{ "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } } }, "documentationLink": "https://cloud.google.com/sensitive-data-protection/docs/", "protocol": "rest", "version": "v2", "rootUrl": "https://dlp.googleapis.com/", "servicePath": "", "kind": "discovery#restDescription", "id": "dlp:v2", "name": "dlp", "parameters": { "$.xgafv": { "type": "string", "enum": [ "1", "2" ], "location": "query", "enumDescriptions": [ "v1 error format", "v2 error format" ], "description": "V1 error format." }, "access_token": { "location": "query", "type": "string", "description": "OAuth access token." }, "oauth_token": { "type": "string", "location": "query", "description": "OAuth 2.0 token for the current user." }, "quotaUser": { "location": "query", "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters." }, "upload_protocol": { "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query", "type": "string" }, "prettyPrint": { "location": "query", "type": "boolean", "default": "true", "description": "Returns response with indentations and line breaks." }, "fields": { "type": "string", "location": "query", "description": "Selector specifying which fields to include in a partial response." }, "key": { "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "type": "string", "location": "query" }, "callback": { "description": "JSONP", "type": "string", "location": "query" }, "alt": { "type": "string", "enum": [ "json", "media", "proto" ], "location": "query", "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "default": "json", "description": "Data format for response." }, "uploadType": { "location": "query", "type": "string", "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\")." } }, "schemas": { "GooglePrivacyDlpV2DiscoveryFileStoreConditions": { "description": "Requirements that must be true before a file store is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.", "id": "GooglePrivacyDlpV2DiscoveryFileStoreConditions", "type": "object", "properties": { "cloudStorageConditions": { "description": "Optional. Cloud Storage conditions.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudStorageConditions" }, "createdAfter": { "description": "Optional. File store must have been created after this date. Used to avoid backfilling.", "type": "string", "format": "google-datetime" }, "minAge": { "description": "Optional. Minimum age a file store must have. If set, the value must be 1 hour or greater.", "type": "string", "format": "google-duration" } } }, "GooglePrivacyDlpV2CloudStorageOptions": { "id": "GooglePrivacyDlpV2CloudStorageOptions", "type": "object", "properties": { "bytesLimitPerFile": { "description": "Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of `bytes_limit_per_file` and `bytes_limit_per_file_percent` can be specified. This field can't be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see [Limits on bytes scanned per file](https://cloud.google.com/sensitive-data-protection/docs/supported-file-types#max-byte-size-per-file).", "type": "string", "format": "int64" }, "bytesLimitPerFilePercent": { "description": "Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. This field can't be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see [Limits on bytes scanned per file](https://cloud.google.com/sensitive-data-protection/docs/supported-file-types#max-byte-size-per-file).", "type": "integer", "format": "int32" }, "fileSet": { "description": "The set of one or more files to scan.", "$ref": "GooglePrivacyDlpV2FileSet" }, "fileTypes": { "description": "List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.", "type": "array", "items": { "enum": [ "FILE_TYPE_UNSPECIFIED", "BINARY_FILE", "TEXT_FILE", "IMAGE", "WORD", "PDF", "AVRO", "CSV", "TSV", "POWERPOINT", "EXCEL" ], "type": "string", "enumDescriptions": [ "Includes all files.", "Includes all file extensions not covered by another entry. Binary scanning attempts to convert the content of the file to utf_8 to scan the file. If you wish to avoid this fall back, specify one or more of the other file types in your storage scan.", "Included file extensions: asc,asp, aspx, brf, c, cc,cfm, cgi, cpp, csv, cxx, c++, cs, css, dart, dat, dot, eml,, epbub, ged, go, h, hh, hpp, hxx, h++, hs, html, htm, mkd, markdown, m, ml, mli, perl, pl, plist, pm, php, phtml, pht, properties, py, pyw, rb, rbw, rs, rss, rc, scala, sh, sql, swift, tex, shtml, shtm, xhtml, lhs, ics, ini, java, js, json, jsonl, kix, kml, ocaml, md, txt, text, tsv, vb, vcard, vcs, wml, xcodeproj, xml, xsl, xsd, yml, yaml.", "Included file extensions: bmp, gif, jpg, jpeg, jpe, png. Setting bytes_limit_per_file or bytes_limit_per_file_percent has no effect on image files. Image inspection is restricted to the `global`, `us`, `asia`, and `europe` regions.", "Microsoft Word files larger than 30 MB will be scanned as binary files. Included file extensions: docx, dotx, docm, dotm. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on Word files.", "PDF files larger than 30 MB will be scanned as binary files. Included file extensions: pdf. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on PDF files.", "Included file extensions: avro", "Included file extensions: csv", "Included file extensions: tsv", "Microsoft PowerPoint files larger than 30 MB will be scanned as binary files. Included file extensions: pptx, pptm, potx, potm, pot. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on PowerPoint files.", "Microsoft Excel files larger than 30 MB will be scanned as binary files. Included file extensions: xlsx, xlsm, xltx, xltm. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on Excel files." ] } }, "sampleMethod": { "enum": [ "SAMPLE_METHOD_UNSPECIFIED", "TOP", "RANDOM_START" ], "type": "string", "description": "How to sample the data.", "enumDescriptions": [ "No sampling.", "Scan from the top (default).", "For each file larger than bytes_limit_per_file, randomly pick the offset to start scanning. The scanned bytes are contiguous." ] }, "filesLimitPercent": { "description": "Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0.", "type": "integer", "format": "int32" } }, "description": "Options defining a file or a set of files within a Cloud Storage bucket." }, "GooglePrivacyDlpV2ProcessingLocation": { "type": "object", "properties": { "imageFallbackLocation": { "description": "Image processing falls back using this configuration.", "$ref": "GooglePrivacyDlpV2ImageFallbackLocation" }, "documentFallbackLocation": { "description": "Document processing falls back using this configuration.", "$ref": "GooglePrivacyDlpV2DocumentFallbackLocation" } }, "id": "GooglePrivacyDlpV2ProcessingLocation", "description": "Configure processing location for discovery and inspection. For example, image OCR is only provided in limited regions but configuring ProcessingLocation will redirect OCR to a location where OCR is provided." }, "GooglePrivacyDlpV2MetadataKeyValueExpression": { "type": "object", "properties": { "keyRegex": { "description": "The regular expression for the key. Key should be non-empty.", "type": "string" }, "valueRegex": { "description": "The regular expression for the value. Value should be non-empty.", "type": "string" } }, "id": "GooglePrivacyDlpV2MetadataKeyValueExpression", "description": "Configuration for a custom infoType that detects key-value pairs in the metadata matching the specified regular expressions." }, "GooglePrivacyDlpV2ImageTransformation": { "id": "GooglePrivacyDlpV2ImageTransformation", "type": "object", "properties": { "redactionColor": { "description": "The color to use when redacting content from an image. If not specified, the default is black.", "$ref": "GooglePrivacyDlpV2Color" }, "allInfoTypes": { "description": "Apply transformation to all findings not specified in other ImageTransformation's selected_info_types. Only one instance is allowed within the ImageTransformations message.", "$ref": "GooglePrivacyDlpV2AllInfoTypes" }, "allText": { "description": "Apply transformation to all text that doesn't match an infoType. Only one instance is allowed within the ImageTransformations message.", "$ref": "GooglePrivacyDlpV2AllText" }, "selectedInfoTypes": { "description": "Apply transformation to the selected info_types.", "$ref": "GooglePrivacyDlpV2SelectedInfoTypes" } }, "description": "Configuration for determining how redaction of images should occur." }, "GooglePrivacyDlpV2VertexDatasetDiscoveryTarget": { "description": "Target used to match against for discovery with Vertex AI datasets.", "id": "GooglePrivacyDlpV2VertexDatasetDiscoveryTarget", "type": "object", "properties": { "disabled": { "description": "Disable profiling for datasets that match this filter.", "$ref": "GooglePrivacyDlpV2Disabled" }, "filter": { "description": "Required. The datasets the discovery cadence applies to. The first target with a matching filter will be the one to apply to a dataset.", "$ref": "GooglePrivacyDlpV2DiscoveryVertexDatasetFilter" }, "generationCadence": { "description": "How often and when to update profiles. New datasets that match both the filter and conditions are scanned as quickly as possible depending on system capacity.", "$ref": "GooglePrivacyDlpV2DiscoveryVertexDatasetGenerationCadence" }, "conditions": { "description": "In addition to matching the filter, these conditions must be true before a profile is generated.", "$ref": "GooglePrivacyDlpV2DiscoveryVertexDatasetConditions" } } }, "GooglePrivacyDlpV2VertexDatasetRegex": { "type": "object", "properties": { "projectIdRegex": { "description": "For organizations, if unset, will match all projects. Has no effect for configurations created within a project.", "type": "string" } }, "id": "GooglePrivacyDlpV2VertexDatasetRegex", "description": "A pattern to match against one or more dataset resources." }, "GooglePrivacyDlpV2DlpJob": { "description": "Combines all of the information about a DLP job.", "type": "object", "properties": { "createTime": { "description": "Time when the job was created.", "type": "string", "format": "google-datetime" }, "endTime": { "format": "google-datetime", "type": "string", "description": "Time when the job finished." }, "startTime": { "type": "string", "format": "google-datetime", "description": "Time when the job started." }, "type": { "type": "string", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "description": "The type of job.", "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ] }, "actionDetails": { "description": "Events that should occur after the job has completed.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ActionDetails" } }, "lastModified": { "description": "Time when the job was last modified by the system.", "format": "google-datetime", "type": "string" }, "riskDetails": { "description": "Results from analyzing risk of a data source.", "$ref": "GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails" }, "jobTriggerName": { "description": "If created by a job trigger, the resource name of the trigger that instantiated the job.", "type": "string" }, "state": { "description": "State of a job.", "enumDescriptions": [ "Unused.", "The job has not yet started.", "The job is currently running. Once a job has finished it will transition to FAILED or DONE.", "The job is no longer running.", "The job was canceled before it could be completed.", "The job had an error and did not complete.", "The job is currently accepting findings via hybridInspect. A hybrid job in ACTIVE state may continue to have findings added to it through the calling of hybridInspect. After the job has finished no more calls to hybridInspect may be made. ACTIVE jobs can transition to DONE." ], "enum": [ "JOB_STATE_UNSPECIFIED", "PENDING", "RUNNING", "DONE", "CANCELED", "FAILED", "ACTIVE" ], "type": "string" }, "inspectDetails": { "description": "Results from inspecting a data source.", "$ref": "GooglePrivacyDlpV2InspectDataSourceDetails" }, "name": { "description": "The server-assigned name.", "type": "string" }, "errors": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" }, "description": "A stream of errors encountered running the job." } }, "id": "GooglePrivacyDlpV2DlpJob" }, "GooglePrivacyDlpV2DiscoverySchemaModifiedCadence": { "description": "The cadence at which to update data profiles when a schema is modified.", "type": "object", "properties": { "frequency": { "description": "How frequently profiles may be updated when schemas are modified. Defaults to monthly.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ], "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string" }, "types": { "type": "array", "items": { "enumDescriptions": [ "Unused", "Profiles should be regenerated when new columns are added to the table. Default.", "Profiles should be regenerated when columns are removed from the table." ], "enum": [ "SCHEMA_MODIFICATION_UNSPECIFIED", "SCHEMA_NEW_COLUMNS", "SCHEMA_REMOVED_COLUMNS" ], "type": "string" }, "description": "The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS." } }, "id": "GooglePrivacyDlpV2DiscoverySchemaModifiedCadence" }, "GooglePrivacyDlpV2ExcludeInfoTypes": { "description": "List of excluded infoTypes.", "id": "GooglePrivacyDlpV2ExcludeInfoTypes", "type": "object", "properties": { "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing \"PHONE_NUMBER\"` and `exclusion_rule` containing `exclude_info_types.info_types` with \"EMAIL_ADDRESS\" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to \"555-222-2222@example.org\" to generate only a single finding, namely email address." } } }, "GooglePrivacyDlpV2ListColumnDataProfilesResponse": { "description": "List of profiles generated for a given organization or project.", "type": "object", "properties": { "columnDataProfiles": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ColumnDataProfile" }, "description": "List of data profiles." }, "nextPageToken": { "description": "The next page token.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListColumnDataProfilesResponse" }, "GooglePrivacyDlpV2Overlap": { "description": "Defines a condition for overlapping bounding boxes.", "id": "GooglePrivacyDlpV2Overlap", "type": "object", "properties": {} }, "GoogleRpcStatus": { "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).", "type": "object", "properties": { "details": { "type": "array", "items": { "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." }, "type": "object" }, "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use." }, "code": { "type": "integer", "format": "int32", "description": "The status code, which should be an enum value of google.rpc.Code." }, "message": { "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", "type": "string" } }, "id": "GoogleRpcStatus" }, "GooglePrivacyDlpV2BigQueryRegex": { "description": "A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.", "type": "object", "properties": { "projectIdRegex": { "description": "For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.", "type": "string" }, "datasetIdRegex": { "description": "If unset, this property matches all datasets.", "type": "string" }, "tableIdRegex": { "description": "If unset, this property matches all tables.", "type": "string" } }, "id": "GooglePrivacyDlpV2BigQueryRegex" }, "GooglePrivacyDlpV2SaveFindings": { "description": "If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk", "id": "GooglePrivacyDlpV2SaveFindings", "type": "object", "properties": { "outputConfig": { "description": "Location to store findings outside of DLP.", "$ref": "GooglePrivacyDlpV2OutputStorageConfig" } } }, "GooglePrivacyDlpV2FileStoreDataProfile": { "id": "GooglePrivacyDlpV2FileStoreDataProfile", "type": "object", "properties": { "relatedResources": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2RelatedResource" }, "description": "Resources related to this profile." }, "configSnapshot": { "description": "The snapshot of the configurations used to generate the profile.", "$ref": "GooglePrivacyDlpV2DataProfileConfigSnapshot" }, "profileStatus": { "description": "Success or error status from the most recent profile generation attempt. May be empty if the profile is still being generated.", "$ref": "GooglePrivacyDlpV2ProfileStatus" }, "resourceVisibility": { "type": "string", "enum": [ "RESOURCE_VISIBILITY_UNSPECIFIED", "RESOURCE_VISIBILITY_PUBLIC", "RESOURCE_VISIBILITY_INCONCLUSIVE", "RESOURCE_VISIBILITY_RESTRICTED" ], "description": "How broadly a resource has been shared.", "enumDescriptions": [ "Unused.", "Visible to any user.", "May contain public items. For example, if a Cloud Storage bucket has uniform bucket level access disabled, some objects inside it may be public, but none are known yet.", "Visible only to specific users." ] }, "resourceAttributes": { "additionalProperties": { "$ref": "GooglePrivacyDlpV2Value" }, "description": "Attributes of the resource being profiled. Currently used attributes: * customer_managed_encryption: boolean - true: the resource is encrypted with a customer-managed key. - false: the resource is encrypted with a provider-managed key.", "type": "object" }, "dataStorageLocations": { "type": "array", "items": { "type": "string" }, "description": "For resources that have multiple storage locations, these are those regions. For Cloud Storage this is the list of regions chosen for dual-region storage. `file_store_location` will normally be the corresponding multi-region for the list of individual locations. The first region is always picked as the processing and storage location for the data profile." }, "state": { "enum": [ "STATE_UNSPECIFIED", "RUNNING", "DONE" ], "type": "string", "description": "State of a profile.", "enumDescriptions": [ "Unused.", "The profile is currently running. Once a profile has finished it will transition to DONE.", "The profile is no longer generating. If profile_status.status.code is 0, the profile succeeded, otherwise, it failed." ] }, "sensitivityScore": { "description": "The sensitivity score of this resource.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "projectId": { "description": "The Google Cloud project ID that owns the resource. For Amazon S3 buckets, this is the AWS Account Id.", "type": "string" }, "fileClusterSummaries": { "description": "FileClusterSummary per each cluster.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileClusterSummary" } }, "fileStoreInfoTypeSummaries": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileStoreInfoTypeSummary" }, "description": "InfoTypes detected in this file store." }, "projectDataProfile": { "description": "The resource name of the project data profile for this file store.", "type": "string" }, "name": { "description": "The name of the profile.", "type": "string" }, "fileStorePath": { "description": "The file store path. * Cloud Storage: `gs://{bucket}` * Amazon S3: `s3://{bucket}` * Vertex AI dataset: `projects/{project_number}/locations/{location}/datasets/{dataset_id}`", "type": "string" }, "dataSourceType": { "description": "The resource type that was profiled.", "$ref": "GooglePrivacyDlpV2DataSourceType" }, "fileStoreIsEmpty": { "description": "The file store does not have any files. If the profiling operation failed, this is false.", "type": "boolean" }, "profileLastGenerated": { "format": "google-datetime", "type": "string", "description": "The last time the profile was generated." }, "dataRiskLevel": { "description": "The data risk level of this resource.", "$ref": "GooglePrivacyDlpV2DataRiskLevel" }, "resourceLabels": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The labels applied to the resource at the time the profile was generated." }, "domains": { "description": "Domains associated with the profile.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Domain" } }, "fullResource": { "description": "The resource name of the resource profiled. https://cloud.google.com/apis/design/resource_names#full_resource_name Example format of an S3 bucket full resource name: `//cloudasset.googleapis.com/organizations/{org_id}/otherCloudConnections/aws/arn:aws:s3:::{bucket_name}`", "type": "string" }, "sampleFindingsTable": { "description": "The BigQuery table to which the sample findings are written.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "tags": { "description": "The tags attached to the resource, including any tags attached during profiling.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Tag" } }, "fileStoreLocation": { "description": "The location of the file store. * Cloud Storage: https://cloud.google.com/storage/docs/locations#available-locations * Amazon S3: https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints", "type": "string" }, "locationType": { "description": "The location type of the file store (region, dual-region, multi-region, etc). If dual-region, expect data_storage_locations to be populated.", "type": "string" }, "createTime": { "format": "google-datetime", "type": "string", "description": "The time the file store was first created." }, "lastModifiedTime": { "format": "google-datetime", "type": "string", "description": "The time the file store was last modified." } }, "description": "The profile for a file store. * Cloud Storage: maps 1:1 with a bucket. * Amazon S3: maps 1:1 with a bucket." }, "GooglePrivacyDlpV2KeyValueMetadataProperty": { "type": "object", "properties": { "value": { "description": "The value of the property.", "type": "string" }, "key": { "description": "The key of the property.", "type": "string" } }, "id": "GooglePrivacyDlpV2KeyValueMetadataProperty", "description": "A key-value pair in the Metadata." }, "GooglePrivacyDlpV2SecretManagerCredential": { "description": "A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager [charges apply](https://cloud.google.com/secret-manager/pricing).", "id": "GooglePrivacyDlpV2SecretManagerCredential", "type": "object", "properties": { "passwordSecretVersionName": { "description": "Required. The name of the Secret Manager resource that stores the password, in the form `projects/project-id/secrets/secret-name/versions/version`.", "type": "string" }, "username": { "description": "Required. The username.", "type": "string" } } }, "GooglePrivacyDlpV2ActionDetails": { "description": "The results of an Action.", "id": "GooglePrivacyDlpV2ActionDetails", "type": "object", "properties": { "deidentifyDetails": { "description": "Outcome of a de-identification action.", "$ref": "GooglePrivacyDlpV2DeidentifyDataSourceDetails" } } }, "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig": { "type": "object", "properties": { "cryptoKey": { "description": "Required. The key used by the encryption algorithm.", "$ref": "GooglePrivacyDlpV2CryptoKey" }, "context": { "description": "The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and unstructured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2", "$ref": "GooglePrivacyDlpV2FieldId" }, "commonAlphabet": { "description": "Common alphabets.", "enumDescriptions": [ "Unused.", "`[0-9]` (radix of 10)", "`[0-9A-F]` (radix of 16)", "`[0-9A-Z]` (radix of 36)", "`[0-9A-Za-z]` (radix of 62)" ], "type": "string", "enum": [ "FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED", "NUMERIC", "HEXADECIMAL", "UPPER_CASE_ALPHA_NUMERIC", "ALPHA_NUMERIC" ] }, "customAlphabet": { "description": "This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~`!