7416 "exclusionType": "A String", # If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding 7417 # to be returned. It still can be used for rules matching. 7418 "likelihood": "A String", # Likelihood to return for this CustomInfoType. This base value can be 7419 # altered by a detection rule if the finding meets the criteria specified by 7420 # the rule. Defaults to `VERY_LIKELY` if not specified. 7421 }, 7422 ], 7423 "includeQuote": True or False, # When true, a contextual quote from the data that triggered a finding is 7424 # included in the response; see Finding.quote. 7425 "ruleSet": [ # Set of rules to apply to the findings for this InspectConfig. 7426 # Exclusion rules, contained in the set are executed in the end, other 7427 # rules are executed in the order they are specified for each info type. 7428 { # Rule set for modifying a set of infoTypes to alter behavior under certain 7429 # circumstances, depending on the specific details of the rules within the set. 7430 "rules": [ # Set of rules to be applied to infoTypes. The rules are applied in order. 7431 { # A single inspection rule to be applied to infoTypes, specified in 7432 # `InspectionRuleSet`. 7433 "hotwordRule": { # The rule that adjusts the likelihood of findings within a certain # Hotword-based detection rule. 7434 # proximity of hotwords. 7435 "proximity": { # Message for specifying a window around a finding to apply a detection # Proximity of the finding within which the entire hotword must reside. 7436 # The total length of the window cannot exceed 1000 characters. Note that 7437 # the finding itself will be included in the window, so that hotwords may 7438 # be used to match substrings of the finding itself. For example, the 7439 # certainty of a phone number regex "\(\d{3}\) \d{3}-\d{4}" could be 7440 # adjusted upwards if the area code is known to be the local area code of 7441 # a company office using the hotword regex "\(xxx\)", where "xxx" 7442 # is the area code in question. 7443 # rule. 7444 "windowAfter": 42, # Number of characters after the finding to consider. 7445 "windowBefore": 42, # Number of characters before the finding to consider. 7446 }, 7447 "hotwordRegex": { # Message defining a custom regular expression. # Regular expression pattern defining what qualifies as a hotword. 7448 "pattern": "A String", # Pattern defining the regular expression. Its syntax 7449 # (https://github.com/google/re2/wiki/Syntax) can be found under the 7450 # google/re2 repository on GitHub. 7451 "groupIndexes": [ # The index of the submatch to extract as findings. When not 7452 # specified, the entire match is returned. No more than 3 may be included. 7453 42, 7454 ], 7455 }, 7456 "likelihoodAdjustment": { # Message for specifying an adjustment to the likelihood of a finding as # Likelihood adjustment to apply to all matching findings. 7457 # part of a detection rule. 7458 "relativeLikelihood": 42, # Increase or decrease the likelihood by the specified number of 7459 # levels. For example, if a finding would be `POSSIBLE` without the 7460 # detection rule and `relative_likelihood` is 1, then it is upgraded to 7461 # `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. 7462 # Likelihood may never drop below `VERY_UNLIKELY` or exceed 7463 # `VERY_LIKELY`, so applying an adjustment of 1 followed by an 7464 # adjustment of -1 when base likelihood is `VERY_LIKELY` will result in 7465 # a final likelihood of `LIKELY`. 7466 "fixedLikelihood": "A String", # Set the likelihood of a finding to a fixed value. 7467 }, 7468 }, 7469 "exclusionRule": { # The rule that specifies conditions when findings of infoTypes specified in # Exclusion rule. 7470 # `InspectionRuleSet` are removed from results. 7471 "regex": { # Message defining a custom regular expression. # Regular expression which defines the rule. 7472 "pattern": "A String", # Pattern defining the regular expression. Its syntax 7473 # (https://github.com/google/re2/wiki/Syntax) can be found under the 7474 # google/re2 repository on GitHub. 7475 "groupIndexes": [ # The index of the submatch to extract as findings. When not 7476 # specified, the entire match is returned. No more than 3 may be included. 7477 42, 7478 ], 7479 }, 7480 "excludeInfoTypes": { # List of exclude infoTypes. # Set of infoTypes for which findings would affect this rule. 7481 "infoTypes": [ # InfoType list in ExclusionRule rule drops a finding when it overlaps or 7482 # contained within with a finding of an infoType from this list. For 7483 # example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and 7484 # `exclusion_rule` containing `exclude_info_types.info_types` with 7485 # "EMAIL_ADDRESS" the phone number findings are dropped if they overlap 7486 # with EMAIL_ADDRESS finding. 7487 # That leads to "555-222-2222@example.org" to generate only a single 7488 # finding, namely email address. 7489 { # Type of information detected by the API. 7490 "name": "A String", # Name of the information type. Either a name of your choosing when 7491 # creating a CustomInfoType, or one of the names listed 7492 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7493 # a built-in type. InfoType names should conform to the pattern 7494 # [a-zA-Z0-9_]{1,64}. 7495 }, 7496 ], 7497 }, 7498 "dictionary": { # Custom information type based on a dictionary of words or phrases. This can # Dictionary which defines the rule. 7499 # be used to match sensitive information specific to the data, such as a list 7500 # of employee IDs or job titles. 7501 # 7502 # Dictionary words are case-insensitive and all characters other than letters 7503 # and digits in the unicode [Basic Multilingual 7504 # Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) 7505 # will be replaced with whitespace when scanning for matches, so the 7506 # dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", 7507 # "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters 7508 # surrounding any match must be of a different type than the adjacent 7509 # characters within the word, so letters must be next to non-letters and 7510 # digits next to non-digits. For example, the dictionary word "jen" will 7511 # match the first three letters of the text "jen123" but will return no 7512 # matches for "jennifer". 7513 # 7514 # Dictionary words containing a large number of characters that are not 7515 # letters or digits may result in unexpected findings because such characters 7516 # are treated as whitespace. The 7517 # [limits](https://cloud.google.com/dlp/limits) page contains details about 7518 # the size limits of dictionaries. For dictionaries that do not fit within 7519 # these constraints, consider using `LargeCustomDictionaryConfig` in the 7520 # `StoredInfoType` API. 7521 "wordList": { # Message defining a list of words or phrases to search for in the data. # List of words or phrases to search for. 7522 "words": [ # Words or phrases defining the dictionary. The dictionary must contain 7523 # at least one phrase and every phrase must contain at least 2 characters 7524 # that are letters or digits. [required] 7525 "A String", 7526 ], 7527 }, 7528 "cloudStoragePath": { # Message representing a single file or path in Cloud Storage. # Newline-delimited file of words in Cloud Storage. Only a single file 7529 # is accepted. 7530 "path": "A String", # A url representing a file or path (no wildcards) in Cloud Storage. 7531 # Example: gs://[BUCKET_NAME]/dictionary.txt 7532 }, 7533 }, 7534 "matchingType": "A String", # How the rule is applied, see MatchingType documentation for details. 7535 }, 7536 }, 7537 ], 7538 "infoTypes": [ # List of infoTypes this rule set is applied to. 7539 { # Type of information detected by the API. 7540 "name": "A String", # Name of the information type. Either a name of your choosing when 7541 # creating a CustomInfoType, or one of the names listed 7542 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7543 # a built-in type. InfoType names should conform to the pattern 7544 # [a-zA-Z0-9_]{1,64}. 7545 }, 7546 ], 7547 }, 7548 ], 7549 "contentOptions": [ # List of options defining data content to scan. 7550 # If empty, text, images, and other content will be included. 7551 "A String", 7552 ], 7553 "infoTypes": [ # Restricts what info_types to look for. The values must correspond to 7554 # InfoType values returned by ListInfoTypes or listed at 7555 # https://cloud.google.com/dlp/docs/infotypes-reference. 7556 # 7557 # When no InfoTypes or CustomInfoTypes are specified in a request, the 7558 # system may automatically choose what detectors to run. By default this may 7559 # be all types, but may change over time as detectors are updated. 7560 # 7561 # The special InfoType name "ALL_BASIC" can be used to trigger all detectors, 7562 # but may change over time as new InfoTypes are added. If you need precise 7563 # control and predictability as to what detectors are run you should specify 7564 # specific InfoTypes listed in the reference. 7565 { # Type of information detected by the API. 7566 "name": "A String", # Name of the information type. Either a name of your choosing when 7567 # creating a CustomInfoType, or one of the names listed 7568 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7569 # a built-in type. InfoType names should conform to the pattern 7570 # [a-zA-Z0-9_]{1,64}. 7571 }, 7572 ], 7573 }, 7574 "inspectTemplateName": "A String", # Optional template to use. Any configuration directly specified in 7575 # `inspect_config` will override those set in the template. Singular fields 7576 # that are set in this request will replace their corresponding fields in the 7577 # template. Repeated fields are appended. Singular sub-messages and groups 7578 # are recursively merged. 7579 "item": { # Container structure for the content to inspect. # The item to re-identify. Will be treated as text. 7580 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See 7581 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 7582 # learn more. 7583 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 7584 # learn more. 7585 "headers": [ 7586 { # General identifier of a data field in a storage service. 7587 "name": "A String", # Name describing the field. 7588 }, 7589 ], 7590 "rows": [ 7591 { 7592 "values": [ 7593 { # Set of primitive values supported by the system. 7594 # Note that for the purposes of inspection or transformation, the number 7595 # of bytes considered to comprise a 'Value' is based on its representation 7596 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7597 # 123456789, the number of bytes would be counted as 9, even though an 7598 # int64 only holds up to 8 bytes of data. 7599 "floatValue": 3.14, 7600 "timestampValue": "A String", 7601 "dayOfWeekValue": "A String", 7602 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7603 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7604 # types are google.type.Date and `google.protobuf.Timestamp`. 7605 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7606 # to allow the value "24:00:00" for scenarios like business closing time. 7607 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7608 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7609 # allow the value 60 if it allows leap-seconds. 7610 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7611 }, 7612 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7613 # and time zone are either specified elsewhere or are not significant. The date 7614 # is relative to the Proleptic Gregorian Calendar. This can represent: 7615 # 7616 # * A full date, with non-zero year, month and day values 7617 # * A month and day value, with a zero year, e.g. an anniversary 7618 # * A year on its own, with zero month and day values 7619 # * A year and month value, with a zero day, e.g. a credit card expiration date 7620 # 7621 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7622 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7623 # a year. 7624 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7625 # if specifying a year by itself or a year and month where the day is not 7626 # significant. 7627 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7628 # month and day. 7629 }, 7630 "stringValue": "A String", 7631 "booleanValue": True or False, 7632 "integerValue": "A String", 7633 }, 7634 ], 7635 }, 7636 ], 7637 }, 7638 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`. 7639 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8. 7640 "data": "A String", # Content data to inspect or redact. 7641 }, 7642 "value": "A String", # String data to inspect or redact. 7643 }, 7644 } 7645 7646 x__xgafv: string, V1 error format. 7647 Allowed values 7648 1 - v1 error format 7649 2 - v2 error format 7650 7651Returns: 7652 An object of the form: 7653 7654 { # Results of re-identifying a item. 7655 "overview": { # Overview of the modifications that occurred. # An overview of the changes that were made to the `item`. 7656 "transformationSummaries": [ # Transformations applied to the dataset. 7657 { # Summary of a single transformation. 7658 # Only one of 'transformation', 'field_transformation', or 'record_suppress' 7659 # will be set. 7660 "infoType": { # Type of information detected by the API. # Set if the transformation was limited to a specific InfoType. 7661 "name": "A String", # Name of the information type. Either a name of your choosing when 7662 # creating a CustomInfoType, or one of the names listed 7663 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7664 # a built-in type. InfoType names should conform to the pattern 7665 # [a-zA-Z0-9_]{1,64}. 7666 }, 7667 "recordSuppress": { # Configuration to suppress records whose suppression conditions evaluate to # The specific suppression option these stats apply to. 7668 # true. 7669 "condition": { # A condition for determining whether a transformation should be applied to # A condition that when it evaluates to true will result in the record being 7670 # evaluated to be suppressed from the transformed content. 7671 # a field. 7672 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 7673 "conditions": { # A collection of conditions. 7674 "conditions": [ 7675 { # The field type of `value` and `field` do not need to match to be 7676 # considered equal, but not all comparisons are possible. 7677 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 7678 # but all other comparisons are invalid with incompatible types. 7679 # A `value` of type: 7680 # 7681 # - `string` can be compared against all other types 7682 # - `boolean` can only be compared against other booleans 7683 # - `integer` can be compared against doubles or a string if the string value 7684 # can be parsed as an integer. 7685 # - `double` can be compared against integers or a string if the string can 7686 # be parsed as a double. 7687 # - `Timestamp` can be compared against strings in RFC 3339 date string 7688 # format. 7689 # - `TimeOfDay` can be compared against timestamps and strings in the format 7690 # of 'HH:mm:ss'. 7691 # 7692 # If we fail to compare do to type mismatch, a warning will be given and 7693 # the condition will evaluate to false. 7694 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 7695 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 7696 "name": "A String", # Name describing the field. 7697 }, 7698 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 7699 # Note that for the purposes of inspection or transformation, the number 7700 # of bytes considered to comprise a 'Value' is based on its representation 7701 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7702 # 123456789, the number of bytes would be counted as 9, even though an 7703 # int64 only holds up to 8 bytes of data. 7704 "floatValue": 3.14, 7705 "timestampValue": "A String", 7706 "dayOfWeekValue": "A String", 7707 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7708 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7709 # types are google.type.Date and `google.protobuf.Timestamp`. 7710 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7711 # to allow the value "24:00:00" for scenarios like business closing time. 7712 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7713 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7714 # allow the value 60 if it allows leap-seconds. 7715 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7716 }, 7717 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7718 # and time zone are either specified elsewhere or are not significant. The date 7719 # is relative to the Proleptic Gregorian Calendar. This can represent: 7720 # 7721 # * A full date, with non-zero year, month and day values 7722 # * A month and day value, with a zero year, e.g. an anniversary 7723 # * A year on its own, with zero month and day values 7724 # * A year and month value, with a zero day, e.g. a credit card expiration date 7725 # 7726 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7727 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7728 # a year. 7729 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7730 # if specifying a year by itself or a year and month where the day is not 7731 # significant. 7732 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7733 # month and day. 7734 }, 7735 "stringValue": "A String", 7736 "booleanValue": True or False, 7737 "integerValue": "A String", 7738 }, 7739 }, 7740 ], 7741 }, 7742 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 7743 # only supported value is `AND`. 7744 }, 7745 }, 7746 }, 7747 "results": [ 7748 { # A collection that informs the user the number of times a particular 7749 # `TransformationResultCode` and error details occurred. 7750 "count": "A String", 7751 "code": "A String", 7752 "details": "A String", # A place for warnings or errors to show up if a transformation didn't 7753 # work as expected. 7754 }, 7755 ], 7756 "field": { # General identifier of a data field in a storage service. # Set if the transformation was limited to a specific FieldId. 7757 "name": "A String", # Name describing the field. 7758 }, 7759 "fieldTransformations": [ # The field transformation that was applied. 7760 # If multiple field transformations are requested for a single field, 7761 # this list will contain all of them; otherwise, only one is supplied. 7762 { # The transformation to apply to the field. 7763 "infoTypeTransformations": { # A type of transformation that will scan unstructured text and # Treat the contents of the field as free text, and selectively 7764 # transform content that matches an `InfoType`. 7765 # apply various `PrimitiveTransformation`s to each finding, where the 7766 # transformation is applied to only values that were identified as a specific 7767 # info_type. 7768 "transformations": [ # Transformation for each infoType. Cannot specify more than one 7769 # for a given infoType. [required] 7770 { # A transformation to apply to text that is identified as a specific 7771 # info_type. 7772 "primitiveTransformation": { # A rule for transforming a value. # Primitive transformation to apply to the infoType. [required] 7773 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 7774 # fixed character. Masking can start from the beginning or end of the string. 7775 # This can be used on data of any type (numbers, longs, and so on) and when 7776 # de-identifying structured data we'll attempt to preserve the original data's 7777 # type. (This allows you to take a long like 123 and modify it to a string like 7778 # **3. 7779 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 7780 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 7781 # mask 5 chars with * we would produce ***-*55-5555. 7782 { # Characters to skip when doing deidentification of a value. These will be left 7783 # alone and skipped. 7784 "commonCharactersToIgnore": "A String", 7785 "charactersToSkip": "A String", 7786 }, 7787 ], 7788 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 7789 # masked. Skipped characters do not count towards this tally. 7790 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 7791 # alphabetic string such as name, or "0" for a numeric string such as ZIP 7792 # code or credit card number. String must have length 1. If not supplied, we 7793 # will default to "*" for strings, 0 for digits. 7794 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 7795 # '0', number_to_mask is 14, and `reverse_order` is false, then 7796 # 1234-5678-9012-3456 -> 00000000000000-3456 7797 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 7798 # is true, then 12345 -> 12*** 7799 }, 7800 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 7801 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 7802 # output would be 'My phone number is '. 7803 }, 7804 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 7805 # input. Outputs a base64 encoded representation of the encrypted output. 7806 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 7807 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 7808 # a key encryption key (KEK) stored by KMS). 7809 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 7810 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 7811 # unwrap the data crypto key. 7812 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 7813 # The wrapped key must be a 128/192/256 bit key. 7814 # Authorization requires the following IAM permissions when sending a request 7815 # to perform a crypto transformation using a kms-wrapped crypto key: 7816 # dlp.kms.encrypt 7817 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 7818 "wrappedKey": "A String", # The wrapped data crypto key. [required] 7819 }, 7820 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 7821 # leaking the key. Choose another type of key if possible. 7822 "key": "A String", # A 128/192/256 bit key. [required] 7823 }, 7824 "transient": { # Use this to have a random data crypto key generated. 7825 # It will be discarded after the request finishes. 7826 "name": "A String", # Name of the key. [required] 7827 # This is an arbitrary string used to differentiate different keys. 7828 # A unique key is generated per name: two separate `TransientCryptoKey` 7829 # protos share the same generated key if their names are the same. 7830 # When the data crypto key is generated, this name is not used in any way 7831 # (repeating the api call will result in a different key being generated). 7832 }, 7833 }, 7834 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 7835 # referential integrity such that the same identifier in two different 7836 # contexts will be given a distinct surrogate. The context is appended to 7837 # plaintext value being encrypted. On decryption the provided context is 7838 # validated against the value used during encryption. If a context was 7839 # provided during encryption, same context must be provided during decryption 7840 # as well. 7841 # 7842 # If the context is not set, plaintext would be used as is for encryption. 7843 # If the context is set but: 7844 # 7845 # 1. there is no record present when transforming a given value or 7846 # 2. the field is not present when transforming a given value, 7847 # 7848 # plaintext would be used as is for encryption. 7849 # 7850 # Note that case (1) is expected when an `InfoTypeTransformation` is 7851 # applied to both structured and non-structured `ContentItem`s. 7852 "name": "A String", # Name describing the field. 7853 }, 7854 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 7855 # This annotation will be applied to the surrogate by prefixing it with 7856 # the name of the custom info type followed by the number of 7857 # characters comprising the surrogate. The following scheme defines the 7858 # format: <info type name>(<surrogate character count>):<surrogate> 7859 # 7860 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 7861 # the surrogate is 'abc', the full replacement value 7862 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 7863 # 7864 # This annotation identifies the surrogate when inspecting content using the 7865 # custom info type 'Surrogate'. This facilitates reversal of the 7866 # surrogate when it occurs in free text. 7867 # 7868 # In order for inspection to work properly, the name of this info type must 7869 # not occur naturally anywhere in your data; otherwise, inspection may either 7870 # 7871 # - reverse a surrogate that does not correspond to an actual identifier 7872 # - be unable to parse the surrogate and result in an error 7873 # 7874 # Therefore, choose your custom info type name carefully after considering 7875 # what your data looks like. One way to select a name that has a high chance 7876 # of yielding reliable detection is to include one or more unicode characters 7877 # that are highly improbable to exist in your data. 7878 # For example, assuming your data is entered from a regular ASCII keyboard, 7879 # the symbol with the hex code point 29DD might be used like so: 7880 # ⧝MY_TOKEN_TYPE 7881 "name": "A String", # Name of the information type. Either a name of your choosing when 7882 # creating a CustomInfoType, or one of the names listed 7883 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 7884 # a built-in type. InfoType names should conform to the pattern 7885 # [a-zA-Z0-9_]{1,64}. 7886 }, 7887 }, 7888 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 7889 # Bucketing transformation can provide all of this functionality, 7890 # but requires more configuration. This message is provided as a convenience to 7891 # the user for simple bucketing strategies. 7892 # 7893 # The transformed value will be a hyphenated string of 7894 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 7895 # all values that are within this bucket will be replaced with "10-20". 7896 # 7897 # This can be used on data of type: double, long. 7898 # 7899 # If the bound Value type differs from the type of data 7900 # being transformed, we will first attempt converting the type of the data to 7901 # be transformed to match the type of the bound before comparing. 7902 # 7903 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 7904 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 7905 # grouped together into a single bucket; for example if `lower_bound` = 10, 7906 # then all values less than 10 are replaced with the value “-10”. [Required]. 7907 # Note that for the purposes of inspection or transformation, the number 7908 # of bytes considered to comprise a 'Value' is based on its representation 7909 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7910 # 123456789, the number of bytes would be counted as 9, even though an 7911 # int64 only holds up to 8 bytes of data. 7912 "floatValue": 3.14, 7913 "timestampValue": "A String", 7914 "dayOfWeekValue": "A String", 7915 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7916 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7917 # types are google.type.Date and `google.protobuf.Timestamp`. 7918 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7919 # to allow the value "24:00:00" for scenarios like business closing time. 7920 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7921 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7922 # allow the value 60 if it allows leap-seconds. 7923 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7924 }, 7925 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7926 # and time zone are either specified elsewhere or are not significant. The date 7927 # is relative to the Proleptic Gregorian Calendar. This can represent: 7928 # 7929 # * A full date, with non-zero year, month and day values 7930 # * A month and day value, with a zero year, e.g. an anniversary 7931 # * A year on its own, with zero month and day values 7932 # * A year and month value, with a zero day, e.g. a credit card expiration date 7933 # 7934 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7935 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7936 # a year. 7937 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7938 # if specifying a year by itself or a year and month where the day is not 7939 # significant. 7940 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7941 # month and day. 7942 }, 7943 "stringValue": "A String", 7944 "booleanValue": True or False, 7945 "integerValue": "A String", 7946 }, 7947 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 7948 # grouped together into a single bucket; for example if `upper_bound` = 89, 7949 # then all values greater than 89 are replaced with the value “89+”. 7950 # [Required]. 7951 # Note that for the purposes of inspection or transformation, the number 7952 # of bytes considered to comprise a 'Value' is based on its representation 7953 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 7954 # 123456789, the number of bytes would be counted as 9, even though an 7955 # int64 only holds up to 8 bytes of data. 7956 "floatValue": 3.14, 7957 "timestampValue": "A String", 7958 "dayOfWeekValue": "A String", 7959 "timeValue": { # Represents a time of day. The date and time zone are either not significant 7960 # or are specified elsewhere. An API may choose to allow leap seconds. Related 7961 # types are google.type.Date and `google.protobuf.Timestamp`. 7962 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 7963 # to allow the value "24:00:00" for scenarios like business closing time. 7964 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 7965 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 7966 # allow the value 60 if it allows leap-seconds. 7967 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 7968 }, 7969 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 7970 # and time zone are either specified elsewhere or are not significant. The date 7971 # is relative to the Proleptic Gregorian Calendar. This can represent: 7972 # 7973 # * A full date, with non-zero year, month and day values 7974 # * A month and day value, with a zero year, e.g. an anniversary 7975 # * A year on its own, with zero month and day values 7976 # * A year and month value, with a zero day, e.g. a credit card expiration date 7977 # 7978 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 7979 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 7980 # a year. 7981 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 7982 # if specifying a year by itself or a year and month where the day is not 7983 # significant. 