@#$%^&*()_-+={[}]|\\:;\"'\u003c,\u003e.?/``", "type": "string" }, "radix": { "format": "int32", "type": "integer", "description": "The native way to select the alphabet. Must be in the range [2, 95]." }, "surrogateInfoType": { "description": "The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE", "$ref": "GooglePrivacyDlpV2InfoType" } }, "id": "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig", "description": "Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. FPE incurs significant latency costs." }, "GooglePrivacyDlpV2DiscoveryBigQueryConditions": { "type": "object", "properties": { "orConditions": { "description": "At least one of the conditions must be true for a table to be scanned.", "$ref": "GooglePrivacyDlpV2OrConditions" }, "createdAfter": { "description": "BigQuery table must have been created after this date. Used to avoid backfilling.", "type": "string", "format": "google-datetime" }, "types": { "description": "Restrict discovery to specific table types.", "$ref": "GooglePrivacyDlpV2BigQueryTableTypes" }, "typeCollection": { "type": "string", "enum": [ "BIG_QUERY_COLLECTION_UNSPECIFIED", "BIG_QUERY_COLLECTION_ALL_TYPES", "BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES" ], "description": "Restrict discovery to categories of table types.", "enumDescriptions": [ "Unused.", "Automatically generate profiles for all tables, even if the table type is not yet fully supported for analysis. Profiles for unsupported tables will be generated with errors to indicate their partial support. When full support is added, the tables will automatically be profiled during the next scheduled run.", "Only those types fully supported will be profiled. Will expand automatically as Cloud DLP adds support for new table types. Unsupported table types will not have partial profiles generated." ] } }, "id": "GooglePrivacyDlpV2DiscoveryBigQueryConditions", "description": "Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age)." }, "GooglePrivacyDlpV2DiscoveryCloudStorageConditions": { "id": "GooglePrivacyDlpV2DiscoveryCloudStorageConditions", "type": "object", "properties": { "includedObjectAttributes": { "description": "Required. Only objects with the specified attributes will be scanned. If an object has one of the specified attributes but is inside an excluded bucket, it will not be scanned. Defaults to [ALL_SUPPORTED_OBJECTS]. A profile will be created even if no objects match the included_object_attributes.", "type": "array", "items": { "enum": [ "CLOUD_STORAGE_OBJECT_ATTRIBUTE_UNSPECIFIED", "ALL_SUPPORTED_OBJECTS", "STANDARD", "NEARLINE", "COLDLINE", "ARCHIVE", "REGIONAL", "MULTI_REGIONAL", "DURABLE_REDUCED_AVAILABILITY" ], "type": "string", "enumDescriptions": [ "Unused.", "Scan objects regardless of the attribute.", "Scan objects with the standard storage class.", "Scan objects with the nearline storage class. This will incur retrieval fees.", "Scan objects with the coldline storage class. This will incur retrieval fees.", "Scan objects with the archive storage class. This will incur retrieval fees.", "Scan objects with the regional storage class.", "Scan objects with the multi-regional storage class.", "Scan objects with the dual-regional storage class. This will incur retrieval fees." ] } }, "includedBucketAttributes": { "description": "Required. Only objects with the specified attributes will be scanned. Defaults to [ALL_SUPPORTED_BUCKETS] if unset.", "type": "array", "items": { "type": "string", "enum": [ "CLOUD_STORAGE_BUCKET_ATTRIBUTE_UNSPECIFIED", "ALL_SUPPORTED_BUCKETS", "AUTOCLASS_DISABLED", "AUTOCLASS_ENABLED" ], "enumDescriptions": [ "Unused.", "Scan buckets regardless of the attribute.", "Buckets with [Autoclass](https://cloud.google.com/storage/docs/autoclass) disabled. Only one of AUTOCLASS_DISABLED or AUTOCLASS_ENABLED should be set.", "Buckets with [Autoclass](https://cloud.google.com/storage/docs/autoclass) enabled. Only one of AUTOCLASS_DISABLED or AUTOCLASS_ENABLED should be set. Scanning Autoclass-enabled buckets can affect object storage classes." ] } } }, "description": "Requirements that must be true before a Cloud Storage bucket or object is scanned in discovery for the first time. There is an AND relationship between the top-level attributes." }, "GooglePrivacyDlpV2AwsAccount": { "description": "AWS account.", "type": "object", "properties": { "accountId": { "description": "Required. AWS account ID.", "type": "string" } }, "id": "GooglePrivacyDlpV2AwsAccount" }, "GooglePrivacyDlpV2CharsToIgnore": { "description": "Characters to skip when doing deidentification of a value. These will be left alone and skipped.", "id": "GooglePrivacyDlpV2CharsToIgnore", "type": "object", "properties": { "charactersToSkip": { "description": "Characters to not transform when masking.", "type": "string" }, "commonCharactersToIgnore": { "description": "Common characters to not transform when masking. Useful to avoid removing punctuation.", "enumDescriptions": [ "Unused.", "0-9", "A-Z", "a-z", "US Punctuation, one of !\"#$%&'()*+,-./:;\u003c=\u003e?@[\\]^_`{|}~", "Whitespace character, one of [ \\t\\n\\x0B\\f\\r]" ], "enum": [ "COMMON_CHARS_TO_IGNORE_UNSPECIFIED", "NUMERIC", "ALPHA_UPPER_CASE", "ALPHA_LOWER_CASE", "PUNCTUATION", "WHITESPACE" ], "type": "string" } } }, "GooglePrivacyDlpV2PublishToStackdriver": { "description": "Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.", "id": "GooglePrivacyDlpV2PublishToStackdriver", "type": "object", "properties": {} }, "GooglePrivacyDlpV2DataProfilePubSubMessage": { "description": "Pub/Sub topic message for a DataProfileAction.PubSubNotification event. To receive a message of protocol buffer schema type, convert the message data to an object of this proto class.", "type": "object", "properties": { "fileStoreProfile": { "description": "If `DetailLevel` is `FILE_STORE_PROFILE` this will be fully populated. Otherwise, if `DetailLevel` is `RESOURCE_NAME`, then only `name` and `file_store_path` will be populated.", "$ref": "GooglePrivacyDlpV2FileStoreDataProfile" }, "event": { "type": "string", "enum": [ "EVENT_TYPE_UNSPECIFIED", "NEW_PROFILE", "CHANGED_PROFILE", "SCORE_INCREASED", "ERROR_CHANGED" ], "description": "The event that caused the Pub/Sub message to be sent.", "enumDescriptions": [ "Unused.", "New profile (not a re-profile).", "One of the following profile metrics changed: Data risk score, Sensitivity score, Resource visibility, Encryption type, Predicted infoTypes, Other infoTypes", "Table data risk score or sensitivity score increased.", "A user (non-internal) error occurred." ] }, "profile": { "description": "If `DetailLevel` is `TABLE_PROFILE` this will be fully populated. Otherwise, if `DetailLevel` is `RESOURCE_NAME`, then only `name` and `full_resource` will be populated.", "$ref": "GooglePrivacyDlpV2TableDataProfile" } }, "id": "GooglePrivacyDlpV2DataProfilePubSubMessage" }, "GooglePrivacyDlpV2ListInspectTemplatesResponse": { "description": "Response message for ListInspectTemplates.", "type": "object", "properties": { "nextPageToken": { "description": "If the next page is available then the next page token to be used in the following ListInspectTemplates request.", "type": "string" }, "inspectTemplates": { "description": "List of inspectTemplates, up to page_size in ListInspectTemplatesRequest.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InspectTemplate" } } }, "id": "GooglePrivacyDlpV2ListInspectTemplatesResponse" }, "GooglePrivacyDlpV2RecordCondition": { "description": "A condition for determining whether a transformation should be applied to a field.", "id": "GooglePrivacyDlpV2RecordCondition", "type": "object", "properties": { "expressions": { "description": "An expression.", "$ref": "GooglePrivacyDlpV2Expressions" } } }, "GooglePrivacyDlpV2PublishFindingsToDataplexCatalog": { "id": "GooglePrivacyDlpV2PublishFindingsToDataplexCatalog", "type": "object", "properties": {}, "description": "Publish findings of a DlpJob to Dataplex Universal Catalog as a `sensitive-data-protection-job-result` aspect. For more information, see [Send inspection results to Dataplex Universal Catalog as aspects](https://cloud.google.com/sensitive-data-protection/docs/add-aspects-inspection-job). Aspects are stored in Dataplex Universal Catalog storage and are governed by service-specific policies for Dataplex Universal Catalog. For more information, see [Service Specific Terms](https://cloud.google.com/terms/service-terms). Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect" }, "GooglePrivacyDlpV2InspectTemplate": { "description": "The inspectTemplate contains a configuration (set of types of sensitive data to be detected) to be used anywhere you otherwise would normally specify InspectConfig. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.", "type": "object", "properties": { "name": { "type": "string", "description": "Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID`;", "readOnly": true }, "updateTime": { "format": "google-datetime", "type": "string", "description": "Output only. The last update timestamp of an inspectTemplate.", "readOnly": true }, "description": { "description": "Short description (max 256 chars).", "type": "string" }, "createTime": { "description": "Output only. The creation timestamp of an inspectTemplate.", "readOnly": true, "type": "string", "format": "google-datetime" }, "inspectConfig": { "description": "The core content of the template. Configuration of the scanning process.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "displayName": { "description": "Display name (max 256 chars).", "type": "string" } }, "id": "GooglePrivacyDlpV2InspectTemplate" }, "GoogleTypeTimeOfDay": { "id": "GoogleTypeTimeOfDay", "type": "object", "properties": { "hours": { "type": "integer", "format": "int32", "description": "Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time." }, "minutes": { "description": "Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.", "type": "integer", "format": "int32" }, "seconds": { "description": "Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.", "type": "integer", "format": "int32" }, "nanos": { "format": "int32", "type": "integer", "description": "Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999." } }, "description": "Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`." }, "GooglePrivacyDlpV2SummaryResult": { "type": "object", "properties": { "code": { "enum": [ "TRANSFORMATION_RESULT_CODE_UNSPECIFIED", "SUCCESS", "ERROR" ], "type": "string", "description": "Outcome of the transformation.", "enumDescriptions": [ "Unused", "Transformation completed without an error.", "Transformation had an error." ] }, "count": { "description": "Number of transformations counted by this result.", "type": "string", "format": "int64" }, "details": { "description": "A place for warnings or errors to show up if a transformation didn't work as expected.", "type": "string" } }, "id": "GooglePrivacyDlpV2SummaryResult", "description": "A collection that informs the user the number of times a particular `TransformationResultCode` and error details occurred." }, "GooglePrivacyDlpV2DeltaPresenceEstimationConfig": { "id": "GooglePrivacyDlpV2DeltaPresenceEstimationConfig", "type": "object", "properties": { "auxiliaryTables": { "description": "Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2StatisticalTable" } }, "regionCode": { "description": "ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.", "type": "string" }, "quasiIds": { "description": "Required. Fields considered to be quasi-identifiers. No two fields can have the same tag.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2QuasiId" } } }, "description": "δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead." }, "GooglePrivacyDlpV2TransformationResultStatus": { "id": "GooglePrivacyDlpV2TransformationResultStatus", "type": "object", "properties": { "details": { "description": "Detailed error codes and messages", "$ref": "GoogleRpcStatus" }, "resultStatusType": { "description": "Transformation result status type, this will be either SUCCESS, or it will be the reason for why the transformation was not completely successful.", "enumDescriptions": [ "Unused.", "This will be set when a finding could not be transformed (i.e. outside user set bucket range).", "This will be set when a BigQuery transformation was successful but could not be stored back in BigQuery because the transformed row exceeds BigQuery's max row size.", "This will be set when there is a finding in the custom metadata of a file, but at the write time of the transformed file, this key / value pair is unretrievable.", "This will be set when the transformation and storing of it is successful." ], "type": "string", "enum": [ "STATE_TYPE_UNSPECIFIED", "INVALID_TRANSFORM", "BIGQUERY_MAX_ROW_SIZE_EXCEEDED", "METADATA_UNRETRIEVABLE", "SUCCESS" ] } }, "description": "The outcome of a transformation." }, "GooglePrivacyDlpV2BigQueryRegexes": { "description": "A collection of regular expressions to determine what tables to match against.", "type": "object", "properties": { "patterns": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2BigQueryRegex" }, "description": "A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables." } }, "id": "GooglePrivacyDlpV2BigQueryRegexes" }, "GooglePrivacyDlpV2Table": { "description": "Structured content to inspect. Up to 50,000 `Value`s per request allowed. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-structured-text#inspecting_a_table to learn more.", "type": "object", "properties": { "headers": { "description": "Headers of the table.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" } }, "rows": { "description": "Rows of the table.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Row" } } }, "id": "GooglePrivacyDlpV2Table" }, "GooglePrivacyDlpV2HybridInspectJobTriggerRequest": { "type": "object", "properties": { "hybridItem": { "description": "The item to inspect.", "$ref": "GooglePrivacyDlpV2HybridContentItem" } }, "id": "GooglePrivacyDlpV2HybridInspectJobTriggerRequest", "description": "Request to search for potentially sensitive info in a custom location." }, "GooglePrivacyDlpV2Domain": { "type": "object", "properties": { "category": { "description": "A domain category that this profile is related to.", "enumDescriptions": [ "Category unspecified.", "Indicates that the data profile is related to artificial intelligence. When set, all findings stored to Security Command Center will set the corresponding AI domain field of `Finding` objects.", "Indicates that the data profile is related to code." ], "enum": [ "CATEGORY_UNSPECIFIED", "AI", "CODE" ], "type": "string" }, "signals": { "type": "array", "items": { "enumDescriptions": [ "Unused.", "One or more machine learning models are present.", "A table appears to contain text embeddings.", "A table appears to contain embeddings of any type (for example, text, image, multimodal). The `TEXT_EMBEDDING` signal might also be present if the table contains text embeddings.", "The [Cloud SQL Vertex AI](https://cloud.google.com/sql/docs/postgres/integrate-cloud-sql-with-vertex-ai) plugin is installed on the database.", "Support for [Cloud SQL vector embeddings](https://cloud.google.com/sql/docs/mysql/enable-vector-search) is enabled on the database.", "Source code is present.", "If the service determines the category type. For example, Vertex AI assets would always have a `Category` of `AI`." ], "type": "string", "enum": [ "SIGNAL_UNSPECIFIED", "MODEL", "TEXT_EMBEDDING", "EMBEDDING", "VERTEX_PLUGIN", "VECTOR_PLUGIN", "SOURCE_CODE", "SERVICE" ] }, "description": "The collection of signals that influenced selection of the category." } }, "id": "GooglePrivacyDlpV2Domain", "description": "A domain represents a thematic category that a data profile can fall under." }, "GooglePrivacyDlpV2DeidentifyConfig": { "id": "GooglePrivacyDlpV2DeidentifyConfig", "type": "object", "properties": { "recordTransformations": { "description": "Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.", "$ref": "GooglePrivacyDlpV2RecordTransformations" }, "infoTypeTransformations": { "description": "Treat the dataset as free-form text and apply the same free text transformation everywhere.", "$ref": "GooglePrivacyDlpV2InfoTypeTransformations" }, "imageTransformations": { "description": "Treat the dataset as an image and redact.", "$ref": "GooglePrivacyDlpV2ImageTransformations" }, "transformationErrorHandling": { "description": "Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.", "$ref": "GooglePrivacyDlpV2TransformationErrorHandling" } }, "description": "The configuration that controls how the data will change." }, "GooglePrivacyDlpV2DateTime": { "type": "object", "properties": { "time": { "description": "Time of day", "$ref": "GoogleTypeTimeOfDay" }, "timeZone": { "description": "Time zone", "$ref": "GooglePrivacyDlpV2TimeZone" }, "date": { "description": "One or more of the following must be set. Must be a valid date or time value.", "$ref": "GoogleTypeDate" }, "dayOfWeek": { "description": "Day of week", "enumDescriptions": [ "The day of the week is unspecified.", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" ], "type": "string", "enum": [ "DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY" ] } }, "id": "GooglePrivacyDlpV2DateTime", "description": "Message for a date time object. e.g. 2018-01-01, 5th August." }, "GooglePrivacyDlpV2ListTableDataProfilesResponse": { "description": "List of profiles generated for a given organization or project.", "type": "object", "properties": { "nextPageToken": { "description": "The next page token.", "type": "string" }, "tableDataProfiles": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TableDataProfile" }, "description": "List of data profiles." } }, "id": "GooglePrivacyDlpV2ListTableDataProfilesResponse" }, "GooglePrivacyDlpV2PartitionId": { "id": "GooglePrivacyDlpV2PartitionId", "type": "object", "properties": { "projectId": { "description": "The ID of the project to which the entities belong.", "type": "string" }, "namespaceId": { "description": "If not empty, the ID of the namespace to which the entities belong.", "type": "string" } }, "description": "Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID." }, "GooglePrivacyDlpV2RiskAnalysisJobConfig": { "type": "object", "properties": { "privacyMetric": { "description": "Privacy metric to compute.", "$ref": "GooglePrivacyDlpV2PrivacyMetric" }, "actions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Action" }, "description": "Actions to execute at the completion of the job. Are executed in the order provided." }, "sourceTable": { "description": "Input dataset to compute metrics over.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "id": "GooglePrivacyDlpV2RiskAnalysisJobConfig", "description": "Configuration for a risk analysis job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-risk-analysis to learn more." }, "GooglePrivacyDlpV2PublishToChronicle": { "id": "GooglePrivacyDlpV2PublishToChronicle", "type": "object", "properties": {}, "description": "Message expressing intention to publish to Google Security Operations." }, "GooglePrivacyDlpV2AuxiliaryTable": { "description": "An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).", "id": "GooglePrivacyDlpV2AuxiliaryTable", "type": "object", "properties": { "table": { "description": "Required. Auxiliary table location.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "quasiIds": { "description": "Required. Quasi-identifier columns.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2QuasiIdField" } }, "relativeFrequency": { "description": "Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.", "$ref": "GooglePrivacyDlpV2FieldId" } } }, "GooglePrivacyDlpV2FileExtensionInfo": { "description": "Information regarding the discovered file extension.", "type": "object", "properties": { "fileExtension": { "description": "The file extension if set. (aka .pdf, .jpg, .txt)", "type": "string" } }, "id": "GooglePrivacyDlpV2FileExtensionInfo" }, "GooglePrivacyDlpV2UpdateJobTriggerRequest": { "id": "GooglePrivacyDlpV2UpdateJobTriggerRequest", "type": "object", "properties": { "updateMask": { "format": "google-fieldmask", "type": "string", "description": "Mask to control which fields get updated." }, "jobTrigger": { "description": "New JobTrigger value.", "$ref": "GooglePrivacyDlpV2JobTrigger" } }, "description": "Request message for UpdateJobTrigger." }, "GooglePrivacyDlpV2StoredInfoTypeConfig": { "id": "GooglePrivacyDlpV2StoredInfoTypeConfig", "type": "object", "properties": { "regex": { "description": "Store regular expression-based StoredInfoType.", "$ref": "GooglePrivacyDlpV2Regex" }, "largeCustomDictionary": { "description": "StoredInfoType where findings are defined by a dictionary of phrases.", "$ref": "GooglePrivacyDlpV2LargeCustomDictionaryConfig" }, "dictionary": { "description": "Store dictionary-based CustomInfoType.", "$ref": "GooglePrivacyDlpV2Dictionary" }, "description": { "description": "Description of the StoredInfoType (max 256 characters).", "type": "string" }, "displayName": { "description": "Display name of the StoredInfoType (max 256 characters).", "type": "string" } }, "description": "Configuration for stored infoTypes. All fields and subfield are provided by the user. For more information, see https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes." }, "GooglePrivacyDlpV2DeidentifyDataSourceDetails": { "type": "object", "properties": { "requestedOptions": { "description": "De-identification config used for the request.", "$ref": "GooglePrivacyDlpV2RequestedDeidentifyOptions" }, "deidentifyStats": { "description": "Stats about the de-identification operation.", "$ref": "GooglePrivacyDlpV2DeidentifyDataSourceStats" } }, "id": "GooglePrivacyDlpV2DeidentifyDataSourceDetails", "description": "The results of a Deidentify action from an inspect job." }, "GooglePrivacyDlpV2FileClusterSummary": { "type": "object", "properties": { "sensitivityScore": { "description": "The sensitivity score of this cluster. The score will be SENSITIVITY_LOW if nothing has been scanned.