7984 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 7985 # month and day. 7986 }, 7987 "stringValue": "A String", 7988 "booleanValue": True or False, 7989 "integerValue": "A String", 7990 }, 7991 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 7992 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 7993 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 7994 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 7995 }, 7996 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 7997 }, 7998 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 7999 # portion of the value. 8000 "partToExtract": "A String", 8001 }, 8002 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 8003 # Uses SHA-256. 8004 # The key size must be either 32 or 64 bytes. 8005 # Outputs a base64 encoded representation of the hashed output 8006 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 8007 # Currently, only string and integer values can be hashed. 8008 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 8009 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 8010 # a key encryption key (KEK) stored by KMS). 8011 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8012 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8013 # unwrap the data crypto key. 8014 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8015 # The wrapped key must be a 128/192/256 bit key. 8016 # Authorization requires the following IAM permissions when sending a request 8017 # to perform a crypto transformation using a kms-wrapped crypto key: 8018 # dlp.kms.encrypt 8019 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8020 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8021 }, 8022 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8023 # leaking the key. Choose another type of key if possible. 8024 "key": "A String", # A 128/192/256 bit key. [required] 8025 }, 8026 "transient": { # Use this to have a random data crypto key generated. 8027 # It will be discarded after the request finishes. 8028 "name": "A String", # Name of the key. [required] 8029 # This is an arbitrary string used to differentiate different keys. 8030 # A unique key is generated per name: two separate `TransientCryptoKey` 8031 # protos share the same generated key if their names are the same. 8032 # When the data crypto key is generated, this name is not used in any way 8033 # (repeating the api call will result in a different key being generated). 8034 }, 8035 }, 8036 }, 8037 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 8038 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 8039 # to learn more. 8040 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 8041 # results in the same shift for the same context and crypto_key. 8042 # a key encryption key (KEK) stored by KMS). 8043 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8044 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8045 # unwrap the data crypto key. 8046 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8047 # The wrapped key must be a 128/192/256 bit key. 8048 # Authorization requires the following IAM permissions when sending a request 8049 # to perform a crypto transformation using a kms-wrapped crypto key: 8050 # dlp.kms.encrypt 8051 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8052 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8053 }, 8054 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8055 # leaking the key. Choose another type of key if possible. 8056 "key": "A String", # A 128/192/256 bit key. [required] 8057 }, 8058 "transient": { # Use this to have a random data crypto key generated. 8059 # It will be discarded after the request finishes. 8060 "name": "A String", # Name of the key. [required] 8061 # This is an arbitrary string used to differentiate different keys. 8062 # A unique key is generated per name: two separate `TransientCryptoKey` 8063 # protos share the same generated key if their names are the same. 8064 # When the data crypto key is generated, this name is not used in any way 8065 # (repeating the api call will result in a different key being generated). 8066 }, 8067 }, 8068 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 8069 # [Required] 8070 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 8071 # range (inclusive ends). Negative means shift to earlier in time. Must not 8072 # be more than 365250 days (1000 years) each direction. 8073 # 8074 # For example, 3 means shift date to at most 3 days into the future. 8075 # [Required] 8076 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 8077 # If set, must also set method. If set, shift will be consistent for the 8078 # given context. 8079 "name": "A String", # Name describing the field. 8080 }, 8081 }, 8082 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 8083 # replacement values are dynamically provided by the user for custom behavior, 8084 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 8085 # This can be used on 8086 # data of type: number, long, string, timestamp. 8087 # If the bound `Value` type differs from the type of data being transformed, we 8088 # will first attempt converting the type of the data to be transformed to match 8089 # the type of the bound before comparing. 8090 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 8091 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 8092 { # Bucket is represented as a range, along with replacement values. 8093 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 8094 # Note that for the purposes of inspection or transformation, the number 8095 # of bytes considered to comprise a 'Value' is based on its representation 8096 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8097 # 123456789, the number of bytes would be counted as 9, even though an 8098 # int64 only holds up to 8 bytes of data. 8099 "floatValue": 3.14, 8100 "timestampValue": "A String", 8101 "dayOfWeekValue": "A String", 8102 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8103 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8104 # types are google.type.Date and `google.protobuf.Timestamp`. 8105 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8106 # to allow the value "24:00:00" for scenarios like business closing time. 8107 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8108 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8109 # allow the value 60 if it allows leap-seconds. 8110 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8111 }, 8112 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8113 # and time zone are either specified elsewhere or are not significant. The date 8114 # is relative to the Proleptic Gregorian Calendar. This can represent: 8115 # 8116 # * A full date, with non-zero year, month and day values 8117 # * A month and day value, with a zero year, e.g. an anniversary 8118 # * A year on its own, with zero month and day values 8119 # * A year and month value, with a zero day, e.g. a credit card expiration date 8120 # 8121 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8122 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8123 # a year. 8124 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8125 # if specifying a year by itself or a year and month where the day is not 8126 # significant. 8127 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8128 # month and day. 8129 }, 8130 "stringValue": "A String", 8131 "booleanValue": True or False, 8132 "integerValue": "A String", 8133 }, 8134 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 8135 # the default behavior will be to hyphenate the min-max range. 8136 # Note that for the purposes of inspection or transformation, the number 8137 # of bytes considered to comprise a 'Value' is based on its representation 8138 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8139 # 123456789, the number of bytes would be counted as 9, even though an 8140 # int64 only holds up to 8 bytes of data. 8141 "floatValue": 3.14, 8142 "timestampValue": "A String", 8143 "dayOfWeekValue": "A String", 8144 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8145 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8146 # types are google.type.Date and `google.protobuf.Timestamp`. 8147 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8148 # to allow the value "24:00:00" for scenarios like business closing time. 8149 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8150 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8151 # allow the value 60 if it allows leap-seconds. 8152 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8153 }, 8154 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8155 # and time zone are either specified elsewhere or are not significant. The date 8156 # is relative to the Proleptic Gregorian Calendar. This can represent: 8157 # 8158 # * A full date, with non-zero year, month and day values 8159 # * A month and day value, with a zero year, e.g. an anniversary 8160 # * A year on its own, with zero month and day values 8161 # * A year and month value, with a zero day, e.g. a credit card expiration date 8162 # 8163 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8164 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8165 # a year. 8166 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8167 # if specifying a year by itself or a year and month where the day is not 8168 # significant. 8169 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8170 # month and day. 8171 }, 8172 "stringValue": "A String", 8173 "booleanValue": True or False, 8174 "integerValue": "A String", 8175 }, 8176 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 8177 # used. 8178 # Note that for the purposes of inspection or transformation, the number 8179 # of bytes considered to comprise a 'Value' is based on its representation 8180 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8181 # 123456789, the number of bytes would be counted as 9, even though an 8182 # int64 only holds up to 8 bytes of data. 8183 "floatValue": 3.14, 8184 "timestampValue": "A String", 8185 "dayOfWeekValue": "A String", 8186 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8187 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8188 # types are google.type.Date and `google.protobuf.Timestamp`. 8189 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8190 # to allow the value "24:00:00" for scenarios like business closing time. 8191 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8192 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8193 # allow the value 60 if it allows leap-seconds. 8194 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8195 }, 8196 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8197 # and time zone are either specified elsewhere or are not significant. The date 8198 # is relative to the Proleptic Gregorian Calendar. This can represent: 8199 # 8200 # * A full date, with non-zero year, month and day values 8201 # * A month and day value, with a zero year, e.g. an anniversary 8202 # * A year on its own, with zero month and day values 8203 # * A year and month value, with a zero day, e.g. a credit card expiration date 8204 # 8205 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8206 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8207 # a year. 8208 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8209 # if specifying a year by itself or a year and month where the day is not 8210 # significant. 8211 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8212 # month and day. 8213 }, 8214 "stringValue": "A String", 8215 "booleanValue": True or False, 8216 "integerValue": "A String", 8217 }, 8218 }, 8219 ], 8220 }, 8221 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 8222 # (FPE) with the FFX mode of operation; however when used in the 8223 # `ReidentifyContent` API method, it serves the opposite function by reversing 8224 # the surrogate back into the original identifier. The identifier must be 8225 # encoded as ASCII. For a given crypto key and context, the same identifier 8226 # will be replaced with the same surrogate. Identifiers must be at least two 8227 # characters long. In the case that the identifier is the empty string, it will 8228 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 8229 # more. 8230 # 8231 # Note: We recommend using CryptoDeterministicConfig for all use cases which 8232 # do not require preserving the input alphabet space and size, plus warrant 8233 # referential integrity. 8234 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 8235 # a key encryption key (KEK) stored by KMS). 8236 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8237 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8238 # unwrap the data crypto key. 8239 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8240 # The wrapped key must be a 128/192/256 bit key. 8241 # Authorization requires the following IAM permissions when sending a request 8242 # to perform a crypto transformation using a kms-wrapped crypto key: 8243 # dlp.kms.encrypt 8244 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8245 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8246 }, 8247 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8248 # leaking the key. Choose another type of key if possible. 8249 "key": "A String", # A 128/192/256 bit key. [required] 8250 }, 8251 "transient": { # Use this to have a random data crypto key generated. 8252 # It will be discarded after the request finishes. 8253 "name": "A String", # Name of the key. [required] 8254 # This is an arbitrary string used to differentiate different keys. 8255 # A unique key is generated per name: two separate `TransientCryptoKey` 8256 # protos share the same generated key if their names are the same. 8257 # When the data crypto key is generated, this name is not used in any way 8258 # (repeating the api call will result in a different key being generated). 8259 }, 8260 }, 8261 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 8262 "commonAlphabet": "A String", 8263 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 8264 # that the FFX mode natively supports. This happens before/after 8265 # encryption/decryption. 8266 # Each character listed must appear only once. 8267 # Number of characters must be in the range [2, 62]. 8268 # This must be encoded as ASCII. 8269 # The order of characters does not matter. 8270 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 8271 # identifier in two different contexts won't be given the same surrogate. If 8272 # the context is not set, a default tweak will be used. 8273 # 8274 # If the context is set but: 8275 # 8276 # 1. there is no record present when transforming a given value or 8277 # 1. the field is not present when transforming a given value, 8278 # 8279 # a default tweak will be used. 8280 # 8281 # Note that case (1) is expected when an `InfoTypeTransformation` is 8282 # applied to both structured and non-structured `ContentItem`s. 8283 # Currently, the referenced field may be of value type integer or string. 8284 # 8285 # The tweak is constructed as a sequence of bytes in big endian byte order 8286 # such that: 8287 # 8288 # - a 64 bit integer is encoded followed by a single byte of value 1 8289 # - a string is encoded in UTF-8 format followed by a single byte of value 2 8290 "name": "A String", # Name describing the field. 