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "fileExtensionsScanned": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileExtensionInfo" }, "description": "A sample of file types scanned in this cluster. Empty if no files were scanned. File extensions can be derived from the file name or the file content." }, "dataRiskLevel": { "description": "The data risk level of this cluster. RISK_LOW if nothing has been scanned.", "$ref": "GooglePrivacyDlpV2DataRiskLevel" }, "noFilesExist": { "description": "True if no files exist in this cluster. If the file store had more files than could be listed, this will be false even if no files for this cluster were seen and file_extensions_seen is empty.", "type": "boolean" }, "fileStoreInfoTypeSummaries": { "description": "InfoTypes detected in this cluster.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileStoreInfoTypeSummary" } }, "fileExtensionsSeen": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileExtensionInfo" }, "description": "A sample of file types seen in this cluster. Empty if no files were seen. File extensions can be derived from the file name or the file content." }, "fileClusterType": { "description": "The file cluster type.", "$ref": "GooglePrivacyDlpV2FileClusterType" }, "errors": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" }, "description": "A list of errors detected while scanning this cluster. The list is truncated to 10 per cluster." } }, "id": "GooglePrivacyDlpV2FileClusterSummary", "description": "The file cluster summary." }, "GooglePrivacyDlpV2HybridInspectResponse": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2HybridInspectResponse", "description": "Quota exceeded errors will be thrown once quota has been met." }, "GooglePrivacyDlpV2Export": { "type": "object", "properties": { "profileTable": { "description": "Store all profiles to BigQuery. * The system will create a new dataset and table for you if none are are provided. The dataset will be named `sensitive_data_protection_discovery` and table will be named `discovery_profiles`. This table will be placed in the same project as the container project running the scan. After the first profile is generated and the dataset and table are created, the discovery scan configuration will be updated with the dataset and table names. * See [Analyze data profiles stored in BigQuery](https://cloud.google.com/sensitive-data-protection/docs/analyze-data-profiles). * See [Sample queries for your BigQuery table](https://cloud.google.com/sensitive-data-protection/docs/analyze-data-profiles#sample_sql_queries). * Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. * The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification. * The best practice is to use the same table for an entire organization so that you can take advantage of the [provided Looker reports](https://cloud.google.com/sensitive-data-protection/docs/analyze-data-profiles#use_a_premade_report). If you use VPC Service Controls to define security perimeters, then you must use a separate table for each boundary.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "sampleFindingsTable": { "description": "Store sample data profile findings in an existing table or a new table in an existing dataset. Each regeneration will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "id": "GooglePrivacyDlpV2Export", "description": "If set, the detailed data profiles will be persisted to the location of your choice whenever updated." }, "GooglePrivacyDlpV2ByteContentItem": { "type": "object", "properties": { "data": { "description": "Content data to inspect or redact.", "format": "byte", "type": "string" }, "type": { "description": "The type of data stored in the bytes string. Default will be TEXT_UTF8.", "enumDescriptions": [ "Unused", "Any image type.", "jpeg", "bmp", "png", "svg", "plain text", "docx, docm, dotx, dotm", "pdf", "pptx, pptm, potx, potm, pot", "xlsx, xlsm, xltx, xltm", "avro", "csv", "tsv", "Audio file types. Only used for profiling.", "Video file types. Only used for profiling.", "Executable file types. Only used for profiling.", "AI model file types. Only used for profiling." ], "type": "string", "enum": [ "BYTES_TYPE_UNSPECIFIED", "IMAGE", "IMAGE_JPEG", "IMAGE_BMP", "IMAGE_PNG", "IMAGE_SVG", "TEXT_UTF8", "WORD_DOCUMENT", "PDF", "POWERPOINT_DOCUMENT", "EXCEL_DOCUMENT", "AVRO", "CSV", "TSV", "AUDIO", "VIDEO", "EXECUTABLE", "AI_MODEL" ] } }, "id": "GooglePrivacyDlpV2ByteContentItem", "description": "Container for bytes to inspect or redact." }, "GooglePrivacyDlpV2NumericalStatsConfig": { "id": "GooglePrivacyDlpV2NumericalStatsConfig", "type": "object", "properties": { "field": { "description": "Field to compute numerical stats on. Supported types are integer, float, date, datetime, timestamp, time.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "description": "Compute numerical stats over an individual column, including min, max, and quantiles." }, "GooglePrivacyDlpV2MetadataLocation": { "id": "GooglePrivacyDlpV2MetadataLocation", "type": "object", "properties": { "storageLabel": { "description": "Storage metadata.", "$ref": "GooglePrivacyDlpV2StorageMetadataLabel" }, "type": { "type": "string", "enum": [ "METADATATYPE_UNSPECIFIED", "STORAGE_METADATA", "CONTENT_METADATA", "CLIENT_PROVIDED_METADATA" ], "description": "Type of metadata containing the finding.", "enumDescriptions": [ "Unused", "General file metadata provided by Cloud Storage.", "Metadata extracted from the files.", "Metadata provided by the client." ] }, "keyValueMetadataLabel": { "description": "Metadata key that contains the finding.", "$ref": "GooglePrivacyDlpV2KeyValueMetadataLabel" } }, "description": "Metadata Location" }, "GooglePrivacyDlpV2BucketingConfig": { "type": "object", "properties": { "buckets": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Bucket" }, "description": "Set of buckets. Ranges must be non-overlapping." } }, "id": "GooglePrivacyDlpV2BucketingConfig", "description": "Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW, 31-65 -\u003e MEDIUM, 66-100 -\u003e HIGH. This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more." }, "GooglePrivacyDlpV2InspectJobConfig": { "id": "GooglePrivacyDlpV2InspectJobConfig", "type": "object", "properties": { "storageConfig": { "description": "The data to scan.", "$ref": "GooglePrivacyDlpV2StorageConfig" }, "inspectTemplateName": { "description": "If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template.", "type": "string" }, "inspectConfig": { "description": "How and what to scan for.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "actions": { "description": "Actions to execute at the completion of the job.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Action" } } }, "description": "Controls what and how to inspect for findings." }, "GooglePrivacyDlpV2AdjustmentRule": { "id": "GooglePrivacyDlpV2AdjustmentRule", "type": "object", "properties": { "adjustByMatchingInfoTypes": { "description": "Set of infoTypes for which findings would affect this rule.", "$ref": "GooglePrivacyDlpV2AdjustByMatchingInfoTypes" }, "likelihoodAdjustment": { "description": "Likelihood adjustment to apply to the infoType.", "$ref": "GooglePrivacyDlpV2LikelihoodAdjustment" }, "adjustByImageFindings": { "description": "AdjustmentRule condition for image findings.", "$ref": "GooglePrivacyDlpV2AdjustByImageFindings" } }, "description": "Rule that specifies conditions when a certain infoType's finding details should be adjusted." }, "GooglePrivacyDlpV2Key": { "type": "object", "properties": { "partitionId": { "description": "Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.", "$ref": "GooglePrivacyDlpV2PartitionId" }, "path": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2PathElement" }, "description": "The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. A path can never be empty, and a path can have at most 100 elements." } }, "id": "GooglePrivacyDlpV2Key", "description": "A unique identifier for a Datastore entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts." }, "GooglePrivacyDlpV2KMapEstimationQuasiIdValues": { "id": "GooglePrivacyDlpV2KMapEstimationQuasiIdValues", "type": "object", "properties": { "estimatedAnonymity": { "type": "string", "format": "int64", "description": "The estimated anonymity for these quasi-identifier values." }, "quasiIdsValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" }, "description": "The quasi-identifier values." } }, "description": "A tuple of values for the quasi-identifier columns." }, "GooglePrivacyDlpV2UpdateDiscoveryConfigRequest": { "type": "object", "properties": { "discoveryConfig": { "description": "Required. New DiscoveryConfig value.", "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "updateMask": { "type": "string", "format": "google-fieldmask", "description": "Mask to control which fields get updated." } }, "id": "GooglePrivacyDlpV2UpdateDiscoveryConfigRequest", "description": "Request message for UpdateDiscoveryConfig." }, "GooglePrivacyDlpV2DataProfileBigQueryRowSchema": { "description": "The schema of data to be saved to the BigQuery table when the `DataProfileAction` is enabled.", "type": "object", "properties": { "tableProfile": { "description": "Table data profile column", "$ref": "GooglePrivacyDlpV2TableDataProfile" }, "columnProfile": { "description": "Column data profile column", "$ref": "GooglePrivacyDlpV2ColumnDataProfile" }, "fileStoreProfile": { "description": "File store data profile column.", "$ref": "GooglePrivacyDlpV2FileStoreDataProfile" } }, "id": "GooglePrivacyDlpV2DataProfileBigQueryRowSchema" }, "GooglePrivacyDlpV2VersionDescription": { "description": "Details about each available version for an infotype.", "type": "object", "properties": { "version": { "description": "Name of the version", "type": "string" }, "description": { "description": "Description of the version.", "type": "string" } }, "id": "GooglePrivacyDlpV2VersionDescription" }, "GooglePrivacyDlpV2Result": { "id": "GooglePrivacyDlpV2Result", "type": "object", "properties": { "hybridStats": { "description": "Statistics related to the processing of hybrid inspect.", "$ref": "GooglePrivacyDlpV2HybridInspectStatistics" }, "infoTypeStats": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeStats" }, "description": "Statistics of how many instances of each info type were found during inspect job." }, "processedBytes": { "description": "Total size in bytes that were processed.", "type": "string", "format": "int64" }, "totalEstimatedBytes": { "description": "Estimate of the number of bytes to process.", "format": "int64", "type": "string" }, "numRowsProcessed": { "type": "string", "format": "int64", "description": "Number of rows scanned after sampling and time filtering (applicable for row based stores such as BigQuery)." } }, "description": "All Result fields are updated while the job is processing." }, "GooglePrivacyDlpV2CategoricalStatsHistogramBucket": { "description": "Histogram of value frequencies in the column.", "type": "object", "properties": { "valueFrequencyUpperBound": { "format": "int64", "type": "string", "description": "Upper bound on the value frequency of the values in this bucket." }, "valueFrequencyLowerBound": { "description": "Lower bound on the value frequency of the values in this bucket.", "format": "int64", "type": "string" }, "bucketSize": { "description": "Total number of values in this bucket.", "type": "string", "format": "int64" }, "bucketValues": { "description": "Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ValueFrequency" } }, "bucketValueCount": { "description": "Total number of distinct values in this bucket.", "type": "string", "format": "int64" } }, "id": "GooglePrivacyDlpV2CategoricalStatsHistogramBucket" }, "GooglePrivacyDlpV2ThrowError": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2ThrowError", "description": "Throw an error and fail the request when a transformation error occurs." }, "GooglePrivacyDlpV2TransformationOverview": { "type": "object", "properties": { "transformationSummaries": { "description": "Transformations applied to the dataset.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TransformationSummary" } }, "transformedBytes": { "description": "Total size in bytes that were transformed in some way.", "format": "int64", "type": "string" } }, "id": "GooglePrivacyDlpV2TransformationOverview", "description": "Overview of the modifications that occurred." }, "GooglePrivacyDlpV2CloudStorageFileSet": { "id": "GooglePrivacyDlpV2CloudStorageFileSet", "type": "object", "properties": { "url": { "description": "The url, in the format `gs:///`. Trailing wildcard in the path is allowed.", "type": "string" } }, "description": "Message representing a set of files in Cloud Storage." }, "GooglePrivacyDlpV2DiscoveryCloudSqlGenerationCadence": { "description": "How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity.", "type": "object", "properties": { "schemaModifiedCadence": { "description": "When to reprofile if the schema has changed.", "$ref": "GooglePrivacyDlpV2SchemaModifiedCadence" }, "inspectTemplateModifiedCadence": { "description": "Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to update.", "$ref": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" }, "refreshFrequency": { "type": "string", "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "description": "Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changed. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] } }, "id": "GooglePrivacyDlpV2DiscoveryCloudSqlGenerationCadence" }, "GooglePrivacyDlpV2FileSet": { "id": "GooglePrivacyDlpV2FileSet", "type": "object", "properties": { "regexFileSet": { "description": "The regex-filtered set of files to scan. Exactly one of `url` or `regex_file_set` must be set.", "$ref": "GooglePrivacyDlpV2CloudStorageRegexFileSet" }, "url": { "description": "The Cloud Storage url of the file(s) to scan, in the format `gs:///`. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that `gs://mybucket/` is equivalent to `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to `gs://mybucket/directory/*`. Exactly one of `url` or `regex_file_set` must be set.", "type": "string" } }, "description": "Set of files to scan." }, "GooglePrivacyDlpV2AllOtherBigQueryTables": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2AllOtherBigQueryTables", "description": "Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target." }, "GooglePrivacyDlpV2CloudSqlDiscoveryTarget": { "type": "object", "properties": { "filter": { "description": "Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudSqlFilter" }, "disabled": { "description": "Disable profiling for database resources that match this filter.", "$ref": "GooglePrivacyDlpV2Disabled" }, "conditions": { "description": "In addition to matching the filter, these conditions must be true before a profile is generated.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudSqlConditions" }, "generationCadence": { "description": "How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudSqlGenerationCadence" } }, "id": "GooglePrivacyDlpV2CloudSqlDiscoveryTarget", "description": "Target used to match against for discovery with Cloud SQL tables." }, "GooglePrivacyDlpV2InfoTypeStats": { "id": "GooglePrivacyDlpV2InfoTypeStats", "type": "object", "properties": { "infoType": { "description": "The type of finding this stat is for.", "$ref": "GooglePrivacyDlpV2InfoType" }, "count": { "format": "int64", "type": "string", "description": "Number of findings for this infoType." } }, "description": "Statistics regarding a specific InfoType." }, "GooglePrivacyDlpV2DateShiftConfig": { "description": "Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/sensitive-data-protection/docs/concepts-date-shifting to learn more.", "type": "object", "properties": { "lowerBoundDays": { "description": "Required. For example, -5 means shift date to at most 5 days back in the past.", "type": "integer", "format": "int32" }, "context": { "description": "Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.", "$ref": "GooglePrivacyDlpV2FieldId" }, "upperBoundDays": { "description": "Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.", "type": "integer", "format": "int32" }, "cryptoKey": { "description": "Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.", "$ref": "GooglePrivacyDlpV2CryptoKey" } }, "id": "GooglePrivacyDlpV2DateShiftConfig" }, "GooglePrivacyDlpV2BoundingBox": { "description": "Bounding box encompassing detected text within an image.", "type": "object", "properties": { "top": { "description": "Top coordinate of the bounding box. (0,0) is upper left.", "format": "int32", "type": "integer" }, "left": { "type": "integer", "format": "int32", "description": "Left coordinate of the bounding box. (0,0) is upper left." }, "width": { "description": "Width of the bounding box in pixels.", "type": "integer", "format": "int32" }, "height": { "description": "Height of the bounding box in pixels.", "type": "integer", "format": "int32" } }, "id": "GooglePrivacyDlpV2BoundingBox" }, "GooglePrivacyDlpV2FileStoreRegex": { "description": "A pattern to match against one or more file stores.", "type": "object", "properties": { "cloudStorageRegex": { "description": "Optional. Regex for Cloud Storage.", "$ref": "GooglePrivacyDlpV2CloudStorageRegex" } }, "id": "GooglePrivacyDlpV2FileStoreRegex" }, "GooglePrivacyDlpV2QuasiIdField": { "type": "object", "properties": { "field": { "description": "Identifies the column.", "$ref": "GooglePrivacyDlpV2FieldId" }, "customTag": { "description": "A auxiliary field.", "type": "string" } }, "id": "GooglePrivacyDlpV2QuasiIdField", "description": "A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model." }, "GooglePrivacyDlpV2TransientCryptoKey": { "type": "object", "properties": { "name": { "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", "type": "string" } }, "id": "GooglePrivacyDlpV2TransientCryptoKey", "description": "Use this to have a random data crypto key generated. It will be discarded after the request finishes." }, "GooglePrivacyDlpV2PrivacyMetric": { "type": "object", "properties": { "kAnonymityConfig": { "description": "K-anonymity", "$ref": "GooglePrivacyDlpV2KAnonymityConfig" }, "kMapEstimationConfig": { "description": "k-map", "$ref": "GooglePrivacyDlpV2KMapEstimationConfig" }, "deltaPresenceEstimationConfig": { "description": "delta-presence", "$ref": "GooglePrivacyDlpV2DeltaPresenceEstimationConfig" }, "lDiversityConfig": { "description": "l-diversity", "$ref": "GooglePrivacyDlpV2LDiversityConfig" }, "categoricalStatsConfig": { "description": "Categorical stats", "$ref": "GooglePrivacyDlpV2CategoricalStatsConfig" }, "numericalStatsConfig": { "description": "Numerical stats", "$ref": "GooglePrivacyDlpV2NumericalStatsConfig" } }, "id": "GooglePrivacyDlpV2PrivacyMetric", "description": "Privacy metric to compute for reidentification risk analysis." }, "GooglePrivacyDlpV2InspectContentResponse": { "description": "Results of inspecting an item.", "type": "object", "properties": { "result": { "description": "The findings.", "$ref": "GooglePrivacyDlpV2InspectResult" } }, "id": "GooglePrivacyDlpV2InspectContentResponse" }, "GooglePrivacyDlpV2FindingLimits": { "description": "Configuration to control the number of findings returned for inspection. This is not used for de-identification or data profiling. When redacting sensitive data from images, finding limits don't apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don't include finding limits in RedactImage requests. Otherwise, Cloud DLP returns an error.", "id": "GooglePrivacyDlpV2FindingLimits", "type": "object", "properties": { "maxFindingsPerRequest": { "format": "int32", "type": "integer", "description": "Max number of findings that are returned per request or job. If you set this field in an InspectContentRequest, the resulting maximum value is the value that you set or 3,000, whichever is lower. This value isn't a hard limit. If an inspection reaches this limit, the inspection ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than this value." }, "maxFindingsPerInfoType": { "description": "Configuration of findings limit given for specified infoTypes.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeLimit" } }, "maxFindingsPerItem": { "description": "Max number of findings that are returned for each item scanned. When set within an InspectContentRequest, this field is ignored. This value isn't a hard limit. If the number of findings for an item reaches this limit, the inspection of that item ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns for the item can be multiple times higher than this value.", "format": "int32", "type": "integer" } } }, "GooglePrivacyDlpV2ReidentifyContentRequest": { "description": "Request to re-identify an item.", "type": "object", "properties": { "inspectTemplateName": { "description": "Template to use. Any configuration directly specified in `inspect_config` will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.", "type": "string" }, "reidentifyTemplateName": { "description": "Template to use. References an instance of `DeidentifyTemplate`. Any configuration directly specified in `reidentify_config` or `inspect_config` will override those set in the template. The `DeidentifyTemplate` used must include only reversible transformations. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.", "type": "string" }, "inspectConfig": { "description": "Configuration for the inspector.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "item": { "description": "The item to re-identify. Will be treated as text.", "$ref": "GooglePrivacyDlpV2ContentItem" }, "reidentifyConfig": { "description": "Configuration for the re-identification of the content item. This field shares the same proto message type that is used for de-identification, however its usage here is for the reversal of the previous de-identification. Re-identification is performed by examining the transformations used to de-identify the items and executing the reverse. This requires that only reversible transformations be provided here. The reversible transformations are: - `CryptoDeterministicConfig` - `CryptoReplaceFfxFpeConfig`", "$ref": "GooglePrivacyDlpV2DeidentifyConfig" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "id": "GooglePrivacyDlpV2ReidentifyContentRequest" }, "GooglePrivacyDlpV2PubSubCondition": { "description": "A condition consisting of a value.", "id": "GooglePrivacyDlpV2PubSubCondition", "type": "object", "properties": { "minimumRiskScore": { "enum": [ "PROFILE_SCORE_BUCKET_UNSPECIFIED", "HIGH", "MEDIUM_OR_HIGH" ], "type": "string", "description": "The minimum data risk score that triggers the condition.", "enumDescriptions": [ "Unused.", "High risk/sensitivity detected.", "Medium or high risk/sensitivity detected." ] }, "minimumSensitivityScore": { "description": "The minimum sensitivity level that triggers the condition.", "enumDescriptions": [ "Unused.", "High risk/sensitivity detected.", "Medium or high risk/sensitivity detected." ], "type": "string", "enum": [ "PROFILE_SCORE_BUCKET_UNSPECIFIED", "HIGH", "MEDIUM_OR_HIGH" ] } } }, "GooglePrivacyDlpV2CustomInfoType": { "id": "GooglePrivacyDlpV2CustomInfoType", "type": "object", "properties": { "metadataKeyValueExpression": { "description": "Key-value pair to detect in the metadata.", "$ref": "GooglePrivacyDlpV2MetadataKeyValueExpression" }, "regex": { "description": "Regular expression based CustomInfoType.", "$ref": "GooglePrivacyDlpV2Regex" }, "sensitivityScore": { "description": "Sensitivity for this CustomInfoType. If this CustomInfoType extends an existing InfoType, the sensitivity here will take precedence over that of the original InfoType. If unset for a CustomInfoType, it will default to HIGH. This only applies to data profiling.