8291 }, 8292 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 8293 # This annotation will be applied to the surrogate by prefixing it with 8294 # the name of the custom infoType followed by the number of 8295 # characters comprising the surrogate. The following scheme defines the 8296 # format: info_type_name(surrogate_character_count):surrogate 8297 # 8298 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 8299 # the surrogate is 'abc', the full replacement value 8300 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8301 # 8302 # This annotation identifies the surrogate when inspecting content using the 8303 # custom infoType 8304 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 8305 # This facilitates reversal of the surrogate when it occurs in free text. 8306 # 8307 # In order for inspection to work properly, the name of this infoType must 8308 # not occur naturally anywhere in your data; otherwise, inspection may 8309 # find a surrogate that does not correspond to an actual identifier. 8310 # Therefore, choose your custom infoType name carefully after considering 8311 # what your data looks like. One way to select a name that has a high chance 8312 # of yielding reliable detection is to include one or more unicode characters 8313 # that are highly improbable to exist in your data. 8314 # For example, assuming your data is entered from a regular ASCII keyboard, 8315 # the symbol with the hex code point 29DD might be used like so: 8316 # ⧝MY_TOKEN_TYPE 8317 "name": "A String", # Name of the information type. Either a name of your choosing when 8318 # creating a CustomInfoType, or one of the names listed 8319 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8320 # a built-in type. InfoType names should conform to the pattern 8321 # [a-zA-Z0-9_]{1,64}. 8322 }, 8323 }, 8324 "replaceConfig": { # Replace each input value with a given `Value`. 8325 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 8326 # Note that for the purposes of inspection or transformation, the number 8327 # of bytes considered to comprise a 'Value' is based on its representation 8328 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8329 # 123456789, the number of bytes would be counted as 9, even though an 8330 # int64 only holds up to 8 bytes of data. 8331 "floatValue": 3.14, 8332 "timestampValue": "A String", 8333 "dayOfWeekValue": "A String", 8334 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8335 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8336 # types are google.type.Date and `google.protobuf.Timestamp`. 8337 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8338 # to allow the value "24:00:00" for scenarios like business closing time. 8339 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8340 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8341 # allow the value 60 if it allows leap-seconds. 8342 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8343 }, 8344 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8345 # and time zone are either specified elsewhere or are not significant. The date 8346 # is relative to the Proleptic Gregorian Calendar. This can represent: 8347 # 8348 # * A full date, with non-zero year, month and day values 8349 # * A month and day value, with a zero year, e.g. an anniversary 8350 # * A year on its own, with zero month and day values 8351 # * A year and month value, with a zero day, e.g. a credit card expiration date 8352 # 8353 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8354 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8355 # a year. 8356 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8357 # if specifying a year by itself or a year and month where the day is not 8358 # significant. 8359 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8360 # month and day. 8361 }, 8362 "stringValue": "A String", 8363 "booleanValue": True or False, 8364 "integerValue": "A String", 8365 }, 8366 }, 8367 }, 8368 "infoTypes": [ # InfoTypes to apply the transformation to. An empty list will cause 8369 # this transformation to apply to all findings that correspond to 8370 # infoTypes that were requested in `InspectConfig`. 8371 { # Type of information detected by the API. 8372 "name": "A String", # Name of the information type. Either a name of your choosing when 8373 # creating a CustomInfoType, or one of the names listed 8374 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8375 # a built-in type. InfoType names should conform to the pattern 8376 # [a-zA-Z0-9_]{1,64}. 8377 }, 8378 ], 8379 }, 8380 ], 8381 }, 8382 "primitiveTransformation": { # A rule for transforming a value. # Apply the transformation to the entire field. 8383 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 8384 # fixed character. Masking can start from the beginning or end of the string. 8385 # This can be used on data of any type (numbers, longs, and so on) and when 8386 # de-identifying structured data we'll attempt to preserve the original data's 8387 # type. (This allows you to take a long like 123 and modify it to a string like 8388 # **3. 8389 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 8390 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 8391 # mask 5 chars with * we would produce ***-*55-5555. 8392 { # Characters to skip when doing deidentification of a value. These will be left 8393 # alone and skipped. 8394 "commonCharactersToIgnore": "A String", 8395 "charactersToSkip": "A String", 8396 }, 8397 ], 8398 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 8399 # masked. Skipped characters do not count towards this tally. 8400 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 8401 # alphabetic string such as name, or "0" for a numeric string such as ZIP 8402 # code or credit card number. String must have length 1. If not supplied, we 8403 # will default to "*" for strings, 0 for digits. 8404 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 8405 # '0', number_to_mask is 14, and `reverse_order` is false, then 8406 # 1234-5678-9012-3456 -> 00000000000000-3456 8407 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 8408 # is true, then 12345 -> 12*** 8409 }, 8410 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 8411 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 8412 # output would be 'My phone number is '. 8413 }, 8414 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 8415 # input. Outputs a base64 encoded representation of the encrypted output. 8416 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 8417 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 8418 # a key encryption key (KEK) stored by KMS). 8419 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8420 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8421 # unwrap the data crypto key. 8422 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8423 # The wrapped key must be a 128/192/256 bit key. 8424 # Authorization requires the following IAM permissions when sending a request 8425 # to perform a crypto transformation using a kms-wrapped crypto key: 8426 # dlp.kms.encrypt 8427 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8428 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8429 }, 8430 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8431 # leaking the key. Choose another type of key if possible. 8432 "key": "A String", # A 128/192/256 bit key. [required] 8433 }, 8434 "transient": { # Use this to have a random data crypto key generated. 8435 # It will be discarded after the request finishes. 8436 "name": "A String", # Name of the key. [required] 8437 # This is an arbitrary string used to differentiate different keys. 8438 # A unique key is generated per name: two separate `TransientCryptoKey` 8439 # protos share the same generated key if their names are the same. 8440 # When the data crypto key is generated, this name is not used in any way 8441 # (repeating the api call will result in a different key being generated). 8442 }, 8443 }, 8444 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 8445 # referential integrity such that the same identifier in two different 8446 # contexts will be given a distinct surrogate. The context is appended to 8447 # plaintext value being encrypted. On decryption the provided context is 8448 # validated against the value used during encryption. If a context was 8449 # provided during encryption, same context must be provided during decryption 8450 # as well. 8451 # 8452 # If the context is not set, plaintext would be used as is for encryption. 8453 # If the context is set but: 8454 # 8455 # 1. there is no record present when transforming a given value or 8456 # 2. the field is not present when transforming a given value, 8457 # 8458 # plaintext would be used as is for encryption. 8459 # 8460 # Note that case (1) is expected when an `InfoTypeTransformation` is 8461 # applied to both structured and non-structured `ContentItem`s. 8462 "name": "A String", # Name describing the field. 8463 }, 8464 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 8465 # This annotation will be applied to the surrogate by prefixing it with 8466 # the name of the custom info type followed by the number of 8467 # characters comprising the surrogate. The following scheme defines the 8468 # format: <info type name>(<surrogate character count>):<surrogate> 8469 # 8470 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 8471 # the surrogate is 'abc', the full replacement value 8472 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8473 # 8474 # This annotation identifies the surrogate when inspecting content using the 8475 # custom info type 'Surrogate'. This facilitates reversal of the 8476 # surrogate when it occurs in free text. 8477 # 8478 # In order for inspection to work properly, the name of this info type must 8479 # not occur naturally anywhere in your data; otherwise, inspection may either 8480 # 8481 # - reverse a surrogate that does not correspond to an actual identifier 8482 # - be unable to parse the surrogate and result in an error 8483 # 8484 # Therefore, choose your custom info type name carefully after considering 8485 # what your data looks like. One way to select a name that has a high chance 8486 # of yielding reliable detection is to include one or more unicode characters 8487 # that are highly improbable to exist in your data. 8488 # For example, assuming your data is entered from a regular ASCII keyboard, 8489 # the symbol with the hex code point 29DD might be used like so: 8490 # ⧝MY_TOKEN_TYPE 8491 "name": "A String", # Name of the information type. Either a name of your choosing when 8492 # creating a CustomInfoType, or one of the names listed 8493 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8494 # a built-in type. InfoType names should conform to the pattern 8495 # [a-zA-Z0-9_]{1,64}. 8496 }, 8497 }, 8498 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 8499 # Bucketing transformation can provide all of this functionality, 8500 # but requires more configuration. This message is provided as a convenience to 8501 # the user for simple bucketing strategies. 8502 # 8503 # The transformed value will be a hyphenated string of 8504 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 8505 # all values that are within this bucket will be replaced with "10-20". 8506 # 8507 # This can be used on data of type: double, long. 8508 # 8509 # If the bound Value type differs from the type of data 8510 # being transformed, we will first attempt converting the type of the data to 8511 # be transformed to match the type of the bound before comparing. 8512 # 8513 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 8514 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 8515 # grouped together into a single bucket; for example if `lower_bound` = 10, 8516 # then all values less than 10 are replaced with the value “-10”. [Required]. 8517 # Note that for the purposes of inspection or transformation, the number 8518 # of bytes considered to comprise a 'Value' is based on its representation 8519 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8520 # 123456789, the number of bytes would be counted as 9, even though an 8521 # int64 only holds up to 8 bytes of data. 8522 "floatValue": 3.14, 8523 "timestampValue": "A String", 8524 "dayOfWeekValue": "A String", 8525 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8526 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8527 # types are google.type.Date and `google.protobuf.Timestamp`. 8528 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8529 # to allow the value "24:00:00" for scenarios like business closing time. 8530 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8531 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8532 # allow the value 60 if it allows leap-seconds. 8533 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8534 }, 8535 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8536 # and time zone are either specified elsewhere or are not significant. The date 8537 # is relative to the Proleptic Gregorian Calendar. This can represent: 8538 # 8539 # * A full date, with non-zero year, month and day values 8540 # * A month and day value, with a zero year, e.g. an anniversary 8541 # * A year on its own, with zero month and day values 8542 # * A year and month value, with a zero day, e.g. a credit card expiration date 8543 # 8544 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8545 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8546 # a year. 8547 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8548 # if specifying a year by itself or a year and month where the day is not 8549 # significant. 8550 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8551 # month and day. 8552 }, 8553 "stringValue": "A String", 8554 "booleanValue": True or False, 8555 "integerValue": "A String", 8556 }, 8557 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 8558 # grouped together into a single bucket; for example if `upper_bound` = 89, 8559 # then all values greater than 89 are replaced with the value “89+”. 8560 # [Required]. 8561 # Note that for the purposes of inspection or transformation, the number 8562 # of bytes considered to comprise a 'Value' is based on its representation 8563 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8564 # 123456789, the number of bytes would be counted as 9, even though an 8565 # int64 only holds up to 8 bytes of data. 8566 "floatValue": 3.14, 8567 "timestampValue": "A String", 8568 "dayOfWeekValue": "A String", 8569 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8570 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8571 # types are google.type.Date and `google.protobuf.Timestamp`. 8572 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8573 # to allow the value "24:00:00" for scenarios like business closing time. 8574 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8575 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8576 # allow the value 60 if it allows leap-seconds. 8577 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8578 }, 8579 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8580 # and time zone are either specified elsewhere or are not significant. The date 8581 # is relative to the Proleptic Gregorian Calendar. This can represent: 8582 # 8583 # * A full date, with non-zero year, month and day values 8584 # * A month and day value, with a zero year, e.g. an anniversary 8585 # * A year on its own, with zero month and day values 8586 # * A year and month value, with a zero day, e.g. a credit card expiration date 8587 # 8588 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8589 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8590 # a year. 8591 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8592 # if specifying a year by itself or a year and month where the day is not 8593 # significant. 8594 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8595 # month and day. 8596 }, 8597 "stringValue": "A String", 8598 "booleanValue": True or False, 8599 "integerValue": "A String", 8600 }, 8601 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 8602 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 8603 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 8604 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 8605 }, 8606 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 8607 }, 8608 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 8609 # portion of the value. 8610 "partToExtract": "A String", 8611 }, 8612 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 8613 # Uses SHA-256. 8614 # The key size must be either 32 or 64 bytes. 8615 # Outputs a base64 encoded representation of the hashed output 8616 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 8617 # Currently, only string and integer values can be hashed. 8618 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 8619 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 8620 # a key encryption key (KEK) stored by KMS). 8621 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8622 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8623 # unwrap the data crypto key. 8624 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8625 # The wrapped key must be a 128/192/256 bit key. 8626 # Authorization requires the following IAM permissions when sending a request 8627 # to perform a crypto transformation using a kms-wrapped crypto key: 8628 # dlp.kms.encrypt 8629 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8630 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8631 }, 8632 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8633 # leaking the key. Choose another type of key if possible. 8634 "key": "A String", # A 128/192/256 bit key. [required] 8635 }, 8636 "transient": { # Use this to have a random data crypto key generated. 8637 # It will be discarded after the request finishes. 8638 "name": "A String", # Name of the key. [required] 8639 # This is an arbitrary string used to differentiate different keys. 8640 # A unique key is generated per name: two separate `TransientCryptoKey` 8641 # protos share the same generated key if their names are the same. 8642 # When the data crypto key is generated, this name is not used in any way 8643 # (repeating the api call will result in a different key being generated). 8644 }, 8645 }, 8646 }, 8647 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 8648 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 8649 # to learn more. 8650 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 8651 # results in the same shift for the same context and crypto_key. 8652 # a key encryption key (KEK) stored by KMS). 8653 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8654 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8655 # unwrap the data crypto key. 8656 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8657 # The wrapped key must be a 128/192/256 bit key. 8658 # Authorization requires the following IAM permissions when sending a request 8659 # to perform a crypto transformation using a kms-wrapped crypto key: 8660 # dlp.kms.encrypt 8661 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8662 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8663 }, 8664 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8665 # leaking the key. Choose another type of key if possible. 8666 "key": "A String", # A 128/192/256 bit key. [required] 8667 }, 8668 "transient": { # Use this to have a random data crypto key generated. 8669 # It will be discarded after the request finishes. 8670 "name": "A String", # Name of the key. [required] 8671 # This is an arbitrary string used to differentiate different keys. 8672 # A unique key is generated per name: two separate `TransientCryptoKey` 8673 # protos share the same generated key if their names are the same. 8674 # When the data crypto key is generated, this name is not used in any way 8675 # (repeating the api call will result in a different key being generated). 8676 }, 8677 }, 8678 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 8679 # [Required] 8680 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 8681 # range (inclusive ends). Negative means shift to earlier in time. Must not 8682 # be more than 365250 days (1000 years) each direction. 8683 # 8684 # For example, 3 means shift date to at most 3 days into the future. 8685 # [Required] 8686 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 8687 # If set, must also set method. If set, shift will be consistent for the 8688 # given context. 8689 "name": "A String", # Name describing the field. 8690 }, 8691 }, 8692 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 8693 # replacement values are dynamically provided by the user for custom behavior, 8694 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 8695 # This can be used on 8696 # data of type: number, long, string, timestamp. 8697 # If the bound `Value` type differs from the type of data being transformed, we 8698 # will first attempt converting the type of the data to be transformed to match 8699 # the type of the bound before comparing. 8700 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 8701 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 8702 { # Bucket is represented as a range, along with replacement values. 8703 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 8704 # Note that for the purposes of inspection or transformation, the number 8705 # of bytes considered to comprise a 'Value' is based on its representation 8706 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8707 # 123456789, the number of bytes would be counted as 9, even though an 8708 # int64 only holds up to 8 bytes of data. 8709 "floatValue": 3.14, 8710 "timestampValue": "A String", 8711 "dayOfWeekValue": "A String", 8712 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8713 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8714 # types are google.type.Date and `google.protobuf.Timestamp`. 8715 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8716 # to allow the value "24:00:00" for scenarios like business closing time. 8717 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8718 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8719 # allow the value 60 if it allows leap-seconds. 8720 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8721 }, 8722 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8723 # and time zone are either specified elsewhere or are not significant. The date 8724 # is relative to the Proleptic Gregorian Calendar. This can represent: 8725 # 8726 # * A full date, with non-zero year, month and day values 8727 # * A month and day value, with a zero year, e.g. an anniversary 8728 # * A year on its own, with zero month and day values 8729 # * A year and month value, with a zero day, e.g. a credit card expiration date 8730 # 8731 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8732 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8733 # a year. 8734 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8735 # if specifying a year by itself or a year and month where the day is not 8736 # significant. 8737 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8738 # month and day. 8739 }, 8740 "stringValue": "A String", 8741 "booleanValue": True or False, 8742 "integerValue": "A String", 8743 }, 8744 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 8745 # the default behavior will be to hyphenate the min-max range. 8746 # Note that for the purposes of inspection or transformation, the number 8747 # of bytes considered to comprise a 'Value' is based on its representation 8748 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8749 # 123456789, the number of bytes would be counted as 9, even though an 8750 # int64 only holds up to 8 bytes of data. 8751 "floatValue": 3.14, 8752 "timestampValue": "A String", 8753 "dayOfWeekValue": "A String", 8754 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8755 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8756 # types are google.type.Date and `google.protobuf.Timestamp`. 8757 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8758 # to allow the value "24:00:00" for scenarios like business closing time. 8759 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8760 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8761 # allow the value 60 if it allows leap-seconds. 8762 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8763 }, 8764 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8765 # and time zone are either specified elsewhere or are not significant. The date 8766 # is relative to the Proleptic Gregorian Calendar. This can represent: 8767 # 8768 # * A full date, with non-zero year, month and day values 8769 # * A month and day value, with a zero year, e.g. an anniversary 8770 # * A year on its own, with zero month and day values 8771 # * A year and month value, with a zero day, e.g. a credit card expiration date 8772 # 8773 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8774 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8775 # a year. 8776 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8777 # if specifying a year by itself or a year and month where the day is not 8778 # significant. 8779 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8780 # month and day. 8781 }, 8782 "stringValue": "A String", 8783 "booleanValue": True or False, 8784 "integerValue": "A String", 8785 }, 8786 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 8787 # used. 8788 # Note that for the purposes of inspection or transformation, the number 8789 # of bytes considered to comprise a 'Value' is based on its representation 8790 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8791 # 123456789, the number of bytes would be counted as 9, even though an 8792 # int64 only holds up to 8 bytes of data. 8793 "floatValue": 3.14, 8794 "timestampValue": "A String", 8795 "dayOfWeekValue": "A String", 8796 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8797 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8798 # types are google.type.Date and `google.protobuf.Timestamp`. 8799 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8800 # to allow the value "24:00:00" for scenarios like business closing time. 8801 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8802 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8803 # allow the value 60 if it allows leap-seconds. 8804 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8805 }, 8806 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8807 # and time zone are either specified elsewhere or are not significant. The date 8808 # is relative to the Proleptic Gregorian Calendar. This can represent: 8809 # 8810 # * A full date, with non-zero year, month and day values 8811 # * A month and day value, with a zero year, e.g. an anniversary 8812 # * A year on its own, with zero month and day values 8813 # * A year and month value, with a zero day, e.g. a credit card expiration date 8814 # 8815 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8816 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8817 # a year. 8818 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8819 # if specifying a year by itself or a year and month where the day is not 8820 # significant. 8821 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8822 # month and day. 8823 }, 8824 "stringValue": "A String", 8825 "booleanValue": True or False, 8826 "integerValue": "A String", 8827 }, 8828 }, 8829 ], 8830 }, 8831 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 8832 # (FPE) with the FFX mode of operation; however when used in the 8833 # `ReidentifyContent` API method, it serves the opposite function by reversing 8834 # the surrogate back into the original identifier. The identifier must be 8835 # encoded as ASCII. For a given crypto key and context, the same identifier 8836 # will be replaced with the same surrogate. Identifiers must be at least two 8837 # characters long. In the case that the identifier is the empty string, it will 8838 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 8839 # more. 8840 # 8841 # Note: We recommend using CryptoDeterministicConfig for all use cases which 8842 # do not require preserving the input alphabet space and size, plus warrant 8843 # referential integrity. 8844 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 8845 # a key encryption key (KEK) stored by KMS). 8846 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 8847 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 8848 # unwrap the data crypto key. 8849 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 8850 # The wrapped key must be a 128/192/256 bit key. 8851 # Authorization requires the following IAM permissions when sending a request 8852 # to perform a crypto transformation using a kms-wrapped crypto key: 8853 # dlp.kms.encrypt 8854 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 8855 "wrappedKey": "A String", # The wrapped data crypto key. [required] 8856 }, 8857 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 8858 # leaking the key. Choose another type of key if possible. 8859 "key": "A String", # A 128/192/256 bit key. [required] 8860 }, 8861 "transient": { # Use this to have a random data crypto key generated. 8862 # It will be discarded after the request finishes. 8863 "name": "A String", # Name of the key. [required] 8864 # This is an arbitrary string used to differentiate different keys. 8865 # A unique key is generated per name: two separate `TransientCryptoKey` 8866 # protos share the same generated key if their names are the same. 8867 # When the data crypto key is generated, this name is not used in any way 8868 # (repeating the api call will result in a different key being generated). 8869 }, 8870 }, 8871 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 8872 "commonAlphabet": "A String", 8873 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 8874 # that the FFX mode natively supports. This happens before/after 8875 # encryption/decryption. 8876 # Each character listed must appear only once. 8877 # Number of characters must be in the range [2, 62]. 8878 # This must be encoded as ASCII. 8879 # The order of characters does not matter. 