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "exclusionType": { "type": "string", "enum": [ "EXCLUSION_TYPE_UNSPECIFIED", "EXCLUSION_TYPE_EXCLUDE" ], "description": "If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Only supported for the `dictionary`, `regex`, and `stored_type` CustomInfoTypes.", "enumDescriptions": [ "A finding of this custom info type will not be excluded from results.", "A finding of this custom info type will be excluded from final results, but can still affect rule execution." ] }, "surrogateType": { "description": "Message for detecting output from deidentification transformations that support reversing.", "$ref": "GooglePrivacyDlpV2SurrogateType" }, "detectionRules": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DetectionRule" }, "description": "Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in the order that they are specified. Only supported for the `dictionary`, `regex`, and `stored_type` CustomInfoTypes." }, "likelihood": { "description": "Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ], "type": "string" }, "storedType": { "description": "Loads an existing `StoredInfoType` resource.", "$ref": "GooglePrivacyDlpV2StoredType" }, "infoType": { "description": "CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type.", "$ref": "GooglePrivacyDlpV2InfoType" }, "dictionary": { "description": "A list of phrases to detect as a CustomInfoType.", "$ref": "GooglePrivacyDlpV2Dictionary" } }, "description": "Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question." }, "GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues": { "type": "object", "properties": { "quasiIdsValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" }, "description": "The quasi-identifier values." }, "estimatedProbability": { "description": "The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside *and* outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi-identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15.", "format": "double", "type": "number" } }, "id": "GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues", "description": "A tuple of values for the quasi-identifier columns." }, "GooglePrivacyDlpV2LargeCustomDictionaryConfig": { "id": "GooglePrivacyDlpV2LargeCustomDictionaryConfig", "type": "object", "properties": { "outputPath": { "description": "Location to store dictionary artifacts in Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.", "$ref": "GooglePrivacyDlpV2CloudStoragePath" }, "cloudStorageFileSet": { "description": "Set of files containing newline-delimited lists of dictionary phrases.", "$ref": "GooglePrivacyDlpV2CloudStorageFileSet" }, "bigQueryField": { "description": "Field in a BigQuery table where each cell represents a dictionary phrase.", "$ref": "GooglePrivacyDlpV2BigQueryField" } }, "description": "Configuration for a custom dictionary created from a data source of any size up to the maximum size defined in the [limits](https://cloud.google.com/sensitive-data-protection/limits) page. The artifacts of dictionary creation are stored in the specified Cloud Storage location. Consider using `CustomInfoType.Dictionary` for smaller dictionaries that satisfy the size requirements." }, "GooglePrivacyDlpV2DataProfileFindingLocation": { "description": "Location of a data profile finding within a resource.", "id": "GooglePrivacyDlpV2DataProfileFindingLocation", "type": "object", "properties": { "containerName": { "description": "Name of the container where the finding is located. The top-level name is the source file name or table name. Names of some common storage containers are formatted as follows: * BigQuery tables: `{project_id}:{dataset_id}.{table_id}` * Cloud Storage files: `gs://{bucket}/{path}`", "type": "string" }, "dataProfileFindingRecordLocation": { "description": "Location of a finding within a resource that produces a table data profile.", "$ref": "GooglePrivacyDlpV2DataProfileFindingRecordLocation" } } }, "GooglePrivacyDlpV2TransformationConfig": { "description": "User specified templates and configs for how to deidentify structured, unstructures, and image files. User must provide either a unstructured deidentify template or at least one redact image config.", "id": "GooglePrivacyDlpV2TransformationConfig", "type": "object", "properties": { "imageRedactTemplate": { "description": "Image redact template. If this template is specified, it will serve as the de-identify template for images. If this template is not set, all findings in the image will be redacted with a black box.", "type": "string" }, "deidentifyTemplate": { "description": "De-identify template. If this template is specified, it will serve as the default de-identify template. This template cannot contain `record_transformations` since it can be used for unstructured content such as free-form text files. If this template is not set, a default `ReplaceWithInfoTypeConfig` will be used to de-identify unstructured content.", "type": "string" }, "structuredDeidentifyTemplate": { "description": "Structured de-identify template. If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables. If this template is not set but the `deidentify_template` is set, then `deidentify_template` will also apply to the structured content. If neither template is set, a default `ReplaceWithInfoTypeConfig` will be used to de-identify structured content.", "type": "string" } } }, "GooglePrivacyDlpV2TagValue": { "type": "object", "properties": { "namespacedValue": { "description": "The namespaced name for the tag value to attach to resources. Must be in the format `{parent_id}/{tag_key_short_name}/{short_name}`, for example, \"123456/environment/prod\" for an organization parent, or \"my-project/environment/prod\" for a project parent.", "type": "string" } }, "id": "GooglePrivacyDlpV2TagValue", "description": "A value of a tag." }, "GooglePrivacyDlpV2BigQueryKey": { "id": "GooglePrivacyDlpV2BigQueryKey", "type": "object", "properties": { "tableReference": { "description": "Complete BigQuery table reference.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "rowNumber": { "description": "Row number inferred at the time the table was scanned. This value is nondeterministic, cannot be queried, and may be null for inspection jobs. To locate findings within a table, specify `inspect_job.storage_config.big_query_options.identifying_fields` in `CreateDlpJobRequest`.", "type": "string", "format": "int64" } }, "description": "Row key for identifying a record in BigQuery table." }, "GooglePrivacyDlpV2ImageFallbackLocation": { "type": "object", "properties": { "multiRegionProcessing": { "description": "Processing occurs in a multi-region that contains the current region if available.", "$ref": "GooglePrivacyDlpV2MultiRegionProcessing" }, "globalProcessing": { "description": "Processing occurs in the global region.", "$ref": "GooglePrivacyDlpV2GlobalProcessing" } }, "id": "GooglePrivacyDlpV2ImageFallbackLocation", "description": "Configure image processing to fall back to any of the following processing options if image processing is unavailable in the original request location." }, "GooglePrivacyDlpV2DetectionRule": { "description": "Deprecated; use `InspectionRuleSet` instead. Rule for modifying a `CustomInfoType` to alter behavior under certain circumstances, depending on the specific details of the rule. Not supported for the `surrogate_type` custom infoType.", "id": "GooglePrivacyDlpV2DetectionRule", "type": "object", "properties": { "hotwordRule": { "description": "Hotword-based detection rule.", "$ref": "GooglePrivacyDlpV2HotwordRule" } } }, "GooglePrivacyDlpV2ContentItem": { "id": "GooglePrivacyDlpV2ContentItem", "type": "object", "properties": { "table": { "description": "Structured content for inspection. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-text#inspecting_a_table to learn more.", "$ref": "GooglePrivacyDlpV2Table" }, "contentMetadata": { "description": "User provided metadata for the content.", "$ref": "GooglePrivacyDlpV2ContentMetadata" }, "value": { "description": "String data to inspect or redact.", "type": "string" }, "byteItem": { "description": "Content data to inspect or redact. Replaces `type` and `data`.", "$ref": "GooglePrivacyDlpV2ByteContentItem" } }, "description": "Type of content to inspect." }, "GooglePrivacyDlpV2DiscoveryBigQueryFilter": { "type": "object", "properties": { "otherTables": { "description": "Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.", "$ref": "GooglePrivacyDlpV2AllOtherBigQueryTables" }, "tables": { "description": "A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.", "$ref": "GooglePrivacyDlpV2BigQueryTableCollection" }, "tableReference": { "description": "The table to scan. Discovery configurations including this can only include one DiscoveryTarget (the DiscoveryTarget with this TableReference).", "$ref": "GooglePrivacyDlpV2TableReference" } }, "id": "GooglePrivacyDlpV2DiscoveryBigQueryFilter", "description": "Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID." }, "GooglePrivacyDlpV2ImageContainmentType": { "description": "Specifies the relationship between bounding boxes for image findings.", "id": "GooglePrivacyDlpV2ImageContainmentType", "type": "object", "properties": { "encloses": { "description": "The context finding's bounding box must fully contain the target finding's bounding box.", "$ref": "GooglePrivacyDlpV2Encloses" }, "fullyInside": { "description": "The context finding's bounding box must be fully inside the target finding's bounding box.", "$ref": "GooglePrivacyDlpV2FullyInside" }, "overlaps": { "description": "The context finding's bounding box and the target finding's bounding box must have a non-zero intersection.", "$ref": "GooglePrivacyDlpV2Overlap" } } }, "GooglePrivacyDlpV2InspectDataSourceDetails": { "description": "The results of an inspect DataSource job.", "type": "object", "properties": { "requestedOptions": { "description": "The configuration used for this job.", "$ref": "GooglePrivacyDlpV2RequestedOptions" }, "result": { "description": "A summary of the outcome of this inspection job.", "$ref": "GooglePrivacyDlpV2Result" } }, "id": "GooglePrivacyDlpV2InspectDataSourceDetails" }, "GooglePrivacyDlpV2SchemaModifiedCadence": { "type": "object", "properties": { "types": { "description": "The types of schema modifications to consider. Defaults to NEW_COLUMNS.", "type": "array", "items": { "type": "string", "enum": [ "SQL_SCHEMA_MODIFICATION_UNSPECIFIED", "NEW_COLUMNS", "REMOVED_COLUMNS" ], "enumDescriptions": [ "Unused.", "New columns have appeared.", "Columns have been removed from the table." ] } }, "frequency": { "description": "Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ], "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string" } }, "id": "GooglePrivacyDlpV2SchemaModifiedCadence", "description": "How frequently to modify the profile when the table's schema is modified." }, "GooglePrivacyDlpV2MultiRegionProcessing": { "id": "GooglePrivacyDlpV2MultiRegionProcessing", "type": "object", "properties": {}, "description": "Processing occurs in a multi-region that contains the current region if available." }, "GooglePrivacyDlpV2InfoTypeTransformations": { "id": "GooglePrivacyDlpV2InfoTypeTransformations", "type": "object", "properties": { "transformations": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeTransformation" }, "description": "Required. Transformation for each infoType. Cannot specify more than one for a given infoType." } }, "description": "A type of transformation that will scan unstructured text and apply various `PrimitiveTransformation`s to each finding, where the transformation is applied to only values that were identified as a specific info_type." }, "GooglePrivacyDlpV2Color": { "type": "object", "properties": { "red": { "description": "The amount of red in the color as a value in the interval [0, 1].", "format": "float", "type": "number" }, "green": { "description": "The amount of green in the color as a value in the interval [0, 1].", "type": "number", "format": "float" }, "blue": { "type": "number", "format": "float", "description": "The amount of blue in the color as a value in the interval [0, 1]." } }, "id": "GooglePrivacyDlpV2Color", "description": "Represents a color in the RGB color space." }, "GooglePrivacyDlpV2HybridOptions": { "id": "GooglePrivacyDlpV2HybridOptions", "type": "object", "properties": { "description": { "description": "A short description of where the data is coming from. Will be stored once in the job. 256 max length.", "type": "string" }, "requiredFindingLabelKeys": { "type": "array", "items": { "type": "string" }, "description": "These are labels that each inspection request must include within their 'finding_labels' map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can be required." }, "labels": { "description": "To organize findings, these labels will be added to each finding. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 10 labels can be associated with a given finding. Examples: * `\"environment\" : \"production\"` * `\"pipeline\" : \"etl\"`", "additionalProperties": { "type": "string" }, "type": "object" }, "tableOptions": { "description": "If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.", "$ref": "GooglePrivacyDlpV2TableOptions" } }, "description": "Configuration to control jobs where the content being inspected is outside of Google Cloud Platform." }, "GooglePrivacyDlpV2HybridContentItem": { "description": "An individual hybrid item to inspect. Will be stored temporarily during processing.", "type": "object", "properties": { "item": { "description": "The item to inspect.", "$ref": "GooglePrivacyDlpV2ContentItem" }, "findingDetails": { "description": "Supplementary information that will be added to each finding.", "$ref": "GooglePrivacyDlpV2HybridFindingDetails" } }, "id": "GooglePrivacyDlpV2HybridContentItem" }, "GooglePrivacyDlpV2RecordTransformations": { "type": "object", "properties": { "recordSuppressions": { "description": "Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2RecordSuppression" } }, "fieldTransformations": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldTransformation" }, "description": "Transform the record by applying various field transformations." } }, "id": "GooglePrivacyDlpV2RecordTransformations", "description": "A type of transformation that is applied over structured data such as a table." }, "GooglePrivacyDlpV2TagResources": { "id": "GooglePrivacyDlpV2TagResources", "type": "object", "properties": { "tagConditions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TagCondition" }, "description": "The tags to associate with different conditions." }, "profileGenerationsToTag": { "description": "The profile generations for which the tag should be attached to resources. If you attach a tag to only new profiles, then if the sensitivity score of a profile subsequently changes, its tag doesn't change. By default, this field includes only new profiles. To include both new and updated profiles for tagging, this field should explicitly include both `PROFILE_GENERATION_NEW` and `PROFILE_GENERATION_UPDATE`.", "type": "array", "items": { "enumDescriptions": [ "Unused.", "The profile is the first profile for the resource.", "The profile is an update to a previous profile." ], "enum": [ "PROFILE_GENERATION_UNSPECIFIED", "PROFILE_GENERATION_NEW", "PROFILE_GENERATION_UPDATE" ], "type": "string" } }, "lowerDataRiskToLow": { "description": "Whether applying a tag to a resource should lower the risk of the profile for that resource. For example, in conjunction with an [IAM deny policy](https://cloud.google.com/iam/docs/deny-overview), you can deny all principals a permission if a tag value is present, mitigating the risk of the resource. This also lowers the data risk of resources at the lower levels of the resource hierarchy. For example, reducing the data risk of a table data profile also reduces the data risk of the constituent column data profiles.", "type": "boolean" } }, "description": "If set, attaches the [tags] (https://cloud.google.com/resource-manager/docs/tags/tags-overview) provided to profiled resources. Tags support [access control](https://cloud.google.com/iam/docs/tags-access-control). You can conditionally grant or deny access to a resource based on whether the resource has a specific tag." }, "GooglePrivacyDlpV2InfoTypeTransformation": { "id": "GooglePrivacyDlpV2InfoTypeTransformation", "type": "object", "properties": { "primitiveTransformation": { "description": "Required. Primitive transformation to apply to the infoType.", "$ref": "GooglePrivacyDlpV2PrimitiveTransformation" }, "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`." } }, "description": "A transformation to apply to text that is identified as a specific info_type." }, "GooglePrivacyDlpV2CryptoHashConfig": { "id": "GooglePrivacyDlpV2CryptoHashConfig", "type": "object", "properties": { "cryptoKey": { "description": "The key used by the hash function.", "$ref": "GooglePrivacyDlpV2CryptoKey" } }, "description": "Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more." }, "GooglePrivacyDlpV2PublishToSecurityCommandCenter": { "id": "GooglePrivacyDlpV2PublishToSecurityCommandCenter", "type": "object", "properties": {}, "description": "If set, a summary finding will be created or updated in Security Command Center for each profile." }, "GooglePrivacyDlpV2ListStoredInfoTypesResponse": { "type": "object", "properties": { "storedInfoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "description": "List of storedInfoTypes, up to page_size in ListStoredInfoTypesRequest." }, "nextPageToken": { "description": "If the next page is available then the next page token to be used in the following ListStoredInfoTypes request.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListStoredInfoTypesResponse", "description": "Response message for ListStoredInfoTypes." }, "GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails": { "id": "GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails", "type": "object", "properties": { "requestedOptions": { "description": "The configuration used for this job.", "$ref": "GooglePrivacyDlpV2RequestedRiskAnalysisOptions" }, "numericalStatsResult": { "description": "Numerical stats result", "$ref": "GooglePrivacyDlpV2NumericalStatsResult" }, "lDiversityResult": { "description": "L-divesity result", "$ref": "GooglePrivacyDlpV2LDiversityResult" }, "deltaPresenceEstimationResult": { "description": "Delta-presence result", "$ref": "GooglePrivacyDlpV2DeltaPresenceEstimationResult" }, "requestedSourceTable": { "description": "Input dataset to compute metrics over.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "kMapEstimationResult": { "description": "K-map result", "$ref": "GooglePrivacyDlpV2KMapEstimationResult" }, "kAnonymityResult": { "description": "K-anonymity result", "$ref": "GooglePrivacyDlpV2KAnonymityResult" }, "categoricalStatsResult": { "description": "Categorical stats result", "$ref": "GooglePrivacyDlpV2CategoricalStatsResult" }, "requestedPrivacyMetric": { "description": "Privacy metric to compute.", "$ref": "GooglePrivacyDlpV2PrivacyMetric" } }, "description": "Result of a risk analysis operation request." }, "GooglePrivacyDlpV2TransformationSummary": { "id": "GooglePrivacyDlpV2TransformationSummary", "type": "object", "properties": { "transformation": { "description": "The specific transformation these stats apply to.", "$ref": "GooglePrivacyDlpV2PrimitiveTransformation" }, "results": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2SummaryResult" }, "description": "Collection of all transformations that took place or had an error." }, "transformedBytes": { "description": "Total size in bytes that were transformed in some way.", "type": "string", "format": "int64" }, "fieldTransformations": { "description": "The field transformation that was applied. If multiple field transformations are requested for a single field, this list will contain all of them; otherwise, only one is supplied.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldTransformation" } }, "recordSuppress": { "description": "The specific suppression option these stats apply to.", "$ref": "GooglePrivacyDlpV2RecordSuppression" }, "field": { "description": "Set if the transformation was limited to a specific FieldId.", "$ref": "GooglePrivacyDlpV2FieldId" }, "infoType": { "description": "Set if the transformation was limited to a specific InfoType.", "$ref": "GooglePrivacyDlpV2InfoType" } }, "description": "Summary of a single transformation. Only one of 'transformation', 'field_transformation', or 'record_suppress' will be set." }, "GooglePrivacyDlpV2Conditions": { "type": "object", "properties": { "conditions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Condition" }, "description": "A collection of conditions." } }, "id": "GooglePrivacyDlpV2Conditions", "description": "A collection of conditions." }, "GooglePrivacyDlpV2Trigger": { "id": "GooglePrivacyDlpV2Trigger", "type": "object", "properties": { "schedule": { "description": "Create a job on a repeating basis based on the elapse of time.", "$ref": "GooglePrivacyDlpV2Schedule" }, "manual": { "description": "For use with hybrid jobs. Jobs must be manually created and finished.", "$ref": "GooglePrivacyDlpV2Manual" } }, "description": "What event needs to occur for a new job to be started." }, "GooglePrivacyDlpV2CreateStoredInfoTypeRequest": { "description": "Request message for CreateStoredInfoType.", "type": "object", "properties": { "config": { "description": "Required. Configuration of the storedInfoType to create.", "$ref": "GooglePrivacyDlpV2StoredInfoTypeConfig" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" }, "storedInfoTypeId": { "description": "The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" } }, "id": "GooglePrivacyDlpV2CreateStoredInfoTypeRequest" }, "GooglePrivacyDlpV2DeidentifyContentRequest": { "description": "Request to de-identify a ContentItem.", "type": "object", "properties": { "deidentifyConfig": { "description": "Configuration for the de-identification of the content item. Items specified here will override the template referenced by the deidentify_template_name argument.", "$ref": "GooglePrivacyDlpV2DeidentifyConfig" }, "inspectConfig": { "description": "Configuration for the inspector. Items specified here will override the template referenced by the inspect_template_name argument.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "item": { "description": "The item to de-identify. Will be treated as text. This value must be of type Table if your deidentify_config is a RecordTransformations object.", "$ref": "GooglePrivacyDlpV2ContentItem" }, "inspectTemplateName": { "description": "Template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.", "type": "string" }, "deidentifyTemplateName": { "description": "Template to use. Any configuration directly specified in deidentify_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.", "type": "string" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "id": "GooglePrivacyDlpV2DeidentifyContentRequest" }, "GooglePrivacyDlpV2OtherCloudResourceCollection": { "description": "Match resources using regex filters.", "id": "GooglePrivacyDlpV2OtherCloudResourceCollection", "type": "object", "properties": { "includeRegexes": { "description": "A collection of regular expressions to match a resource against.", "$ref": "GooglePrivacyDlpV2OtherCloudResourceRegexes" } } }, "GooglePrivacyDlpV2WordList": { "description": "Message defining a list of words or phrases to search for in the data.", "type": "object", "properties": { "words": { "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", "type": "array", "items": { "type": "string" } } }, "id": "GooglePrivacyDlpV2WordList" }, "GooglePrivacyDlpV2CategoricalStatsResult": { "type": "object", "properties": { "valueFrequencyHistogramBuckets": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2CategoricalStatsHistogramBucket" }, "description": "Histogram of value frequencies in the column." } }, "id": "GooglePrivacyDlpV2CategoricalStatsResult", "description": "Result of the categorical stats computation." }, "GooglePrivacyDlpV2DiscoveryCloudSqlConditions": { "description": "Requirements that must be true before a table is profiled for the first time.", "type": "object", "properties": { "databaseEngines": { "description": "Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.", "type": "array", "items": { "type": "string", "enum": [ "DATABASE_ENGINE_UNSPECIFIED", "ALL_SUPPORTED_DATABASE_ENGINES", "MYSQL", "POSTGRES" ], "enumDescriptions": [ "Unused.", "Include all supported database engines.", "MySQL database.", "PostgreSQL database." ] } }, "types": { "type": "array", "items": { "enumDescriptions": [ "Unused.", "Includes database resource types that become supported at a later time.", "Tables." ], "enum": [ "DATABASE_RESOURCE_TYPE_UNSPECIFIED", "DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES", "DATABASE_RESOURCE_TYPE_TABLE" ], "type": "string" }, "description": "Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES]." } }, "id": "GooglePrivacyDlpV2DiscoveryCloudSqlConditions" }, "GooglePrivacyDlpV2TimeZone": { "id": "GooglePrivacyDlpV2TimeZone", "type": "object", "properties": { "offsetMinutes": { "format": "int32", "type": "integer", "description": "Set only if the offset can be determined. Positive for time ahead of UTC. E.g. For \"UTC-9\", this value is -540." } }, "description": "Time zone of the date time object." }, "GooglePrivacyDlpV2HybridInspectDlpJobRequest": { "type": "object", "properties": { "hybridItem": { "description": "The item to inspect.", "$ref": "GooglePrivacyDlpV2HybridContentItem" } }, "id": "GooglePrivacyDlpV2HybridInspectDlpJobRequest", "description": "Request to search for potentially sensitive info in a custom location." }, "GooglePrivacyDlpV2DeidentifyTemplate": { "description": "DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.", "type": "object", "properties": { "updateTime": { "description": "Output only. The last update timestamp of an inspectTemplate.", "readOnly": true, "type": "string", "format": "google-datetime" }, "name": { "description": "Output only. The template name. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID`", "readOnly": true, "type": "string" }, "displayName": { "description": "Display name (max 256 chars).", "type": "string" }, "description": { "description": "Short description (max 256 chars).", "type": "string" }, "createTime": { "type": "string", "format": "google-datetime", "description": "Output only. The creation timestamp of an inspectTemplate.", "readOnly": true }, "deidentifyConfig": { "description": "The core content of the template.", "$ref": "GooglePrivacyDlpV2DeidentifyConfig" } }, "id": "GooglePrivacyDlpV2DeidentifyTemplate" }, "GooglePrivacyDlpV2RelatedResource": { "description": "A related resource. Examples: * The source BigQuery table for a Vertex AI dataset. * The source Cloud Storage bucket for a Vertex AI dataset.", "type": "object", "properties": { "fullResource": { "description": "The full resource name of the related resource.", "type": "string" } }, "id": "GooglePrivacyDlpV2RelatedResource" }, "GooglePrivacyDlpV2RecordTransformation": { "description": "The field in a record to transform.", "type": "object", "properties": { "containerTimestamp": { "format": "google-datetime", "type": "string", "description": "Findings container modification timestamp, if applicable." }, "containerVersion": { "description": "Container version, if available (\"generation\" for Cloud Storage).", "type": "string" }, "fieldId": { "description": "For record transformations, provide a field.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2RecordTransformation" }, "GooglePrivacyDlpV2DiscoveryOtherCloudGenerationCadence": { "id": "GooglePrivacyDlpV2DiscoveryOtherCloudGenerationCadence", "type": "object", "properties": { "refreshFrequency": { "type": "string", "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "description": "Optional. Frequency to update profiles regardless of whether the underlying resource has changes. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] }, "inspectTemplateModifiedCadence": { "description": "Optional. Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to update.", "$ref": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" } }, "description": "How often existing resources should have their profiles refreshed. New resources are scanned as quickly as possible depending on system capacity." }, "GooglePrivacyDlpV2FieldId": { "description": "General identifier of a data field in a storage service.", "type": "object", "properties": { "name": { "description": "Name describing the field.", "type": "string" } }, "id": "GooglePrivacyDlpV2FieldId" }, "GooglePrivacyDlpV2DatastoreKey": { "type": "object", "properties": { "entityKey": { "description": "Datastore entity key.", "$ref": "GooglePrivacyDlpV2Key" } }, "id": "GooglePrivacyDlpV2DatastoreKey", "description": "Record key for a finding in Cloud Datastore." }, "GooglePrivacyDlpV2StoredInfoTypeVersion": { "id": "GooglePrivacyDlpV2StoredInfoTypeVersion", "type": "object", "properties": { "errors": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" }, "description": "Errors that occurred when creating this storedInfoType version, or anomalies detected in the storedInfoType data that render it unusable. Only the five most recent errors will be displayed, with the most recent error appearing first. For example, some of the data for stored custom dictionaries is put in the user's Cloud Storage bucket, and if this data is modified or deleted by the user or another system, the dictionary becomes invalid. If any errors occur, fix the problem indicated by the error message and use the UpdateStoredInfoType API method to create another version of the storedInfoType to continue using it, reusing the same `config` if it was not the source of the error." }, "config": { "description": "StoredInfoType configuration.", "$ref": "GooglePrivacyDlpV2StoredInfoTypeConfig" }, "stats": { "description": "Statistics about this storedInfoType version.", "$ref": "GooglePrivacyDlpV2StoredInfoTypeStats" }, "createTime": { "type": "string", "format": "google-datetime", "description": "Create timestamp of the version. Read-only, determined by the system when the version is created." }, "state": { "enum": [ "STORED_INFO_TYPE_STATE_UNSPECIFIED", "PENDING", "READY", "FAILED", "INVALID" ], "type": "string", "description": "Stored info type version state. Read-only, updated by the system during dictionary creation.", "enumDescriptions": [ "Unused", "StoredInfoType version is being created.", "StoredInfoType version is ready for use.", "StoredInfoType creation failed. All relevant error messages are returned in the `StoredInfoTypeVersion` message.", "StoredInfoType is no longer valid because artifacts stored in user-controlled storage were modified. To fix an invalid StoredInfoType, use the `UpdateStoredInfoType` method to create a new version." ] } }, "description": "Version of a StoredInfoType, including the configuration used to build it, create timestamp, and current state." }, "GooglePrivacyDlpV2LDiversityHistogramBucket": { "id": "GooglePrivacyDlpV2LDiversityHistogramBucket", "type": "object", "properties": { "sensitiveValueFrequencyLowerBound": { "type": "string", "format": "int64", "description": "Lower bound on the sensitive value frequencies of the equivalence classes in this bucket." }, "bucketValues": { "description": "Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2LDiversityEquivalenceClass" } }, "bucketValueCount": { "description": "Total number of distinct equivalence classes in this bucket.", "format": "int64", "type": "string" }, "bucketSize": { "type": "string", "format": "int64", "description": "Total number of equivalence classes in this bucket." }, "sensitiveValueFrequencyUpperBound": { "type": "string", "format": "int64", "description": "Upper bound on the sensitive value frequencies of the equivalence classes in this bucket." } }, "description": "Histogram of l-diversity equivalence class sensitive value frequencies." }, "GooglePrivacyDlpV2Condition": { "type": "object", "properties": { "operator": { "description": "Required. Operator used to compare the field or infoType to the value.", "enumDescriptions": [ "Unused", "Equal. Attempts to match even with incompatible types.", "Not equal to. Attempts to match even with incompatible types.", "Greater than.", "Less than.", "Greater than or equals.", "Less than or equals.", "Exists" ], "enum": [ "RELATIONAL_OPERATOR_UNSPECIFIED", "EQUAL_TO", "NOT_EQUAL_TO", "GREATER_THAN", "LESS_THAN", "GREATER_THAN_OR_EQUALS", "LESS_THAN_OR_EQUALS", "EXISTS" ], "type": "string" }, "value": { "description": "Value to compare against. [Mandatory, except for `EXISTS` tests.]", "$ref": "GooglePrivacyDlpV2Value" }, "field": { "description": "Required. Field within the record this condition is evaluated against.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2Condition", "description": "The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false." }, "GooglePrivacyDlpV2StorageConfig": { "id": "GooglePrivacyDlpV2StorageConfig", "type": "object", "properties": { "datastoreOptions": { "description": "Google Cloud Datastore options.", "$ref": "GooglePrivacyDlpV2DatastoreOptions" }, "timespanConfig": { "description": "Configuration of the timespan of the items to include in scanning.", "$ref": "GooglePrivacyDlpV2TimespanConfig" }, "hybridOptions": { "description": "Hybrid inspection options.", "$ref": "GooglePrivacyDlpV2HybridOptions" }, "bigQueryOptions": { "description": "BigQuery options.", "$ref": "GooglePrivacyDlpV2BigQueryOptions" }, "cloudStorageOptions": { "description": "Cloud Storage options.", "$ref": "GooglePrivacyDlpV2CloudStorageOptions" } }, "description": "Shared message indicating Cloud storage type." }, "GooglePrivacyDlpV2VertexDatasetCollection": { "description": "Match dataset resources using regex filters.", "id": "GooglePrivacyDlpV2VertexDatasetCollection", "type": "object", "properties": { "vertexDatasetRegexes": { "description": "The regex used to filter dataset resources.", "$ref": "GooglePrivacyDlpV2VertexDatasetRegexes" } } }, "GooglePrivacyDlpV2ListProjectDataProfilesResponse": { "id": "GooglePrivacyDlpV2ListProjectDataProfilesResponse", "type": "object", "properties": { "projectDataProfiles": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ProjectDataProfile" }, "description": "List of data profiles." }, "nextPageToken": { "description": "The next page token.", "type": "string" } }, "description": "List of profiles generated for a given organization or project." }, "GooglePrivacyDlpV2CryptoKey": { "type": "object", "properties": { "unwrapped": { "description": "Unwrapped crypto key", "$ref": "GooglePrivacyDlpV2UnwrappedCryptoKey" }, "kmsWrapped": { "description": "Key wrapped using Cloud KMS", "$ref": "GooglePrivacyDlpV2KmsWrappedCryptoKey" }, "transient": { "description": "Transient crypto key", "$ref": "GooglePrivacyDlpV2TransientCryptoKey" } }, "id": "GooglePrivacyDlpV2CryptoKey", "description": "This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK." }, "GooglePrivacyDlpV2RedactImageRequest": { "description": "Request to search for potentially sensitive info in an image and redact it by covering it with a colored rectangle.", "type": "object", "properties": { "imageRedactionConfigs": { "description": "The configuration for specifying what content to redact from images.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ImageRedactionConfig" } }, "includeFindings": { "description": "Whether the response should include findings along with the redacted image.", "type": "boolean" }, "inspectTemplate": { "description": "The full resource name of the inspection template to use. Settings in the main `inspect_config` field override the corresponding settings in this inspection template. The merge behavior is as follows: - Singular field: The main field's value replaces the value of the corresponding field in the template. - Repeated fields: The field values are appended to the list defined in the template. - Sub-messages and groups: The fields are recursively merged.", "type": "string" }, "inspectConfig": { "description": "Configuration for the inspector.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "deidentifyTemplate": { "description": "The full resource name of the de-identification template to use. Settings in the main `image_redaction_configs` field override the corresponding settings in this de-identification template. The request fails if the type of the template's deidentify_config is not image_transformations.", "type": "string" }, "byteItem": { "description": "The content must be PNG, JPEG, SVG or BMP.", "$ref": "GooglePrivacyDlpV2ByteContentItem" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "id": "GooglePrivacyDlpV2RedactImageRequest" }, "GooglePrivacyDlpV2PubSubExpressions": { "description": "An expression, consisting of an operator and conditions.", "type": "object", "properties": { "logicalOperator": { "enum": [ "LOGICAL_OPERATOR_UNSPECIFIED", "OR", "AND" ], "type": "string", "description": "The operator to apply to the collection of conditions.", "enumDescriptions": [ "Unused.", "Conditional OR.", "Conditional AND." ] }, "conditions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2PubSubCondition" }, "description": "Conditions to apply to the expression." } }, "id": "GooglePrivacyDlpV2PubSubExpressions" }, "GooglePrivacyDlpV2ListFileStoreDataProfilesResponse": { "type": "object", "properties": { "fileStoreDataProfiles": { "description": "List of data profiles.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileStoreDataProfile" } }, "nextPageToken": { "description": "The next page token.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListFileStoreDataProfilesResponse", "description": "List of file store data profiles generated for a given organization or project." }, "GooglePrivacyDlpV2RecordKey": { "description": "Message for a unique key indicating a record that contains a finding.", "type": "object", "properties": { "bigQueryKey": { "description": "Datastore key", "$ref": "GooglePrivacyDlpV2BigQueryKey" }, "datastoreKey": { "description": "BigQuery key", "$ref": "GooglePrivacyDlpV2DatastoreKey" }, "idValues": { "description": "Values of identifying columns in the given row. Order of values matches the order of `identifying_fields` specified in the scanning request.", "type": "array", "items": { "type": "string" } } }, "id": "GooglePrivacyDlpV2RecordKey" }, "GooglePrivacyDlpV2ReplaceValueConfig": { "description": "Replace each input value with a given `Value`.", "id": "GooglePrivacyDlpV2ReplaceValueConfig", "type": "object", "properties": { "newValue": { "description": "Value to replace it with.", "$ref": "GooglePrivacyDlpV2Value" } } }, "GooglePrivacyDlpV2LDiversityResult": { "description": "Result of the l-diversity computation.", "type": "object", "properties": { "sensitiveValueFrequencyHistogramBuckets": { "description": "Histogram of l-diversity equivalence class sensitive value frequencies.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2LDiversityHistogramBucket" } } }, "id": "GooglePrivacyDlpV2LDiversityResult" }, "GooglePrivacyDlpV2SecretsDiscoveryTarget": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2SecretsDiscoveryTarget", "description": "Discovery target for credentials and secrets in cloud resource metadata. This target does not include any filtering or frequency controls. Cloud DLP will scan cloud resource metadata for secrets daily. No inspect template should be included in the discovery config for a security benchmarks scan. Instead, the built-in list of secrets and credentials infoTypes will be used (see https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets). Credentials and secrets discovered will be reported as vulnerabilities to Security Command Center." }, "GooglePrivacyDlpV2Tag": { "description": "A tag associated with a resource.", "id": "GooglePrivacyDlpV2Tag", "type": "object", "properties": { "namespacedTagValue": { "description": "The namespaced name for the tag value to attach to Google Cloud resources. Must be in the format `{parent_id}/{tag_key_short_name}/{short_name}`, for example, \"123456/environment/prod\" for an organization parent, or \"my-project/environment/prod\" for a project parent. This is only set for Google Cloud resources.", "type": "string" }, "value": { "description": "The value of a tag key-value pair. For Google Cloud resources, this is the resource name of the value, for example, \"tagValues/123456\".", "type": "string" }, "key": { "description": "The key of a tag key-value pair. For Google Cloud resources, this is the resource name of the key, for example, \"tagKeys/123456\".", "type": "string" } } }, "GooglePrivacyDlpV2ExcludeByImageFindings": { "description": "The rule to exclude image findings based on spatial relationships with other image findings. For example, exclude an image finding if it overlaps with another image finding. This rule is silently ignored if the content being inspected is not an image.", "type": "object", "properties": { "imageContainmentType": { "description": "Specifies the required spatial relationship between the bounding boxes of the target finding and the context infoType findings.", "$ref": "GooglePrivacyDlpV2ImageContainmentType" }, "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "A list of image-supported infoTypes—excluding [document infoTypes](https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#documents)—to be used as context for the exclusion rule. A finding is excluded if its bounding box has the specified spatial relationship (defined by `image_containment_type`) with a finding of an infoType in this list. For example, if `InspectionRuleSet.info_types` includes `OBJECT_TYPE/PERSON` and this `exclusion_rule` specifies `info_types` as `OBJECT_TYPE/PERSON/PASSPORT` with `image_containment_type` set to `encloses`, then `OBJECT_TYPE/PERSON` findings will be excluded if they are fully contained within the bounding box of an `OBJECT_TYPE/PERSON/PASSPORT` finding." } }, "id": "GooglePrivacyDlpV2ExcludeByImageFindings" }, "GooglePrivacyDlpV2AwsDiscoveryStartingLocation": { "id": "GooglePrivacyDlpV2AwsDiscoveryStartingLocation", "type": "object", "properties": { "allAssetInventoryAssets": { "description": "All AWS assets stored in Asset Inventory that didn't match other AWS discovery configs.", "type": "boolean" }, "accountId": { "description": "The AWS account ID that this discovery config applies to. Within an AWS organization, you can find the AWS account ID inside an AWS account ARN. Example: arn:{partition}:organizations::{management_account_id}:account/{org_id}/{account_id}", "type": "string" } }, "description": "The AWS starting location for discovery." }, "GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket": { "description": "A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.", "id": "GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket", "type": "object", "properties": { "bucketSize": { "description": "Number of records within these probability bounds.", "format": "int64", "type": "string" }, "bucketValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues" }, "description": "Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20." }, "bucketValueCount": { "format": "int64", "type": "string", "description": "Total number of distinct quasi-identifier tuple values in this bucket." }, "minProbability": { "description": "Between 0 and 1.", "format": "double", "type": "number" }, "maxProbability": { "format": "double", "type": "number", "description": "Always greater than or equal to min_probability." } } }, "GooglePrivacyDlpV2ImageTransformations": { "type": "object", "properties": { "transforms": { "description": "List of transforms to make.