8880 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 8881 # identifier in two different contexts won't be given the same surrogate. If 8882 # the context is not set, a default tweak will be used. 8883 # 8884 # If the context is set but: 8885 # 8886 # 1. there is no record present when transforming a given value or 8887 # 1. the field is not present when transforming a given value, 8888 # 8889 # a default tweak will be used. 8890 # 8891 # Note that case (1) is expected when an `InfoTypeTransformation` is 8892 # applied to both structured and non-structured `ContentItem`s. 8893 # Currently, the referenced field may be of value type integer or string. 8894 # 8895 # The tweak is constructed as a sequence of bytes in big endian byte order 8896 # such that: 8897 # 8898 # - a 64 bit integer is encoded followed by a single byte of value 1 8899 # - a string is encoded in UTF-8 format followed by a single byte of value 2 8900 "name": "A String", # Name describing the field. 8901 }, 8902 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 8903 # This annotation will be applied to the surrogate by prefixing it with 8904 # the name of the custom infoType followed by the number of 8905 # characters comprising the surrogate. The following scheme defines the 8906 # format: info_type_name(surrogate_character_count):surrogate 8907 # 8908 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 8909 # the surrogate is 'abc', the full replacement value 8910 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 8911 # 8912 # This annotation identifies the surrogate when inspecting content using the 8913 # custom infoType 8914 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 8915 # This facilitates reversal of the surrogate when it occurs in free text. 8916 # 8917 # In order for inspection to work properly, the name of this infoType must 8918 # not occur naturally anywhere in your data; otherwise, inspection may 8919 # find a surrogate that does not correspond to an actual identifier. 8920 # Therefore, choose your custom infoType name carefully after considering 8921 # what your data looks like. One way to select a name that has a high chance 8922 # of yielding reliable detection is to include one or more unicode characters 8923 # that are highly improbable to exist in your data. 8924 # For example, assuming your data is entered from a regular ASCII keyboard, 8925 # the symbol with the hex code point 29DD might be used like so: 8926 # ⧝MY_TOKEN_TYPE 8927 "name": "A String", # Name of the information type. Either a name of your choosing when 8928 # creating a CustomInfoType, or one of the names listed 8929 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 8930 # a built-in type. InfoType names should conform to the pattern 8931 # [a-zA-Z0-9_]{1,64}. 8932 }, 8933 }, 8934 "replaceConfig": { # Replace each input value with a given `Value`. 8935 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 8936 # Note that for the purposes of inspection or transformation, the number 8937 # of bytes considered to comprise a 'Value' is based on its representation 8938 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 8939 # 123456789, the number of bytes would be counted as 9, even though an 8940 # int64 only holds up to 8 bytes of data. 8941 "floatValue": 3.14, 8942 "timestampValue": "A String", 8943 "dayOfWeekValue": "A String", 8944 "timeValue": { # Represents a time of day. The date and time zone are either not significant 8945 # or are specified elsewhere. An API may choose to allow leap seconds. Related 8946 # types are google.type.Date and `google.protobuf.Timestamp`. 8947 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 8948 # to allow the value "24:00:00" for scenarios like business closing time. 8949 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 8950 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 8951 # allow the value 60 if it allows leap-seconds. 8952 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 8953 }, 8954 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 8955 # and time zone are either specified elsewhere or are not significant. The date 8956 # is relative to the Proleptic Gregorian Calendar. This can represent: 8957 # 8958 # * A full date, with non-zero year, month and day values 8959 # * A month and day value, with a zero year, e.g. an anniversary 8960 # * A year on its own, with zero month and day values 8961 # * A year and month value, with a zero day, e.g. a credit card expiration date 8962 # 8963 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 8964 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 8965 # a year. 8966 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 8967 # if specifying a year by itself or a year and month where the day is not 8968 # significant. 8969 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 8970 # month and day. 8971 }, 8972 "stringValue": "A String", 8973 "booleanValue": True or False, 8974 "integerValue": "A String", 8975 }, 8976 }, 8977 }, 8978 "condition": { # A condition for determining whether a transformation should be applied to # Only apply the transformation if the condition evaluates to true for the 8979 # given `RecordCondition`. The conditions are allowed to reference fields 8980 # that are not used in the actual transformation. [optional] 8981 # 8982 # Example Use Cases: 8983 # 8984 # - Apply a different bucket transformation to an age column if the zip code 8985 # column for the same record is within a specific range. 8986 # - Redact a field if the date of birth field is greater than 85. 8987 # a field. 8988 "expressions": { # An expression, consisting or an operator and conditions. # An expression. 8989 "conditions": { # A collection of conditions. 8990 "conditions": [ 8991 { # The field type of `value` and `field` do not need to match to be 8992 # considered equal, but not all comparisons are possible. 8993 # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, 8994 # but all other comparisons are invalid with incompatible types. 8995 # A `value` of type: 8996 # 8997 # - `string` can be compared against all other types 8998 # - `boolean` can only be compared against other booleans 8999 # - `integer` can be compared against doubles or a string if the string value 9000 # can be parsed as an integer. 9001 # - `double` can be compared against integers or a string if the string can 9002 # be parsed as a double. 9003 # - `Timestamp` can be compared against strings in RFC 3339 date string 9004 # format. 9005 # - `TimeOfDay` can be compared against timestamps and strings in the format 9006 # of 'HH:mm:ss'. 9007 # 9008 # If we fail to compare do to type mismatch, a warning will be given and 9009 # the condition will evaluate to false. 9010 "operator": "A String", # Operator used to compare the field or infoType to the value. [required] 9011 "field": { # General identifier of a data field in a storage service. # Field within the record this condition is evaluated against. [required] 9012 "name": "A String", # Name describing the field. 9013 }, 9014 "value": { # Set of primitive values supported by the system. # Value to compare against. [Required, except for `EXISTS` tests.] 9015 # Note that for the purposes of inspection or transformation, the number 9016 # of bytes considered to comprise a 'Value' is based on its representation 9017 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9018 # 123456789, the number of bytes would be counted as 9, even though an 9019 # int64 only holds up to 8 bytes of data. 9020 "floatValue": 3.14, 9021 "timestampValue": "A String", 9022 "dayOfWeekValue": "A String", 9023 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9024 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9025 # types are google.type.Date and `google.protobuf.Timestamp`. 9026 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9027 # to allow the value "24:00:00" for scenarios like business closing time. 9028 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9029 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9030 # allow the value 60 if it allows leap-seconds. 9031 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9032 }, 9033 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9034 # and time zone are either specified elsewhere or are not significant. The date 9035 # is relative to the Proleptic Gregorian Calendar. This can represent: 9036 # 9037 # * A full date, with non-zero year, month and day values 9038 # * A month and day value, with a zero year, e.g. an anniversary 9039 # * A year on its own, with zero month and day values 9040 # * A year and month value, with a zero day, e.g. a credit card expiration date 9041 # 9042 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9043 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9044 # a year. 9045 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9046 # if specifying a year by itself or a year and month where the day is not 9047 # significant. 9048 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9049 # month and day. 9050 }, 9051 "stringValue": "A String", 9052 "booleanValue": True or False, 9053 "integerValue": "A String", 9054 }, 9055 }, 9056 ], 9057 }, 9058 "logicalOperator": "A String", # The operator to apply to the result of conditions. Default and currently 9059 # only supported value is `AND`. 9060 }, 9061 }, 9062 "fields": [ # Input field(s) to apply the transformation to. [required] 9063 { # General identifier of a data field in a storage service. 9064 "name": "A String", # Name describing the field. 9065 }, 9066 ], 9067 }, 9068 ], 9069 "transformedBytes": "A String", # Total size in bytes that were transformed in some way. 9070 "transformation": { # A rule for transforming a value. # The specific transformation these stats apply to. 9071 "characterMaskConfig": { # Partially mask a string by replacing a given number of characters with a 9072 # fixed character. Masking can start from the beginning or end of the string. 9073 # This can be used on data of any type (numbers, longs, and so on) and when 9074 # de-identifying structured data we'll attempt to preserve the original data's 9075 # type. (This allows you to take a long like 123 and modify it to a string like 9076 # **3. 9077 "charactersToIgnore": [ # When masking a string, items in this list will be skipped when replacing. 9078 # For example, if your string is 555-555-5555 and you ask us to skip `-` and 9079 # mask 5 chars with * we would produce ***-*55-5555. 9080 { # Characters to skip when doing deidentification of a value. These will be left 9081 # alone and skipped. 9082 "commonCharactersToIgnore": "A String", 9083 "charactersToSkip": "A String", 9084 }, 9085 ], 9086 "numberToMask": 42, # Number of characters to mask. If not set, all matching chars will be 9087 # masked. Skipped characters do not count towards this tally. 9088 "maskingCharacter": "A String", # Character to mask the sensitive values—for example, "*" for an 9089 # alphabetic string such as name, or "0" for a numeric string such as ZIP 9090 # code or credit card number. String must have length 1. If not supplied, we 9091 # will default to "*" for strings, 0 for digits. 9092 "reverseOrder": True or False, # Mask characters in reverse order. For example, if `masking_character` is 9093 # '0', number_to_mask is 14, and `reverse_order` is false, then 9094 # 1234-5678-9012-3456 -> 00000000000000-3456 9095 # If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` 9096 # is true, then 12345 -> 12*** 9097 }, 9098 "redactConfig": { # Redact a given value. For example, if used with an `InfoTypeTransformation` 9099 # transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the 9100 # output would be 'My phone number is '. 9101 }, 9102 "cryptoDeterministicConfig": { # Pseudonymization method that generates deterministic encryption for the given 9103 # input. Outputs a base64 encoded representation of the encrypted output. 9104 # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. 9105 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption function. 9106 # a key encryption key (KEK) stored by KMS). 9107 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9108 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9109 # unwrap the data crypto key. 9110 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9111 # The wrapped key must be a 128/192/256 bit key. 9112 # Authorization requires the following IAM permissions when sending a request 9113 # to perform a crypto transformation using a kms-wrapped crypto key: 9114 # dlp.kms.encrypt 9115 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9116 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9117 }, 9118 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9119 # leaking the key. Choose another type of key if possible. 9120 "key": "A String", # A 128/192/256 bit key. [required] 9121 }, 9122 "transient": { # Use this to have a random data crypto key generated. 9123 # It will be discarded after the request finishes. 9124 "name": "A String", # Name of the key. [required] 9125 # This is an arbitrary string used to differentiate different keys. 9126 # A unique key is generated per name: two separate `TransientCryptoKey` 9127 # protos share the same generated key if their names are the same. 9128 # When the data crypto key is generated, this name is not used in any way 9129 # (repeating the api call will result in a different key being generated). 9130 }, 9131 }, 9132 "context": { # General identifier of a data field in a storage service. # Optional. A context may be used for higher security and maintaining 9133 # referential integrity such that the same identifier in two different 9134 # contexts will be given a distinct surrogate. The context is appended to 9135 # plaintext value being encrypted. On decryption the provided context is 9136 # validated against the value used during encryption. If a context was 9137 # provided during encryption, same context must be provided during decryption 9138 # as well. 9139 # 9140 # If the context is not set, plaintext would be used as is for encryption. 9141 # If the context is set but: 9142 # 9143 # 1. there is no record present when transforming a given value or 9144 # 2. the field is not present when transforming a given value, 9145 # 9146 # plaintext would be used as is for encryption. 9147 # 9148 # Note that case (1) is expected when an `InfoTypeTransformation` is 9149 # applied to both structured and non-structured `ContentItem`s. 9150 "name": "A String", # Name describing the field. 