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ImageTransformation" } } }, "id": "GooglePrivacyDlpV2ImageTransformations", "description": "A type of transformation that is applied over images." }, "GooglePrivacyDlpV2DocumentFallbackLocation": { "description": "Configure document processing to fall back to any of the following processing options if document processing is unavailable in the original request location.", "id": "GooglePrivacyDlpV2DocumentFallbackLocation", "type": "object", "properties": { "multiRegionProcessing": { "description": "Processing occurs in a multi-region that contains the current region if available.", "$ref": "GooglePrivacyDlpV2MultiRegionProcessing" }, "globalProcessing": { "description": "Processing occurs in the global region.", "$ref": "GooglePrivacyDlpV2GlobalProcessing" } } }, "GooglePrivacyDlpV2DataProfileLocation": { "type": "object", "properties": { "organizationId": { "type": "string", "format": "int64", "description": "The ID of an organization to scan." }, "folderId": { "type": "string", "format": "int64", "description": "The ID of the folder within an organization to scan." } }, "id": "GooglePrivacyDlpV2DataProfileLocation", "description": "The data that will be profiled." }, "GooglePrivacyDlpV2DatabaseResourceRegex": { "type": "object", "properties": { "databaseRegex": { "description": "Regex to test the database name against. If empty, all databases match.", "type": "string" }, "instanceRegex": { "description": "Regex to test the instance name against. If empty, all instances match.", "type": "string" }, "databaseResourceNameRegex": { "description": "Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.", "type": "string" }, "projectIdRegex": { "description": "For organizations, if unset, will match all projects. Has no effect for configurations created within a project.", "type": "string" } }, "id": "GooglePrivacyDlpV2DatabaseResourceRegex", "description": "A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub." }, "GooglePrivacyDlpV2DatabaseResourceRegexes": { "description": "A collection of regular expressions to determine what database resources to match against.", "type": "object", "properties": { "patterns": { "description": "A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DatabaseResourceRegex" } } }, "id": "GooglePrivacyDlpV2DatabaseResourceRegexes" }, "GooglePrivacyDlpV2TagFilter": { "type": "object", "properties": { "namespacedTagValue": { "description": "The namespaced name for the tag value. Must be in the format `{parent_id}/{tag_key_short_name}/{short_name}`, for example, \"123456/environment/prod\" for an organization parent, or \"my-project/environment/prod\" for a project parent.", "type": "string" }, "namespacedTagKey": { "description": "The namespaced name for the tag key. Must be in the format `{parent_id}/{tag_key_short_name}`, for example, \"123456/sensitive\" for an organization parent, or \"my-project/sensitive\" for a project parent.", "type": "string" } }, "id": "GooglePrivacyDlpV2TagFilter", "description": "A single tag to filter against." }, "GooglePrivacyDlpV2DocumentLocation": { "description": "Location of a finding within a document.", "id": "GooglePrivacyDlpV2DocumentLocation", "type": "object", "properties": { "fileOffset": { "type": "string", "format": "int64", "description": "Offset of the line, from the beginning of the file, where the finding is located." } } }, "GooglePrivacyDlpV2InspectionRuleSet": { "type": "object", "properties": { "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "List of infoTypes this rule set is applied to." }, "rules": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InspectionRule" }, "description": "Set of rules to be applied to infoTypes. The rules are applied in order." } }, "id": "GooglePrivacyDlpV2InspectionRuleSet", "description": "Rule set for modifying a set of infoTypes to alter behavior under certain circumstances, depending on the specific details of the rules within the set." }, "GooglePrivacyDlpV2DatastoreOptions": { "description": "Options defining a data set within Google Cloud Datastore.", "type": "object", "properties": { "partitionId": { "description": "A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.", "$ref": "GooglePrivacyDlpV2PartitionId" }, "kind": { "description": "The kind to process.", "$ref": "GooglePrivacyDlpV2KindExpression" } }, "id": "GooglePrivacyDlpV2DatastoreOptions" }, "GooglePrivacyDlpV2Row": { "id": "GooglePrivacyDlpV2Row", "type": "object", "properties": { "values": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" }, "description": "Individual cells." } }, "description": "Values of the row." }, "GooglePrivacyDlpV2DataProfileAction": { "description": "A task to execute when a data profile has been generated.", "type": "object", "properties": { "pubSubNotification": { "description": "Publish a message into the Pub/Sub topic.", "$ref": "GooglePrivacyDlpV2PubSubNotification" }, "publishToDataplexCatalog": { "description": "Publishes a portion of each profile to Dataplex Universal Catalog with the aspect type Sensitive Data Protection Profile.", "$ref": "GooglePrivacyDlpV2PublishToDataplexCatalog" }, "publishToScc": { "description": "Publishes findings to Security Command Center for each data profile.", "$ref": "GooglePrivacyDlpV2PublishToSecurityCommandCenter" }, "tagResources": { "description": "Tags the profiled resources with the specified tag values.", "$ref": "GooglePrivacyDlpV2TagResources" }, "exportData": { "description": "Export data profiles into a provided location.", "$ref": "GooglePrivacyDlpV2Export" }, "publishToChronicle": { "description": "Publishes generated data profiles to Google Security Operations. For more information, see [Use Sensitive Data Protection data in context-aware analytics](https://cloud.google.com/chronicle/docs/detection/usecase-dlp-high-risk-user-download).", "$ref": "GooglePrivacyDlpV2PublishToChronicle" } }, "id": "GooglePrivacyDlpV2DataProfileAction" }, "GooglePrivacyDlpV2RedactConfig": { "id": "GooglePrivacyDlpV2RedactConfig", "type": "object", "properties": {}, "description": "Redact a given value. For example, if used with an `InfoTypeTransformation` transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '." }, "GooglePrivacyDlpV2BigQueryTableCollection": { "type": "object", "properties": { "includeRegexes": { "description": "A collection of regular expressions to match a BigQuery table against.", "$ref": "GooglePrivacyDlpV2BigQueryRegexes" } }, "id": "GooglePrivacyDlpV2BigQueryTableCollection", "description": "Specifies a collection of BigQuery tables. Used for Discovery." }, "GooglePrivacyDlpV2FileClusterType": { "type": "object", "properties": { "cluster": { "enum": [ "CLUSTER_UNSPECIFIED", "CLUSTER_UNKNOWN", "CLUSTER_TEXT", "CLUSTER_STRUCTURED_DATA", "CLUSTER_SOURCE_CODE", "CLUSTER_RICH_DOCUMENT", "CLUSTER_IMAGE", "CLUSTER_ARCHIVE", "CLUSTER_MULTIMEDIA", "CLUSTER_EXECUTABLE", "CLUSTER_AI_MODEL" ], "type": "string", "description": "Cluster type.", "enumDescriptions": [ "Unused.", "Unsupported files.", "Plain text.", "Structured data like CSV, TSV etc.", "Source code.", "Rich document like docx, xlsx etc.", "Images like jpeg, bmp.", "Archives and containers like .zip, .tar etc.", "Multimedia like .mp4, .avi etc.", "Executable files like .exe, .class, .apk etc.", "AI models like .tflite etc." ] } }, "id": "GooglePrivacyDlpV2FileClusterType", "description": "Message used to identify file cluster type being profiled." }, "UtilStatusProto": { "id": "UtilStatusProto", "type": "object", "properties": { "space": { "description": "copybara:strip_begin(b/383363683) Space to which this status belongs copybara:strip_end_and_replace optional string space = 2; // Space to which this status belongs", "type": "string" }, "message": { "description": "Detail message copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional string message = 3;", "type": "string" }, "code": { "format": "int32", "type": "integer", "description": "Numeric code drawn from the space specified below. Often, this is the canonical error space, and code is drawn from google3/util/task/codes.proto copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional int32 code = 1;" }, "canonicalCode": { "description": "copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional int32 canonical_code = 6;", "format": "int32", "type": "integer" }, "messageSet": { "description": "message_set associates an arbitrary proto message with the status. copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional proto2.bridge.MessageSet message_set = 5;", "$ref": "Proto2BridgeMessageSet" } }, "description": "Wire-format for a Status object" }, "GooglePrivacyDlpV2TagFilters": { "id": "GooglePrivacyDlpV2TagFilters", "type": "object", "properties": { "tagFilters": { "description": "Required. A resource must match ALL of the specified tag filters to be included in the collection.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TagFilter" } } }, "description": "Tags to match against for filtering." }, "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest": { "description": "Request message for UpdateDeidentifyTemplate.", "id": "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest", "type": "object", "properties": { "deidentifyTemplate": { "description": "New DeidentifyTemplate value.", "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "updateMask": { "description": "Mask to control which fields get updated.", "type": "string", "format": "google-fieldmask" } } }, "GooglePrivacyDlpV2DiscoveryTarget": { "id": "GooglePrivacyDlpV2DiscoveryTarget", "type": "object", "properties": { "bigQueryTarget": { "description": "BigQuery target for Discovery. The first target to match a table will be the one applied.", "$ref": "GooglePrivacyDlpV2BigQueryDiscoveryTarget" }, "secretsTarget": { "description": "Discovery target that looks for credentials and secrets stored in cloud resource metadata and reports them as vulnerabilities to Security Command Center. Only one target of this type is allowed.", "$ref": "GooglePrivacyDlpV2SecretsDiscoveryTarget" }, "cloudSqlTarget": { "description": "Cloud SQL target for Discovery. The first target to match a table will be the one applied.", "$ref": "GooglePrivacyDlpV2CloudSqlDiscoveryTarget" }, "cloudStorageTarget": { "description": "Cloud Storage target for Discovery. The first target to match a table will be the one applied.", "$ref": "GooglePrivacyDlpV2CloudStorageDiscoveryTarget" }, "vertexDatasetTarget": { "description": "Vertex AI dataset target for Discovery. The first target to match a dataset will be the one applied. Note that discovery for Vertex AI can incur Cloud Storage Class B operation charges for storage.objects.get operations and retrieval fees. For more information, see [Cloud Storage pricing](https://cloud.google.com/storage/pricing#price-tables). Note that discovery for Vertex AI dataset will not be able to scan images unless DiscoveryConfig.processing_location.image_fallback_location has multi_region_processing or global_processing configured.", "$ref": "GooglePrivacyDlpV2VertexDatasetDiscoveryTarget" }, "otherCloudTarget": { "description": "Other clouds target for discovery. The first target to match a resource will be the one applied.", "$ref": "GooglePrivacyDlpV2OtherCloudDiscoveryTarget" } }, "description": "Target used to match against for Discovery." }, "GooglePrivacyDlpV2BigQueryOptions": { "description": "Options defining BigQuery table and row identifiers.", "type": "object", "properties": { "excludedFields": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" }, "description": "References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used." }, "identifyingFields": { "description": "Table fields that may uniquely identify a row within the table. When `actions.saveFindings.outputConfig.table` is specified, the values of columns specified here are available in the output table under `location.content_locations.record_location.record_key.id_values`. Nested fields such as `person.birthdate.year` are allowed.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" } }, "sampleMethod": { "description": "How to sample the data.", "enumDescriptions": [ "No sampling.", "Scan groups of rows in the order BigQuery provides (default). Multiple groups of rows may be scanned in parallel, so results may not appear in the same order the rows are read.", "Randomly pick groups of rows to scan." ], "type": "string", "enum": [ "SAMPLE_METHOD_UNSPECIFIED", "TOP", "RANDOM_START" ] }, "rowsLimit": { "description": "Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.", "type": "string", "format": "int64" }, "tableReference": { "description": "Complete BigQuery table reference.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "rowsLimitPercent": { "format": "int32", "type": "integer", "description": "Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. Caution: A [known issue](https://cloud.google.com/sensitive-data-protection/docs/known-issues#bq-sampling) is causing the `rowsLimitPercent` field to behave unexpectedly. We recommend using `rowsLimit` instead." }, "includedFields": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" }, "description": "Limit scanning only to these fields. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used." } }, "id": "GooglePrivacyDlpV2BigQueryOptions" }, "GooglePrivacyDlpV2CloudStorageDiscoveryTarget": { "type": "object", "properties": { "disabled": { "description": "Optional. Disable profiling for buckets that match this filter.", "$ref": "GooglePrivacyDlpV2Disabled" }, "filter": { "description": "Required. The buckets the generation_cadence applies to. The first target with a matching filter will be the one to apply to a bucket.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudStorageFilter" }, "generationCadence": { "description": "Optional. How often and when to update profiles. New buckets that match both the filter and conditions are scanned as quickly as possible depending on system capacity.", "$ref": "GooglePrivacyDlpV2DiscoveryCloudStorageGenerationCadence" }, "conditions": { "description": "Optional. In addition to matching the filter, these conditions must be true before a profile is generated.", "$ref": "GooglePrivacyDlpV2DiscoveryFileStoreConditions" } }, "id": "GooglePrivacyDlpV2CloudStorageDiscoveryTarget", "description": "Target used to match against for discovery with Cloud Storage buckets." }, "GooglePrivacyDlpV2BigQueryTableTypes": { "type": "object", "properties": { "types": { "description": "A set of BigQuery table types.", "type": "array", "items": { "type": "string", "enum": [ "BIG_QUERY_TABLE_TYPE_UNSPECIFIED", "BIG_QUERY_TABLE_TYPE_TABLE", "BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE", "BIG_QUERY_TABLE_TYPE_SNAPSHOT" ], "enumDescriptions": [ "Unused.", "A normal BigQuery table.", "A table that references data stored in Cloud Storage.", "A snapshot of a BigQuery table." ] } } }, "id": "GooglePrivacyDlpV2BigQueryTableTypes", "description": "The types of BigQuery tables supported by Cloud DLP." }, "GooglePrivacyDlpV2Regex": { "id": "GooglePrivacyDlpV2Regex", "type": "object", "properties": { "pattern": { "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", "type": "string" }, "groupIndexes": { "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", "type": "array", "items": { "format": "int32", "type": "integer" } } }, "description": "Message defining a custom regular expression." }, "GooglePrivacyDlpV2DeidentifyContentResponse": { "description": "Results of de-identifying a ContentItem.", "type": "object", "properties": { "item": { "description": "The de-identified item.", "$ref": "GooglePrivacyDlpV2ContentItem" }, "overview": { "description": "An overview of the changes that were made on the `item`.", "$ref": "GooglePrivacyDlpV2TransformationOverview" } }, "id": "GooglePrivacyDlpV2DeidentifyContentResponse" }, "GooglePrivacyDlpV2TransformationDetailsStorageConfig": { "description": "Config for storing transformation details.", "type": "object", "properties": { "table": { "description": "The BigQuery table in which to store the output. This may be an existing table or in a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_transformation_details_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "id": "GooglePrivacyDlpV2TransformationDetailsStorageConfig" }, "GooglePrivacyDlpV2CreateDlpJobRequest": { "type": "object", "properties": { "jobId": { "description": "The job id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" }, "inspectJob": { "description": "An inspection job scans a storage repository for InfoTypes.", "$ref": "GooglePrivacyDlpV2InspectJobConfig" }, "riskJob": { "description": "A risk analysis job calculates re-identification risk metrics for a BigQuery table.", "$ref": "GooglePrivacyDlpV2RiskAnalysisJobConfig" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "id": "GooglePrivacyDlpV2CreateDlpJobRequest", "description": "Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage." }, "GooglePrivacyDlpV2ContentLocation": { "description": "Precise location of the finding within a document, record, image, or metadata container.", "id": "GooglePrivacyDlpV2ContentLocation", "type": "object", "properties": { "recordLocation": { "description": "Location within a row or record of a database table.", "$ref": "GooglePrivacyDlpV2RecordLocation" }, "documentLocation": { "description": "Location data for document files.", "$ref": "GooglePrivacyDlpV2DocumentLocation" }, "metadataLocation": { "description": "Location within the metadata for inspected content.", "$ref": "GooglePrivacyDlpV2MetadataLocation" }, "containerVersion": { "description": "Finding container version, if available (\"generation\" for Cloud Storage).", "type": "string" }, "containerName": { "description": "Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows: * BigQuery tables: `{project_id}:{dataset_id}.{table_id}` * Cloud Storage files: `gs://{bucket}/{path}` * Datastore namespace: {namespace} Nested names could be absent if the embedded object has no string identifier (for example, an image contained within a document).", "type": "string" }, "imageLocation": { "description": "Location within an image's pixels.", "$ref": "GooglePrivacyDlpV2ImageLocation" }, "containerTimestamp": { "type": "string", "format": "google-datetime", "description": "Finding container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated." } } }, "GooglePrivacyDlpV2DatabaseResourceCollection": { "description": "Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures.", "type": "object", "properties": { "includeRegexes": { "description": "A collection of regular expressions to match a database resource against.", "$ref": "GooglePrivacyDlpV2DatabaseResourceRegexes" } }, "id": "GooglePrivacyDlpV2DatabaseResourceCollection" }, "GooglePrivacyDlpV2LocationSupport": { "description": "Locations at which a feature can be used.", "type": "object", "properties": { "regionalizationScope": { "description": "The current scope for location on this feature. This may expand over time.", "enumDescriptions": [ "Invalid.", "Feature may be used with one or more regions. See locations for details.", "Feature may be used anywhere. Default value." ], "enum": [ "REGIONALIZATION_SCOPE_UNSPECIFIED", "REGIONAL", "ANY_LOCATION" ], "type": "string" }, "locations": { "type": "array", "items": { "type": "string" }, "description": "Specific locations where the feature may be used. Examples: us-central1, us, asia, global If scope is ANY_LOCATION, no regions will be listed." } }, "id": "GooglePrivacyDlpV2LocationSupport" }, "GooglePrivacyDlpV2AllOtherResources": { "description": "Match discovery resources not covered by any other filter.", "id": "GooglePrivacyDlpV2AllOtherResources", "type": "object", "properties": {} }, "GooglePrivacyDlpV2DeidentifyDataSourceStats": { "description": "Summary of what was modified during a transformation.", "id": "GooglePrivacyDlpV2DeidentifyDataSourceStats", "type": "object", "properties": { "transformedBytes": { "type": "string", "format": "int64", "description": "Total size in bytes that were transformed in some way." }, "transformationCount": { "type": "string", "format": "int64", "description": "Number of successfully applied transformations." }, "transformationErrorCount": { "type": "string", "format": "int64", "description": "Number of errors encountered while trying to apply transformations." } } }, "GooglePrivacyDlpV2PublishToDataplexCatalog": { "type": "object", "properties": { "lowerDataRiskToLow": { "description": "Whether creating a Dataplex Universal Catalog aspect for a profiled resource should lower the risk of the profile for that resource. This also lowers the data risk of resources at the lower levels of the resource hierarchy. For example, reducing the data risk of a table data profile also reduces the data risk of the constituent column data profiles.", "type": "boolean" } }, "id": "GooglePrivacyDlpV2PublishToDataplexCatalog", "description": "Create Dataplex Universal Catalog aspects for profiled resources with the aspect type Sensitive Data Protection Profile. To learn more about aspects, see https://cloud.google.com/sensitive-data-protection/docs/add-aspects." }, "GooglePrivacyDlpV2CryptoDeterministicConfig": { "type": "object", "properties": { "cryptoKey": { "description": "The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.", "$ref": "GooglePrivacyDlpV2CryptoKey" }, "surrogateInfoType": { "description": "The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.", "$ref": "GooglePrivacyDlpV2InfoType" }, "context": { "description": "A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and unstructured `ContentItem`s.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2CryptoDeterministicConfig", "description": "Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297." }, "GoogleTypeDate": { "type": "object", "properties": { "year": { "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", "type": "integer", "format": "int32" }, "month": { "format": "int32", "type": "integer", "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day." }, "day": { "format": "int32", "type": "integer", "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant." } }, "id": "GoogleTypeDate", "description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp" }, "GooglePrivacyDlpV2CreateInspectTemplateRequest": { "id": "GooglePrivacyDlpV2CreateInspectTemplateRequest", "type": "object", "properties": { "inspectTemplate": { "description": "Required. The InspectTemplate to create.", "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "templateId": { "description": "The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "description": "Request message for CreateInspectTemplate." }, "GooglePrivacyDlpV2TableReference": { "description": "Message defining the location of a BigQuery table with the projectId inferred from the parent project.", "type": "object", "properties": { "datasetId": { "description": "Dataset ID of the table.", "type": "string" }, "tableId": { "description": "Name of the table.", "type": "string" }, "projectId": { "description": "The Google Cloud project ID of the project containing the table. If omitted, the project ID is inferred from the parent project. This field is required if the parent resource is an organization.", "type": "string" } }, "id": "GooglePrivacyDlpV2TableReference" }, "GooglePrivacyDlpV2CloudStorageRegex": { "type": "object", "properties": { "projectIdRegex": { "description": "Optional. For organizations, if unset, will match all projects.", "type": "string" }, "bucketNameRegex": { "description": "Optional. Regex to test the bucket name against. If empty, all buckets match. Example: \"marketing2021\" or \"(marketing)\\d{4}\" will both match the bucket gs://marketing2021", "type": "string" } }, "id": "GooglePrivacyDlpV2CloudStorageRegex", "description": "A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub." }, "GooglePrivacyDlpV2ProfileStatus": { "id": "GooglePrivacyDlpV2ProfileStatus", "type": "object", "properties": { "status": { "description": "Profiling status code and optional message. The `status.code` value is 0 (default value) for OK.", "$ref": "GoogleRpcStatus" }, "timestamp": { "type": "string", "format": "google-datetime", "description": "Time when the profile generation status was updated" } }, "description": "Success or errors for the profile generation." }, "GooglePrivacyDlpV2LargeCustomDictionaryStats": { "type": "object", "properties": { "approxNumPhrases": { "format": "int64", "type": "string", "description": "Approximate number of distinct phrases in the dictionary." } }, "id": "GooglePrivacyDlpV2LargeCustomDictionaryStats", "description": "Summary statistics of a custom dictionary." }, "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence": { "description": "The cadence at which to update data profiles when the inspection rules defined by the `InspectTemplate` change.", "type": "object", "properties": { "frequency": { "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string", "description": "How frequently data profiles can be updated when the template is modified. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] } }, "id": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" }, "GooglePrivacyDlpV2JobTrigger": { "id": "GooglePrivacyDlpV2JobTrigger", "type": "object", "properties": { "triggers": { "description": "A list of triggers which will be OR'ed together. Only one in the list needs to trigger for a job to be started. The list may contain only a single Schedule trigger and must have at least one object.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Trigger" } }, "createTime": { "format": "google-datetime", "type": "string", "description": "Output only. The creation timestamp of a triggeredJob.", "readOnly": true }, "updateTime": { "type": "string", "format": "google-datetime", "description": "Output only. The last update timestamp of a triggeredJob.", "readOnly": true }, "status": { "type": "string", "enum": [ "STATUS_UNSPECIFIED", "HEALTHY", "PAUSED", "CANCELLED" ], "description": "Required. A status for this trigger.", "enumDescriptions": [ "Unused.", "Trigger is healthy.", "Trigger is temporarily paused.", "Trigger is cancelled and can not be resumed." ] }, "displayName": { "description": "Display name (max 100 chars)", "type": "string" }, "inspectJob": { "description": "For inspect jobs, a snapshot of the configuration.", "$ref": "GooglePrivacyDlpV2InspectJobConfig" }, "lastRunTime": { "format": "google-datetime", "type": "string", "description": "Output only. The timestamp of the last time this trigger executed.", "readOnly": true }, "description": { "description": "User provided description (max 256 chars)", "type": "string" }, "name": { "description": "Unique resource name for the triggeredJob, assigned by the service when the triggeredJob is created, for example `projects/dlp-test-project/jobTriggers/53234423`.", "type": "string" }, "errors": { "description": "Output only. A stream of errors encountered when the trigger was activated. Repeated errors may result in the JobTrigger automatically being paused. Will return the last 100 errors. Whenever the JobTrigger is modified this list will be cleared.", "readOnly": true, "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" } } }, "description": "Contains a configuration to make API calls on a repeating basis. See https://cloud.google.com/sensitive-data-protection/docs/concepts-job-triggers to learn more." }, "GooglePrivacyDlpV2KAnonymityResult": { "description": "Result of the k-anonymity computation.", "type": "object", "properties": { "equivalenceClassHistogramBuckets": { "description": "Histogram of k-anonymity equivalence classes.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2KAnonymityHistogramBucket" } } }, "id": "GooglePrivacyDlpV2KAnonymityResult" }, "GooglePrivacyDlpV2AwsAccountRegex": { "id": "GooglePrivacyDlpV2AwsAccountRegex", "type": "object", "properties": { "accountIdRegex": { "description": "Optional. Regex to test the AWS account ID against. If empty, all accounts match.", "type": "string" } }, "description": "AWS account regex." }, "GooglePrivacyDlpV2DiscoveryVertexDatasetFilter": { "description": "Determines what datasets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID or dataset regex.", "id": "GooglePrivacyDlpV2DiscoveryVertexDatasetFilter", "type": "object", "properties": { "collection": { "description": "A specific set of Vertex AI datasets for this filter to apply to.", "$ref": "GooglePrivacyDlpV2VertexDatasetCollection" }, "vertexDatasetResourceReference": { "description": "The dataset resource to scan. Targets including this can only include one target (the target with this dataset resource reference).", "$ref": "GooglePrivacyDlpV2VertexDatasetResourceReference" }, "others": { "description": "Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.", "$ref": "GooglePrivacyDlpV2AllOtherResources" } } }, "GooglePrivacyDlpV2ImageRedactionConfig": { "id": "GooglePrivacyDlpV2ImageRedactionConfig", "type": "object", "properties": { "redactAllText": { "description": "If true, all text found in the image, regardless whether it matches an info_type, is redacted. Only one should be provided.", "type": "boolean" }, "infoType": { "description": "Only one per info_type should be provided per request. If not specified, and redact_all_text is false, the DLP API will redact all text that it matches against all info_types that are found, but not specified in another ImageRedactionConfig.", "$ref": "GooglePrivacyDlpV2InfoType" }, "redactionColor": { "description": "The color to use when redacting content from an image. If not specified, the default is black.", "$ref": "GooglePrivacyDlpV2Color" } }, "description": "Configuration for determining how redaction of images should occur." }, "GooglePrivacyDlpV2CloudStoragePath": { "description": "Message representing a single file or path in Cloud Storage.", "id": "GooglePrivacyDlpV2CloudStoragePath", "type": "object", "properties": { "path": { "description": "A URL representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt`", "type": "string" } } }, "GooglePrivacyDlpV2TableLocation": { "description": "Location of a finding within a table.", "type": "object", "properties": { "rowIndex": { "format": "int64", "type": "string", "description": "The zero-based index of the row where the finding is located. Only populated for resources that have a natural ordering, not BigQuery. In BigQuery, to identify the row a finding came from, populate BigQueryOptions.identifying_fields with your primary key column names and when you store the findings the value of those columns will be stored inside of Finding." } }, "id": "GooglePrivacyDlpV2TableLocation" }, "Proto2BridgeMessageSet": { "deprecated": true, "description": "This is proto2's version of MessageSet. DEPRECATED: DO NOT USE FOR NEW FIELDS. If you are using editions or proto2, please make your own extendable messages for your use case. If you are using proto3, please use `Any` instead. MessageSet was the implementation of extensions for proto1. When proto2 was introduced, extensions were implemented as a first-class feature. This schema for MessageSet was meant to be a \"bridge\" solution to migrate MessageSet-bearing messages from proto1 to proto2. This schema has been open-sourced only to facilitate the migration of Google products with MessageSet-bearing messages to open-source environments.", "properties": {}, "type": "object", "id": "Proto2BridgeMessageSet" }, "GooglePrivacyDlpV2KAnonymityConfig": { "description": "k-anonymity metric, used for analysis of reidentification risk.", "id": "GooglePrivacyDlpV2KAnonymityConfig", "type": "object", "properties": { "entityId": { "description": "Message indicating that multiple rows might be associated to a single individual. If the same entity_id is associated to multiple quasi-identifier tuples over distinct rows, we consider the entire collection of tuples as the composite quasi-identifier. This collection is a multiset: the order in which the different tuples appear in the dataset is ignored, but their frequency is taken into account. Important note: a maximum of 1000 rows can be associated to a single entity ID. If more rows are associated with the same entity ID, some might be ignored.", "$ref": "GooglePrivacyDlpV2EntityId" }, "quasiIds": { "description": "Set of fields to compute k-anonymity over. When multiple fields are specified, they are considered a single composite key. Structs and repeated data types are not supported; however, nested fields are supported so long as they are not structs themselves or nested within a repeated field.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" } } } }, "GooglePrivacyDlpV2BigQueryDiscoveryTarget": { "type": "object", "properties": { "conditions": { "description": "In addition to matching the filter, these conditions must be true before a profile is generated.", "$ref": "GooglePrivacyDlpV2DiscoveryBigQueryConditions" }, "filter": { "description": "Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.", "$ref": "GooglePrivacyDlpV2DiscoveryBigQueryFilter" }, "cadence": { "description": "How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.", "$ref": "GooglePrivacyDlpV2DiscoveryGenerationCadence" }, "disabled": { "description": "Tables that match this filter will not have profiles created.", "$ref": "GooglePrivacyDlpV2Disabled" } }, "id": "GooglePrivacyDlpV2BigQueryDiscoveryTarget", "description": "Target used to match against for discovery with BigQuery tables" }, "GooglePrivacyDlpV2CategoricalStatsConfig": { "id": "GooglePrivacyDlpV2CategoricalStatsConfig", "type": "object", "properties": { "field": { "description": "Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "description": "Compute numerical stats over an individual column, including number of distinct values and value count distribution." }, "GooglePrivacyDlpV2FileStoreRegexes": { "description": "A collection of regular expressions to determine what file store to match against.", "type": "object", "properties": { "patterns": { "description": "Required. The group of regular expression patterns to match against one or more file stores. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FileStoreRegex" } } }, "id": "GooglePrivacyDlpV2FileStoreRegexes" }, "GooglePrivacyDlpV2Deidentify": { "type": "object", "properties": { "transformationConfig": { "description": "User specified deidentify templates and configs for structured, unstructured, and image files.", "$ref": "GooglePrivacyDlpV2TransformationConfig" }, "transformationDetailsStorageConfig": { "description": "Config for storing transformation details. This field specifies the configuration for storing detailed metadata about each transformation performed during a de-identification process. The metadata is stored separately from the de-identified content itself and provides a granular record of both successful transformations and any failures that occurred. Enabling this configuration is essential for users who need to access comprehensive information about the status, outcome, and specifics of each transformation. The details are captured in the TransformationDetails message for each operation. Key use cases: * **Auditing and compliance** * Provides a verifiable audit trail of de-identification activities, which is crucial for meeting regulatory requirements and internal data governance policies. * Logs what data was transformed, what transformations were applied, when they occurred, and their success status. This helps demonstrate accountability and due diligence in protecting sensitive data. * **Troubleshooting and debugging** * Offers detailed error messages and context if a transformation fails. This information is useful for diagnosing and resolving issues in the de-identification pipeline. * Helps pinpoint the exact location and nature of failures, speeding up the debugging process. * **Process verification and quality assurance** * Allows users to confirm that de-identification rules and transformations were applied correctly and consistently across the dataset as intended. * Helps in verifying the effectiveness of the chosen de-identification strategies. * **Data lineage and impact analysis** * Creates a record of how data elements were modified, contributing to data lineage. This is useful for understanding the provenance of de-identified data. * Aids in assessing the potential impact of de-identification choices on downstream analytical processes or data usability. * **Reporting and operational insights** * You can analyze the metadata stored in a queryable BigQuery table to generate reports on transformation success rates, common error types, processing volumes (e.g., transformedBytes), and the types of transformations applied. * These insights can inform optimization of de-identification configurations and resource planning. To take advantage of these benefits, set this configuration. The stored details include a description of the transformation, success or error codes, error messages, the number of bytes transformed, the location of the transformed content, and identifiers for the job and source data.", "$ref": "GooglePrivacyDlpV2TransformationDetailsStorageConfig" }, "cloudStorageOutput": { "description": "Required. User settable Cloud Storage bucket and folders to store de-identified files. This field must be set for Cloud Storage deidentification. The output Cloud Storage bucket must be different from the input bucket. De-identified files will overwrite files in the output path. Form of: gs://bucket/folder/ or gs://bucket", "type": "string" }, "fileTypesToTransform": { "description": "List of user-specified file type groups to transform. If specified, only the files with these file types are transformed. If empty, all supported files are transformed. Supported types may be automatically added over time. Any unsupported file types that are set in this field are excluded from de-identification. An error is recorded for each unsupported file in the TransformationDetails output table. Currently the only file types supported are: IMAGES, TEXT_FILES, CSV, TSV.", "type": "array", "items": { "enumDescriptions": [ "Includes all files.", "Includes all file extensions not covered by another entry. Binary scanning attempts to convert the content of the file to utf_8 to scan the file. If you wish to avoid this fall back, specify one or more of the other file types in your storage scan.", "Included file extensions: asc,asp, aspx, brf, c, cc,cfm, cgi, cpp, csv, cxx, c++, cs, css, dart, dat, dot, eml,, epbub, ged, go, h, hh, hpp, hxx, h++, hs, html, htm, mkd, markdown, m, ml, mli, perl, pl, plist, pm, php, phtml, pht, properties, py, pyw, rb, rbw, rs, rss, rc, scala, sh, sql, swift, tex, shtml, shtm, xhtml, lhs, ics, ini, java, js, json, jsonl, kix, kml, ocaml, md, txt, text, tsv, vb, vcard, vcs, wml, xcodeproj, xml, xsl, xsd, yml, yaml.", "Included file extensions: bmp, gif, jpg, jpeg, jpe, png. Setting bytes_limit_per_file or bytes_limit_per_file_percent has no effect on image files. Image inspection is restricted to the `global`, `us`, `asia`, and `europe` regions.", "Microsoft Word files larger than 30 MB will be scanned as binary files. Included file extensions: docx, dotx, docm, dotm. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on Word files.", "PDF files larger than 30 MB will be scanned as binary files. Included file extensions: pdf. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on PDF files.", "Included file extensions: avro", "Included file extensions: csv", "Included file extensions: tsv", "Microsoft PowerPoint files larger than 30 MB will be scanned as binary files. Included file extensions: pptx, pptm, potx, potm, pot. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on PowerPoint files.", "Microsoft Excel files larger than 30 MB will be scanned as binary files. Included file extensions: xlsx, xlsm, xltx, xltm. Setting `bytes_limit_per_file` or `bytes_limit_per_file_percent` has no effect on Excel files." ], "enum": [ "FILE_TYPE_UNSPECIFIED", "BINARY_FILE", "TEXT_FILE", "IMAGE", "WORD", "PDF", "AVRO", "CSV", "TSV", "POWERPOINT", "EXCEL" ], "type": "string" } } }, "id": "GooglePrivacyDlpV2Deidentify", "description": "Create a de-identified copy of a storage bucket. Only compatible with Cloud Storage buckets. A TransformationDetail will be created for each transformation. Compatible with: Inspection of Cloud Storage" }, "GooglePrivacyDlpV2AmazonS3BucketConditions": { "description": "Amazon S3 bucket conditions.", "type": "object", "properties": { "bucketTypes": { "description": "Optional. Bucket types that should be profiled. Optional. Defaults to TYPE_ALL_SUPPORTED if unspecified.", "type": "array", "items": { "enumDescriptions": [ "Unused.", "All supported classes.", "A general purpose Amazon S3 bucket." ], "type": "string", "enum": [ "TYPE_UNSPECIFIED", "TYPE_ALL_SUPPORTED", "TYPE_GENERAL_PURPOSE" ] } }, "objectStorageClasses": { "description": "Optional. Object classes that should be profiled. Optional. Defaults to ALL_SUPPORTED_CLASSES if unspecified.", "type": "array", "items": { "enumDescriptions": [ "Unused.", "All supported classes.", "Standard object class.", "Standard - infrequent access object class.", "Glacier - instant retrieval object class.", "Objects in the S3 Intelligent-Tiering access tiers." ], "type": "string", "enum": [ "UNSPECIFIED", "ALL_SUPPORTED_CLASSES", "STANDARD", "STANDARD_INFREQUENT_ACCESS", "GLACIER_INSTANT_RETRIEVAL", "INTELLIGENT_TIERING" ] } } }, "id": "GooglePrivacyDlpV2AmazonS3BucketConditions" }, "GooglePrivacyDlpV2QuoteInfo": { "description": "Message for infoType-dependent details parsed from quote.", "id": "GooglePrivacyDlpV2QuoteInfo", "type": "object", "properties": { "dateTime": { "description": "The date time indicated by the quote.", "$ref": "GooglePrivacyDlpV2DateTime" } } }, "GooglePrivacyDlpV2ListInfoTypesResponse": { "description": "Response to the ListInfoTypes request.", "id": "GooglePrivacyDlpV2ListInfoTypesResponse", "type": "object", "properties": { "infoTypes": { "description": "Set of sensitive infoTypes.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeDescription" } } } }, "GooglePrivacyDlpV2QuasiId": { "id": "GooglePrivacyDlpV2QuasiId", "type": "object", "properties": { "infoType": { "description": "A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.", "$ref": "GooglePrivacyDlpV2InfoType" }, "customTag": { "description": "A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.", "type": "string" }, "inferred": { "description": "If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data", "$ref": "GoogleProtobufEmpty" }, "field": { "description": "Required. Identifies the column.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "description": "A column with a semantic tag attached." }, "GooglePrivacyDlpV2DataRiskLevel": { "id": "GooglePrivacyDlpV2DataRiskLevel", "type": "object", "properties": { "score": { "type": "string", "enum": [ "RISK_SCORE_UNSPECIFIED", "RISK_LOW", "RISK_UNKNOWN", "RISK_MODERATE", "RISK_HIGH" ], "description": "The score applied to the resource.", "enumDescriptions": [ "Unused.", "Low risk - Lower indication of sensitive data that appears to have additional access restrictions in place or no indication of sensitive data found.", "Unable to determine risk.", "Medium risk - Sensitive data may be present but additional access or fine grain access restrictions appear to be present. Consider limiting access even further or transform data to mask.", "High risk – SPII may be present. Access controls may include public ACLs. Exfiltration of data may lead to user data loss. Re-identification of users may be possible. Consider limiting usage and or removing SPII." ] } }, "description": "Score is a summary of all elements in the data profile. A higher number means more risk." }, "GooglePrivacyDlpV2FinishDlpJobRequest": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2FinishDlpJobRequest", "description": "The request message for finishing a DLP hybrid job." }, "GooglePrivacyDlpV2CreateJobTriggerRequest": { "type": "object", "properties": { "jobTrigger": { "description": "Required. The JobTrigger to create.", "$ref": "GooglePrivacyDlpV2JobTrigger" }, "triggerId": { "description": "The trigger id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" } }, "id": "GooglePrivacyDlpV2CreateJobTriggerRequest", "description": "Request message for CreateJobTrigger." }, "GooglePrivacyDlpV2InfoTypeLimit": { "description": "Max findings configuration per infoType, per content item or long running DlpJob.", "type": "object", "properties": { "infoType": { "description": "Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.", "$ref": "GooglePrivacyDlpV2InfoType" }, "maxFindings": { "description": "Max findings limit for the given infoType.", "type": "integer", "format": "int32" } }, "id": "GooglePrivacyDlpV2InfoTypeLimit" }, "GooglePrivacyDlpV2FullyInside": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2FullyInside", "description": "Defines a condition where one bounding box is fully inside another." }, "GooglePrivacyDlpV2RedactImageResponse": { "type": "object", "properties": { "redactedImage": { "type": "string", "format": "byte", "description": "The redacted image. The type will be the same as the original image." }, "extractedText": { "description": "If an image was being inspected and the InspectConfig's include_quote was set to true, then this field will include all text, if any, that was found in the image.", "type": "string" }, "inspectResult": { "description": "The findings. Populated when include_findings in the request is true.", "$ref": "GooglePrivacyDlpV2InspectResult" } }, "id": "GooglePrivacyDlpV2RedactImageResponse", "description": "Results of redacting an image." }, "GooglePrivacyDlpV2QuasiIdentifierField": { "description": "A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.", "id": "GooglePrivacyDlpV2QuasiIdentifierField", "type": "object", "properties": { "field": { "description": "Identifies the column.", "$ref": "GooglePrivacyDlpV2FieldId" }, "customTag": { "description": "A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.", "type": "string" } } }, "GooglePrivacyDlpV2DeltaPresenceEstimationResult": { "description": "Result of the δ-presence computation. Note that these results are an estimation, not exact values.", "type": "object", "properties": { "deltaPresenceEstimationHistogram": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket" }, "description": "The intervals [min_probability, max_probability) do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4." } }, "id": "GooglePrivacyDlpV2DeltaPresenceEstimationResult" }, "GooglePrivacyDlpV2KAnonymityHistogramBucket": { "id": "GooglePrivacyDlpV2KAnonymityHistogramBucket", "type": "object", "properties": { "bucketSize": { "format": "int64", "type": "string", "description": "Total number of equivalence classes in this bucket." }, "bucketValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2KAnonymityEquivalenceClass" }, "description": "Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20." }, "bucketValueCount": { "type": "string", "format": "int64", "description": "Total number of distinct equivalence classes in this bucket." }, "equivalenceClassSizeLowerBound": { "type": "string", "format": "int64", "description": "Lower bound on the size of the equivalence classes in this bucket." }, "equivalenceClassSizeUpperBound": { "description": "Upper bound on the size of the equivalence classes in this bucket.", "format": "int64", "type": "string" } }, "description": "Histogram of k-anonymity equivalence classes." }, "GooglePrivacyDlpV2OrConditions": { "description": "There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery.", "id": "GooglePrivacyDlpV2OrConditions", "type": "object", "properties": { "minRowCount": { "format": "int32", "type": "integer", "description": "Minimum number of rows that should be present before Cloud DLP profiles a table" }, "minAge": { "description": "Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.", "type": "string", "format": "google-duration" } } }, "GooglePrivacyDlpV2Disabled": { "description": "Do not profile the tables.", "id": "GooglePrivacyDlpV2Disabled", "type": "object", "properties": {} }, "GooglePrivacyDlpV2SearchConnectionsResponse": { "description": "Response message for SearchConnections.", "type": "object", "properties": { "connections": { "description": "List of connections that match the search query. Note that only a subset of the fields will be populated, and only \"name\" is guaranteed to be set. For full details of a Connection, call GetConnection with the name.