9151 }, 9152 "surrogateInfoType": { # Type of information detected by the API. # The custom info type to annotate the surrogate with. 9153 # This annotation will be applied to the surrogate by prefixing it with 9154 # the name of the custom info type followed by the number of 9155 # characters comprising the surrogate. The following scheme defines the 9156 # format: <info type name>(<surrogate character count>):<surrogate> 9157 # 9158 # For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and 9159 # the surrogate is 'abc', the full replacement value 9160 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 9161 # 9162 # This annotation identifies the surrogate when inspecting content using the 9163 # custom info type 'Surrogate'. This facilitates reversal of the 9164 # surrogate when it occurs in free text. 9165 # 9166 # In order for inspection to work properly, the name of this info type must 9167 # not occur naturally anywhere in your data; otherwise, inspection may either 9168 # 9169 # - reverse a surrogate that does not correspond to an actual identifier 9170 # - be unable to parse the surrogate and result in an error 9171 # 9172 # Therefore, choose your custom info type name carefully after considering 9173 # what your data looks like. One way to select a name that has a high chance 9174 # of yielding reliable detection is to include one or more unicode characters 9175 # that are highly improbable to exist in your data. 9176 # For example, assuming your data is entered from a regular ASCII keyboard, 9177 # the symbol with the hex code point 29DD might be used like so: 9178 # ⧝MY_TOKEN_TYPE 9179 "name": "A String", # Name of the information type. Either a name of your choosing when 9180 # creating a CustomInfoType, or one of the names listed 9181 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9182 # a built-in type. InfoType names should conform to the pattern 9183 # [a-zA-Z0-9_]{1,64}. 9184 }, 9185 }, 9186 "fixedSizeBucketingConfig": { # Buckets values based on fixed size ranges. The 9187 # Bucketing transformation can provide all of this functionality, 9188 # but requires more configuration. This message is provided as a convenience to 9189 # the user for simple bucketing strategies. 9190 # 9191 # The transformed value will be a hyphenated string of 9192 # <lower_bound>-<upper_bound>, i.e if lower_bound = 10 and upper_bound = 20 9193 # all values that are within this bucket will be replaced with "10-20". 9194 # 9195 # This can be used on data of type: double, long. 9196 # 9197 # If the bound Value type differs from the type of data 9198 # being transformed, we will first attempt converting the type of the data to 9199 # be transformed to match the type of the bound before comparing. 9200 # 9201 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 9202 "lowerBound": { # Set of primitive values supported by the system. # Lower bound value of buckets. All values less than `lower_bound` are 9203 # grouped together into a single bucket; for example if `lower_bound` = 10, 9204 # then all values less than 10 are replaced with the value “-10”. [Required]. 9205 # Note that for the purposes of inspection or transformation, the number 9206 # of bytes considered to comprise a 'Value' is based on its representation 9207 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9208 # 123456789, the number of bytes would be counted as 9, even though an 9209 # int64 only holds up to 8 bytes of data. 9210 "floatValue": 3.14, 9211 "timestampValue": "A String", 9212 "dayOfWeekValue": "A String", 9213 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9214 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9215 # types are google.type.Date and `google.protobuf.Timestamp`. 9216 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9217 # to allow the value "24:00:00" for scenarios like business closing time. 9218 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9219 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9220 # allow the value 60 if it allows leap-seconds. 9221 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9222 }, 9223 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9224 # and time zone are either specified elsewhere or are not significant. The date 9225 # is relative to the Proleptic Gregorian Calendar. This can represent: 9226 # 9227 # * A full date, with non-zero year, month and day values 9228 # * A month and day value, with a zero year, e.g. an anniversary 9229 # * A year on its own, with zero month and day values 9230 # * A year and month value, with a zero day, e.g. a credit card expiration date 9231 # 9232 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9233 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9234 # a year. 9235 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9236 # if specifying a year by itself or a year and month where the day is not 9237 # significant. 9238 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9239 # month and day. 9240 }, 9241 "stringValue": "A String", 9242 "booleanValue": True or False, 9243 "integerValue": "A String", 9244 }, 9245 "upperBound": { # Set of primitive values supported by the system. # Upper bound value of buckets. All values greater than upper_bound are 9246 # grouped together into a single bucket; for example if `upper_bound` = 89, 9247 # then all values greater than 89 are replaced with the value “89+”. 9248 # [Required]. 9249 # Note that for the purposes of inspection or transformation, the number 9250 # of bytes considered to comprise a 'Value' is based on its representation 9251 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9252 # 123456789, the number of bytes would be counted as 9, even though an 9253 # int64 only holds up to 8 bytes of data. 9254 "floatValue": 3.14, 9255 "timestampValue": "A String", 9256 "dayOfWeekValue": "A String", 9257 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9258 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9259 # types are google.type.Date and `google.protobuf.Timestamp`. 9260 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9261 # to allow the value "24:00:00" for scenarios like business closing time. 9262 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9263 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9264 # allow the value 60 if it allows leap-seconds. 9265 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9266 }, 9267 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9268 # and time zone are either specified elsewhere or are not significant. The date 9269 # is relative to the Proleptic Gregorian Calendar. This can represent: 9270 # 9271 # * A full date, with non-zero year, month and day values 9272 # * A month and day value, with a zero year, e.g. an anniversary 9273 # * A year on its own, with zero month and day values 9274 # * A year and month value, with a zero day, e.g. a credit card expiration date 9275 # 9276 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9277 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9278 # a year. 9279 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9280 # if specifying a year by itself or a year and month where the day is not 9281 # significant. 9282 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9283 # month and day. 9284 }, 9285 "stringValue": "A String", 9286 "booleanValue": True or False, 9287 "integerValue": "A String", 9288 }, 9289 "bucketSize": 3.14, # Size of each bucket (except for minimum and maximum buckets). So if 9290 # `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the 9291 # following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 9292 # 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required]. 9293 }, 9294 "replaceWithInfoTypeConfig": { # Replace each matching finding with the name of the info_type. 9295 }, 9296 "timePartConfig": { # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a 9297 # portion of the value. 9298 "partToExtract": "A String", 9299 }, 9300 "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. 9301 # Uses SHA-256. 9302 # The key size must be either 32 or 64 bytes. 9303 # Outputs a base64 encoded representation of the hashed output 9304 # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). 9305 # Currently, only string and integer values can be hashed. 9306 # See https://cloud.google.com/dlp/docs/pseudonymization to learn more. 9307 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the hash function. 9308 # a key encryption key (KEK) stored by KMS). 9309 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9310 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9311 # unwrap the data crypto key. 9312 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9313 # The wrapped key must be a 128/192/256 bit key. 9314 # Authorization requires the following IAM permissions when sending a request 9315 # to perform a crypto transformation using a kms-wrapped crypto key: 9316 # dlp.kms.encrypt 9317 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9318 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9319 }, 9320 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9321 # leaking the key. Choose another type of key if possible. 9322 "key": "A String", # A 128/192/256 bit key. [required] 9323 }, 9324 "transient": { # Use this to have a random data crypto key generated. 9325 # It will be discarded after the request finishes. 9326 "name": "A String", # Name of the key. [required] 9327 # This is an arbitrary string used to differentiate different keys. 9328 # A unique key is generated per name: two separate `TransientCryptoKey` 9329 # protos share the same generated key if their names are the same. 9330 # When the data crypto key is generated, this name is not used in any way 9331 # (repeating the api call will result in a different key being generated). 9332 }, 9333 }, 9334 }, 9335 "dateShiftConfig": { # Shifts dates by random number of days, with option to be consistent for the 9336 # same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting 9337 # to learn more. 9338 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # Causes the shift to be computed based on this key and the context. This 9339 # results in the same shift for the same context and crypto_key. 9340 # a key encryption key (KEK) stored by KMS). 9341 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9342 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9343 # unwrap the data crypto key. 9344 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9345 # The wrapped key must be a 128/192/256 bit key. 9346 # Authorization requires the following IAM permissions when sending a request 9347 # to perform a crypto transformation using a kms-wrapped crypto key: 9348 # dlp.kms.encrypt 9349 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9350 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9351 }, 9352 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9353 # leaking the key. Choose another type of key if possible. 9354 "key": "A String", # A 128/192/256 bit key. [required] 9355 }, 9356 "transient": { # Use this to have a random data crypto key generated. 9357 # It will be discarded after the request finishes. 9358 "name": "A String", # Name of the key. [required] 9359 # This is an arbitrary string used to differentiate different keys. 9360 # A unique key is generated per name: two separate `TransientCryptoKey` 9361 # protos share the same generated key if their names are the same. 9362 # When the data crypto key is generated, this name is not used in any way 9363 # (repeating the api call will result in a different key being generated). 9364 }, 9365 }, 9366 "lowerBoundDays": 42, # For example, -5 means shift date to at most 5 days back in the past. 9367 # [Required] 9368 "upperBoundDays": 42, # Range of shift in days. Actual shift will be selected at random within this 9369 # range (inclusive ends). Negative means shift to earlier in time. Must not 9370 # be more than 365250 days (1000 years) each direction. 9371 # 9372 # For example, 3 means shift date to at most 3 days into the future. 9373 # [Required] 9374 "context": { # General identifier of a data field in a storage service. # Points to the field that contains the context, for example, an entity id. 9375 # If set, must also set method. If set, shift will be consistent for the 9376 # given context. 9377 "name": "A String", # Name describing the field. 9378 }, 9379 }, 9380 "bucketingConfig": { # Generalization function that buckets values based on ranges. The ranges and 9381 # replacement values are dynamically provided by the user for custom behavior, 9382 # such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH 9383 # This can be used on 9384 # data of type: number, long, string, timestamp. 9385 # If the bound `Value` type differs from the type of data being transformed, we 9386 # will first attempt converting the type of the data to be transformed to match 9387 # the type of the bound before comparing. 9388 # See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. 9389 "buckets": [ # Set of buckets. Ranges must be non-overlapping. 9390 { # Bucket is represented as a range, along with replacement values. 9391 "max": { # Set of primitive values supported by the system. # Upper bound of the range, exclusive; type must match min. 9392 # Note that for the purposes of inspection or transformation, the number 9393 # of bytes considered to comprise a 'Value' is based on its representation 9394 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9395 # 123456789, the number of bytes would be counted as 9, even though an 9396 # int64 only holds up to 8 bytes of data. 9397 "floatValue": 3.14, 9398 "timestampValue": "A String", 9399 "dayOfWeekValue": "A String", 9400 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9401 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9402 # types are google.type.Date and `google.protobuf.Timestamp`. 9403 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9404 # to allow the value "24:00:00" for scenarios like business closing time. 9405 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9406 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9407 # allow the value 60 if it allows leap-seconds. 9408 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9409 }, 9410 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9411 # and time zone are either specified elsewhere or are not significant. The date 9412 # is relative to the Proleptic Gregorian Calendar. This can represent: 9413 # 9414 # * A full date, with non-zero year, month and day values 9415 # * A month and day value, with a zero year, e.g. an anniversary 9416 # * A year on its own, with zero month and day values 9417 # * A year and month value, with a zero day, e.g. a credit card expiration date 9418 # 9419 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9420 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9421 # a year. 9422 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9423 # if specifying a year by itself or a year and month where the day is not 9424 # significant. 9425 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9426 # month and day. 9427 }, 9428 "stringValue": "A String", 9429 "booleanValue": True or False, 9430 "integerValue": "A String", 9431 }, 9432 "replacementValue": { # Set of primitive values supported by the system. # Replacement value for this bucket. If not provided 9433 # the default behavior will be to hyphenate the min-max range. 9434 # Note that for the purposes of inspection or transformation, the number 9435 # of bytes considered to comprise a 'Value' is based on its representation 9436 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9437 # 123456789, the number of bytes would be counted as 9, even though an 9438 # int64 only holds up to 8 bytes of data. 9439 "floatValue": 3.14, 9440 "timestampValue": "A String", 9441 "dayOfWeekValue": "A String", 9442 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9443 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9444 # types are google.type.Date and `google.protobuf.Timestamp`. 9445 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9446 # to allow the value "24:00:00" for scenarios like business closing time. 9447 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9448 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9449 # allow the value 60 if it allows leap-seconds. 9450 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9451 }, 9452 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9453 # and time zone are either specified elsewhere or are not significant. The date 9454 # is relative to the Proleptic Gregorian Calendar. This can represent: 9455 # 9456 # * A full date, with non-zero year, month and day values 9457 # * A month and day value, with a zero year, e.g. an anniversary 9458 # * A year on its own, with zero month and day values 9459 # * A year and month value, with a zero day, e.g. a credit card expiration date 9460 # 9461 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9462 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9463 # a year. 9464 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9465 # if specifying a year by itself or a year and month where the day is not 9466 # significant. 9467 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9468 # month and day. 9469 }, 9470 "stringValue": "A String", 9471 "booleanValue": True or False, 9472 "integerValue": "A String", 9473 }, 9474 "min": { # Set of primitive values supported by the system. # Lower bound of the range, inclusive. Type should be the same as max if 9475 # used. 9476 # Note that for the purposes of inspection or transformation, the number 9477 # of bytes considered to comprise a 'Value' is based on its representation 9478 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9479 # 123456789, the number of bytes would be counted as 9, even though an 9480 # int64 only holds up to 8 bytes of data. 9481 "floatValue": 3.14, 9482 "timestampValue": "A String", 9483 "dayOfWeekValue": "A String", 9484 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9485 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9486 # types are google.type.Date and `google.protobuf.Timestamp`. 9487 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9488 # to allow the value "24:00:00" for scenarios like business closing time. 9489 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9490 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9491 # allow the value 60 if it allows leap-seconds. 9492 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9493 }, 9494 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9495 # and time zone are either specified elsewhere or are not significant. The date 9496 # is relative to the Proleptic Gregorian Calendar. This can represent: 9497 # 9498 # * A full date, with non-zero year, month and day values 9499 # * A month and day value, with a zero year, e.g. an anniversary 9500 # * A year on its own, with zero month and day values 9501 # * A year and month value, with a zero day, e.g. a credit card expiration date 9502 # 9503 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9504 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9505 # a year. 9506 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9507 # if specifying a year by itself or a year and month where the day is not 9508 # significant. 9509 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9510 # month and day. 9511 }, 9512 "stringValue": "A String", 9513 "booleanValue": True or False, 9514 "integerValue": "A String", 9515 }, 9516 }, 9517 ], 9518 }, 9519 "cryptoReplaceFfxFpeConfig": { # Replaces an identifier with a surrogate using Format Preserving Encryption 9520 # (FPE) with the FFX mode of operation; however when used in the 9521 # `ReidentifyContent` API method, it serves the opposite function by reversing 9522 # the surrogate back into the original identifier. The identifier must be 9523 # encoded as ASCII. For a given crypto key and context, the same identifier 9524 # will be replaced with the same surrogate. Identifiers must be at least two 9525 # characters long. In the case that the identifier is the empty string, it will 9526 # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn 9527 # more. 9528 # 9529 # Note: We recommend using CryptoDeterministicConfig for all use cases which 9530 # do not require preserving the input alphabet space and size, plus warrant 9531 # referential integrity. 9532 "cryptoKey": { # This is a data encryption key (DEK) (as opposed to # The key used by the encryption algorithm. [required] 9533 # a key encryption key (KEK) stored by KMS). 9534 # When using KMS to wrap/unwrap DEKs, be sure to set an appropriate 9535 # IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot 9536 # unwrap the data crypto key. 9537 "kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. 9538 # The wrapped key must be a 128/192/256 bit key. 9539 # Authorization requires the following IAM permissions when sending a request 9540 # to perform a crypto transformation using a kms-wrapped crypto key: 9541 # dlp.kms.encrypt 9542 "cryptoKeyName": "A String", # The resource name of the KMS CryptoKey to use for unwrapping. [required] 9543 "wrappedKey": "A String", # The wrapped data crypto key. [required] 9544 }, 9545 "unwrapped": { # Using raw keys is prone to security risks due to accidentally 9546 # leaking the key. Choose another type of key if possible. 9547 "key": "A String", # A 128/192/256 bit key. [required] 9548 }, 9549 "transient": { # Use this to have a random data crypto key generated. 9550 # It will be discarded after the request finishes. 9551 "name": "A String", # Name of the key. [required] 9552 # This is an arbitrary string used to differentiate different keys. 9553 # A unique key is generated per name: two separate `TransientCryptoKey` 9554 # protos share the same generated key if their names are the same. 9555 # When the data crypto key is generated, this name is not used in any way 9556 # (repeating the api call will result in a different key being generated). 9557 }, 9558 }, 9559 "radix": 42, # The native way to select the alphabet. Must be in the range [2, 62]. 9560 "commonAlphabet": "A String", 9561 "customAlphabet": "A String", # This is supported by mapping these to the alphanumeric characters 9562 # that the FFX mode natively supports. This happens before/after 9563 # encryption/decryption. 9564 # Each character listed must appear only once. 9565 # Number of characters must be in the range [2, 62]. 9566 # This must be encoded as ASCII. 9567 # The order of characters does not matter. 9568 "context": { # General identifier of a data field in a storage service. # The 'tweak', a context may be used for higher security since the same 9569 # identifier in two different contexts won't be given the same surrogate. If 9570 # the context is not set, a default tweak will be used. 9571 # 9572 # If the context is set but: 9573 # 9574 # 1. there is no record present when transforming a given value or 9575 # 1. the field is not present when transforming a given value, 9576 # 9577 # a default tweak will be used. 9578 # 9579 # Note that case (1) is expected when an `InfoTypeTransformation` is 9580 # applied to both structured and non-structured `ContentItem`s. 9581 # Currently, the referenced field may be of value type integer or string. 9582 # 9583 # The tweak is constructed as a sequence of bytes in big endian byte order 9584 # such that: 9585 # 9586 # - a 64 bit integer is encoded followed by a single byte of value 1 9587 # - a string is encoded in UTF-8 format followed by a single byte of value 2 9588 "name": "A String", # Name describing the field. 9589 }, 9590 "surrogateInfoType": { # Type of information detected by the API. # The custom infoType to annotate the surrogate with. 9591 # This annotation will be applied to the surrogate by prefixing it with 9592 # the name of the custom infoType followed by the number of 9593 # characters comprising the surrogate. The following scheme defines the 9594 # format: info_type_name(surrogate_character_count):surrogate 9595 # 9596 # For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and 9597 # the surrogate is 'abc', the full replacement value 9598 # will be: 'MY_TOKEN_INFO_TYPE(3):abc' 9599 # 9600 # This annotation identifies the surrogate when inspecting content using the 9601 # custom infoType 9602 # [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). 9603 # This facilitates reversal of the surrogate when it occurs in free text. 9604 # 9605 # In order for inspection to work properly, the name of this infoType must 9606 # not occur naturally anywhere in your data; otherwise, inspection may 9607 # find a surrogate that does not correspond to an actual identifier. 9608 # Therefore, choose your custom infoType name carefully after considering 9609 # what your data looks like. One way to select a name that has a high chance 9610 # of yielding reliable detection is to include one or more unicode characters 9611 # that are highly improbable to exist in your data. 9612 # For example, assuming your data is entered from a regular ASCII keyboard, 9613 # the symbol with the hex code point 29DD might be used like so: 9614 # ⧝MY_TOKEN_TYPE 9615 "name": "A String", # Name of the information type. Either a name of your choosing when 9616 # creating a CustomInfoType, or one of the names listed 9617 # at https://cloud.google.com/dlp/docs/infotypes-reference when specifying 9618 # a built-in type. InfoType names should conform to the pattern 9619 # [a-zA-Z0-9_]{1,64}. 9620 }, 9621 }, 9622 "replaceConfig": { # Replace each input value with a given `Value`. 9623 "newValue": { # Set of primitive values supported by the system. # Value to replace it with. 9624 # Note that for the purposes of inspection or transformation, the number 9625 # of bytes considered to comprise a 'Value' is based on its representation 9626 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9627 # 123456789, the number of bytes would be counted as 9, even though an 9628 # int64 only holds up to 8 bytes of data. 9629 "floatValue": 3.14, 9630 "timestampValue": "A String", 9631 "dayOfWeekValue": "A String", 9632 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9633 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9634 # types are google.type.Date and `google.protobuf.Timestamp`. 9635 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9636 # to allow the value "24:00:00" for scenarios like business closing time. 9637 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9638 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9639 # allow the value 60 if it allows leap-seconds. 9640 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9641 }, 9642 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9643 # and time zone are either specified elsewhere or are not significant. The date 9644 # is relative to the Proleptic Gregorian Calendar. This can represent: 9645 # 9646 # * A full date, with non-zero year, month and day values 9647 # * A month and day value, with a zero year, e.g. an anniversary 9648 # * A year on its own, with zero month and day values 9649 # * A year and month value, with a zero day, e.g. a credit card expiration date 9650 # 9651 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9652 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9653 # a year. 9654 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9655 # if specifying a year by itself or a year and month where the day is not 9656 # significant. 9657 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9658 # month and day. 9659 }, 9660 "stringValue": "A String", 9661 "booleanValue": True or False, 9662 "integerValue": "A String", 9663 }, 9664 }, 9665 }, 9666 }, 9667 ], 9668 "transformedBytes": "A String", # Total size in bytes that were transformed in some way. 9669 }, 9670 "item": { # Container structure for the content to inspect. # The re-identified item. 9671 "table": { # Structured content to inspect. Up to 50,000 `Value`s per request allowed. # Structured content for inspection. See 9672 # https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 9673 # learn more. 9674 # See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to 9675 # learn more. 9676 "headers": [ 9677 { # General identifier of a data field in a storage service. 9678 "name": "A String", # Name describing the field. 9679 }, 9680 ], 9681 "rows": [ 9682 { 9683 "values": [ 9684 { # Set of primitive values supported by the system. 9685 # Note that for the purposes of inspection or transformation, the number 9686 # of bytes considered to comprise a 'Value' is based on its representation 9687 # as a UTF-8 encoded string. For example, if 'integer_value' is set to 9688 # 123456789, the number of bytes would be counted as 9, even though an 9689 # int64 only holds up to 8 bytes of data. 9690 "floatValue": 3.14, 9691 "timestampValue": "A String", 9692 "dayOfWeekValue": "A String", 9693 "timeValue": { # Represents a time of day. The date and time zone are either not significant 9694 # or are specified elsewhere. An API may choose to allow leap seconds. Related 9695 # types are google.type.Date and `google.protobuf.Timestamp`. 9696 "hours": 42, # Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 9697 # to allow the value "24:00:00" for scenarios like business closing time. 9698 "nanos": 42, # Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 9699 "seconds": 42, # Seconds of minutes of the time. Must normally be from 0 to 59. An API may 9700 # allow the value 60 if it allows leap-seconds. 9701 "minutes": 42, # Minutes of hour of day. Must be from 0 to 59. 9702 }, 9703 "dateValue": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day 9704 # and time zone are either specified elsewhere or are not significant. The date 9705 # is relative to the Proleptic Gregorian Calendar. This can represent: 9706 # 9707 # * A full date, with non-zero year, month and day values 9708 # * A month and day value, with a zero year, e.g. an anniversary 9709 # * A year on its own, with zero month and day values 9710 # * A year and month value, with a zero day, e.g. a credit card expiration date 9711 # 9712 # Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. 9713 "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without 9714 # a year. 9715 "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 9716 # if specifying a year by itself or a year and month where the day is not 9717 # significant. 9718 "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a 9719 # month and day. 9720 }, 9721 "stringValue": "A String", 9722 "booleanValue": True or False, 9723 "integerValue": "A String", 9724 }, 9725 ], 9726 }, 9727 ], 9728 }, 9729 "byteItem": { # Container for bytes to inspect or redact. # Content data to inspect or redact. Replaces `type` and `data`. 9730 "type": "A String", # The type of data stored in the bytes string. Default will be TEXT_UTF8. 9731 "data": "A String", # Content data to inspect or redact. 9732 }, 9733 "value": "A String", # String data to inspect or redact. 9734 }, 9735 }</pre> 9736</div> 9737 9738</body></html>