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Connection" } }, "nextPageToken": { "description": "Token to retrieve the next page of results. An empty value means there are no more results.", "type": "string" } }, "id": "GooglePrivacyDlpV2SearchConnectionsResponse" }, "GooglePrivacyDlpV2InfoTypeCategory": { "type": "object", "properties": { "locationCategory": { "enum": [ "LOCATION_UNSPECIFIED", "GLOBAL", "ARGENTINA", "ARMENIA", "AUSTRALIA", "AUSTRIA", "AZERBAIJAN", "BELARUS", "BELGIUM", "BRAZIL", "CANADA", "CHILE", "CHINA", "COLOMBIA", "CROATIA", "CZECHIA", "DENMARK", "FRANCE", "FINLAND", "GERMANY", "HONG_KONG", "INDIA", "INDONESIA", "IRELAND", "ISRAEL", "ITALY", "JAPAN", "KAZAKHSTAN", "KOREA", "MEXICO", "THE_NETHERLANDS", "NEW_ZEALAND", "NORWAY", "PARAGUAY", "PERU", "POLAND", "PORTUGAL", "RUSSIA", "SINGAPORE", "SOUTH_AFRICA", "SPAIN", "SWEDEN", "SWITZERLAND", "TAIWAN", "THAILAND", "TURKEY", "UKRAINE", "UNITED_KINGDOM", "UNITED_STATES", "URUGUAY", "UZBEKISTAN", "VENEZUELA", "INTERNAL" ], "type": "string", "description": "The region or country that issued the ID or document represented by the infoType.", "enumDescriptions": [ "Unused location", "The infoType is not issued by or tied to a specific region, but is used almost everywhere.", "The infoType is typically used in Argentina.", "The infoType is typically used in Armenia.", "The infoType is typically used in Australia.", "The infoType is typically used in Austria.", "The infoType is typically used in Azerbaijan.", "The infoType is typically used in Belarus.", "The infoType is typically used in Belgium.", "The infoType is typically used in Brazil.", "The infoType is typically used in Canada.", "The infoType is typically used in Chile.", "The infoType is typically used in China.", "The infoType is typically used in Colombia.", "The infoType is typically used in Croatia.", "The infoType is typically used in Czechia.", "The infoType is typically used in Denmark.", "The infoType is typically used in France.", "The infoType is typically used in Finland.", "The infoType is typically used in Germany.", "The infoType is typically used in Hong Kong.", "The infoType is typically used in India.", "The infoType is typically used in Indonesia.", "The infoType is typically used in Ireland.", "The infoType is typically used in Israel.", "The infoType is typically used in Italy.", "The infoType is typically used in Japan.", "The infoType is typically used in Kazakhstan.", "The infoType is typically used in Korea.", "The infoType is typically used in Mexico.", "The infoType is typically used in the Netherlands.", "The infoType is typically used in New Zealand.", "The infoType is typically used in Norway.", "The infoType is typically used in Paraguay.", "The infoType is typically used in Peru.", "The infoType is typically used in Poland.", "The infoType is typically used in Portugal.", "The infoType is typically used in Russia.", "The infoType is typically used in Singapore.", "The infoType is typically used in South Africa.", "The infoType is typically used in Spain.", "The infoType is typically used in Sweden.", "The infoType is typically used in Switzerland.", "The infoType is typically used in Taiwan.", "The infoType is typically used in Thailand.", "The infoType is typically used in Turkey.", "The infoType is typically used in Ukraine.", "The infoType is typically used in the United Kingdom.", "The infoType is typically used in the United States.", "The infoType is typically used in Uruguay.", "The infoType is typically used in Uzbekistan.", "The infoType is typically used in Venezuela.", "The infoType is typically used in Google internally." ] }, "industryCategory": { "description": "The group of relevant businesses where this infoType is commonly used", "enumDescriptions": [ "Unused industry", "The infoType is typically used in the finance industry.", "The infoType is typically used in the health industry.", "The infoType is typically used in the telecommunications industry." ], "enum": [ "INDUSTRY_UNSPECIFIED", "FINANCE", "HEALTH", "TELECOMMUNICATIONS" ], "type": "string" }, "typeCategory": { "type": "string", "enum": [ "TYPE_UNSPECIFIED", "PII", "SPII", "DEMOGRAPHIC", "CREDENTIAL", "GOVERNMENT_ID", "DOCUMENT", "CONTEXTUAL_INFORMATION", "CUSTOM" ], "description": "The class of identifiers where this infoType belongs", "enumDescriptions": [ "Unused type", "Personally identifiable information, for example, a name or phone number", "Personally identifiable information that is especially sensitive, for example, a passport number.", "Attributes that can partially identify someone, especially in combination with other attributes, like age, height, and gender.", "Confidential or secret information, for example, a password.", "An identification document issued by a government.", "A document, for example, a resume or source code.", "Information that is not sensitive on its own, but provides details about the circumstances surrounding an entity or an event.", "Category for `CustomInfoType` types." ] } }, "id": "GooglePrivacyDlpV2InfoTypeCategory", "description": "Classification of infoTypes to organize them according to geographic location, industry, and data type." }, "GooglePrivacyDlpV2DiscoveryCloudSqlFilter": { "id": "GooglePrivacyDlpV2DiscoveryCloudSqlFilter", "type": "object", "properties": { "databaseResourceReference": { "description": "The database resource to scan. Targets including this can only include one target (the target with this database resource reference).", "$ref": "GooglePrivacyDlpV2DatabaseResourceReference" }, "collection": { "description": "A specific set of database resources for this filter to apply to.", "$ref": "GooglePrivacyDlpV2DatabaseResourceCollection" }, "others": { "description": "Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.", "$ref": "GooglePrivacyDlpV2AllOtherDatabaseResources" } }, "description": "Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name." }, "GooglePrivacyDlpV2UpdateConnectionRequest": { "id": "GooglePrivacyDlpV2UpdateConnectionRequest", "type": "object", "properties": { "connection": { "description": "Required. The connection with new values for the relevant fields.", "$ref": "GooglePrivacyDlpV2Connection" }, "updateMask": { "type": "string", "format": "google-fieldmask", "description": "Optional. Mask to control which fields get updated." } }, "description": "Request message for UpdateConnection." }, "GooglePrivacyDlpV2TransformationErrorHandling": { "id": "GooglePrivacyDlpV2TransformationErrorHandling", "type": "object", "properties": { "throwError": { "description": "Throw an error", "$ref": "GooglePrivacyDlpV2ThrowError" }, "leaveUntransformed": { "description": "Ignore errors", "$ref": "GooglePrivacyDlpV2LeaveUntransformed" } }, "description": "How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a `DateShift` transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the `TransformationOverviews`." }, "GooglePrivacyDlpV2TaggedField": { "type": "object", "properties": { "infoType": { "description": "A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.", "$ref": "GooglePrivacyDlpV2InfoType" }, "customTag": { "description": "A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column.", "type": "string" }, "inferred": { "description": "If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data", "$ref": "GoogleProtobufEmpty" }, "field": { "description": "Required. Identifies the column.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2TaggedField", "description": "A column with a semantic tag attached." }, "GooglePrivacyDlpV2ListDiscoveryConfigsResponse": { "description": "Response message for ListDiscoveryConfigs.", "type": "object", "properties": { "nextPageToken": { "description": "If the next page is available then this value is the next page token to be used in the following ListDiscoveryConfigs request.", "type": "string" }, "discoveryConfigs": { "description": "List of configs, up to page_size in ListDiscoveryConfigsRequest.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" } } }, "id": "GooglePrivacyDlpV2ListDiscoveryConfigsResponse" }, "GooglePrivacyDlpV2JobNotificationEmails": { "id": "GooglePrivacyDlpV2JobNotificationEmails", "type": "object", "properties": {}, "description": "Sends an email when the job completes. The email goes to IAM project owners and technical [Essential Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts)." }, "GooglePrivacyDlpV2HybridFindingDetails": { "description": "Populate to associate additional data with each finding.", "id": "GooglePrivacyDlpV2HybridFindingDetails", "type": "object", "properties": { "fileOffset": { "description": "Offset in bytes of the line, from the beginning of the file, where the finding is located. Populate if the item being scanned is only part of a bigger item, such as a shard of a file and you want to track the absolute position of the finding.", "type": "string", "format": "int64" }, "containerDetails": { "description": "Details about the container where the content being inspected is from.", "$ref": "GooglePrivacyDlpV2Container" }, "rowOffset": { "format": "int64", "type": "string", "description": "Offset of the row for tables. Populate if the row(s) being scanned are part of a bigger dataset and you want to keep track of their absolute position." }, "tableOptions": { "description": "If the container is a table, additional information to make findings meaningful such as the columns that are primary keys. If not known ahead of time, can also be set within each inspect hybrid call and the two will be merged. Note that identifying_fields will only be stored to BigQuery, and only if the BigQuery action has been included.", "$ref": "GooglePrivacyDlpV2TableOptions" }, "labels": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Labels to represent user provided metadata about the data being inspected. If configured by the job, some key values may be required. The labels associated with `Finding`'s produced by hybrid inspection. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 10 labels can be associated with a given finding. Examples: * `\"environment\" : \"production\"` * `\"pipeline\" : \"etl\"`" } } }, "GooglePrivacyDlpV2DiscoveryOtherCloudConditions": { "description": "Requirements that must be true before a resource is profiled for the first time.", "type": "object", "properties": { "minAge": { "description": "Minimum age a resource must be before Cloud DLP can profile it. Value must be 1 hour or greater.", "format": "google-duration", "type": "string" }, "amazonS3BucketConditions": { "description": "Amazon S3 bucket conditions.", "$ref": "GooglePrivacyDlpV2AmazonS3BucketConditions" } }, "id": "GooglePrivacyDlpV2DiscoveryOtherCloudConditions" }, "GooglePrivacyDlpV2DataProfileJobConfig": { "id": "GooglePrivacyDlpV2DataProfileJobConfig", "type": "object", "properties": { "dataProfileActions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DataProfileAction" }, "description": "Actions to execute at the completion of the job." }, "location": { "description": "The data to scan.", "$ref": "GooglePrivacyDlpV2DataProfileLocation" }, "otherCloudStartingLocation": { "description": "Must be set only when scanning other clouds.", "$ref": "GooglePrivacyDlpV2OtherCloudDiscoveryStartingLocation" }, "inspectTemplates": { "description": "Detection logic for profile generation. Not all template features are used by profiles. FindingLimits, include_quote and exclude_info_types have no impact on data profiling. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including \"global\"). Each region is scanned using the applicable template. If no region-specific template is specified, but a \"global\" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.", "type": "array", "items": { "type": "string" } }, "projectId": { "description": "The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the DLP API must be enabled.", "type": "string" } }, "description": "Configuration for setting up a job to scan resources for profile generation. Only one data profile configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention)." }, "GooglePrivacyDlpV2RecordLocation": { "description": "Location of a finding within a row or record.", "id": "GooglePrivacyDlpV2RecordLocation", "type": "object", "properties": { "recordKey": { "description": "Key of the finding.", "$ref": "GooglePrivacyDlpV2RecordKey" }, "tableLocation": { "description": "Location within a `ContentItem.Table`.", "$ref": "GooglePrivacyDlpV2TableLocation" }, "fieldId": { "description": "Field id of the field containing the finding.", "$ref": "GooglePrivacyDlpV2FieldId" } } }, "GooglePrivacyDlpV2DataProfileConfigSnapshot": { "description": "Snapshot of the configurations used to generate the profile.", "id": "GooglePrivacyDlpV2DataProfileConfigSnapshot", "type": "object", "properties": { "inspectTemplateName": { "description": "Name of the inspection template used to generate this profile", "type": "string" }, "inspectConfig": { "description": "A copy of the inspection config used to generate this profile. This is a copy of the inspect_template specified in `DataProfileJobConfig`.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "dataProfileJob": { "description": "A copy of the configuration used to generate this profile. This is deprecated, and the DiscoveryConfig field is preferred moving forward. DataProfileJobConfig will still be written here for Discovery in BigQuery for backwards compatibility, but will not be updated with new fields, while DiscoveryConfig will.", "deprecated": true, "$ref": "GooglePrivacyDlpV2DataProfileJobConfig" }, "discoveryConfig": { "description": "A copy of the configuration used to generate this profile.", "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "inspectTemplateModifiedTime": { "description": "Timestamp when the template was modified", "format": "google-datetime", "type": "string" } } }, "GooglePrivacyDlpV2TimespanConfig": { "description": "Configuration of the timespan of the items to include in scanning. Currently only supported when inspecting Cloud Storage and BigQuery.", "id": "GooglePrivacyDlpV2TimespanConfig", "type": "object", "properties": { "endTime": { "type": "string", "format": "google-datetime", "description": "Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied." }, "startTime": { "type": "string", "format": "google-datetime", "description": "Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied." }, "enableAutoPopulationOfTimespanConfig": { "description": "When the job is started by a JobTrigger we will automatically figure out a valid start_time to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger or the timespan end_time used in the last run of the JobTrigger. **For BigQuery** Inspect jobs triggered by automatic population will scan data that is at least three hours old when the job starts. This is because streaming buffer rows are not read during inspection and reading up to the current timestamp will result in skipped rows. See the [known issue](https://cloud.google.com/sensitive-data-protection/docs/known-issues#recently-streamed-data) related to this operation.", "type": "boolean" }, "timestampField": { "description": "Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. **For BigQuery** If this value is not specified and the table was modified between the given start and end times, the entire table will be scanned. If this value is specified, then rows are filtered based on the given start and end times. Rows with a `NULL` value in the provided BigQuery column are skipped. Valid data types of the provided BigQuery column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. If your BigQuery table is [partitioned at ingestion time](https://cloud.google.com/bigquery/docs/partitioned-tables#ingestion_time), you can use any of the following pseudo-columns as your timestamp field. When used with Cloud DLP, these pseudo-column names are case sensitive. - `_PARTITIONTIME` - `_PARTITIONDATE` - `_PARTITION_LOAD_TIME` **For Datastore** If this value is specified, then entities are filtered based on the given start and end times. If an entity does not contain the provided timestamp property or contains empty or invalid values, then it is included. Valid data types of the provided timestamp property are: `TIMESTAMP`. See the [known issue](https://cloud.google.com/sensitive-data-protection/docs/known-issues#bq-timespan) related to this operation.", "$ref": "GooglePrivacyDlpV2FieldId" } } }, "GooglePrivacyDlpV2UpdateInspectTemplateRequest": { "type": "object", "properties": { "inspectTemplate": { "description": "New InspectTemplate value.", "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "updateMask": { "description": "Mask to control which fields get updated.", "format": "google-fieldmask", "type": "string" } }, "id": "GooglePrivacyDlpV2UpdateInspectTemplateRequest", "description": "Request message for UpdateInspectTemplate." }, "GooglePrivacyDlpV2ActivateJobTriggerRequest": { "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2ActivateJobTriggerRequest", "description": "Request message for ActivateJobTrigger." }, "GooglePrivacyDlpV2RecordSuppression": { "type": "object", "properties": { "condition": { "description": "A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.", "$ref": "GooglePrivacyDlpV2RecordCondition" } }, "id": "GooglePrivacyDlpV2RecordSuppression", "description": "Configuration to suppress records whose suppression conditions evaluate to true." }, "GooglePrivacyDlpV2SurrogateType": { "description": "Message for detecting output from deidentification transformations such as [`CryptoReplaceFfxFpeConfig`](https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig). These types of transformations are those that perform pseudonymization, thereby producing a \"surrogate\" as output. This should be used in conjunction with a field on the transformation such as `surrogate_info_type`. This CustomInfoType does not support the use of `detection_rules`.", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2SurrogateType" }, "GooglePrivacyDlpV2RequestedOptions": { "description": "Snapshot of the inspection configuration.", "id": "GooglePrivacyDlpV2RequestedOptions", "type": "object", "properties": { "jobConfig": { "description": "Inspect config.", "$ref": "GooglePrivacyDlpV2InspectJobConfig" }, "snapshotInspectTemplate": { "description": "If run with an InspectTemplate, a snapshot of its state at the time of this run.", "$ref": "GooglePrivacyDlpV2InspectTemplate" } } }, "GooglePrivacyDlpV2HybridInspectStatistics": { "type": "object", "properties": { "abortedCount": { "format": "int64", "type": "string", "description": "The number of hybrid inspection requests aborted because the job ran out of quota or was ended before they could be processed." }, "pendingCount": { "description": "The number of hybrid requests currently being processed. Only populated when called via method `getDlpJob`. A burst of traffic may cause hybrid inspect requests to be enqueued. Processing will take place as quickly as possible, but resource limitations may impact how long a request is enqueued for.", "type": "string", "format": "int64" }, "processedCount": { "format": "int64", "type": "string", "description": "The number of hybrid inspection requests processed within this job." } }, "id": "GooglePrivacyDlpV2HybridInspectStatistics", "description": "Statistics related to processing hybrid inspect requests." }, "GooglePrivacyDlpV2DiscoveryCloudStorageFilter": { "type": "object", "properties": { "cloudStorageResourceReference": { "description": "Optional. The bucket to scan. Targets including this can only include one target (the target with this bucket). This enables profiling the contents of a single bucket, while the other options allow for easy profiling of many bucets within a project or an organization.", "$ref": "GooglePrivacyDlpV2CloudStorageResourceReference" }, "others": { "description": "Optional. Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.", "$ref": "GooglePrivacyDlpV2AllOtherResources" }, "collection": { "description": "Optional. A specific set of buckets for this filter to apply to.", "$ref": "GooglePrivacyDlpV2FileStoreCollection" } }, "id": "GooglePrivacyDlpV2DiscoveryCloudStorageFilter", "description": "Determines which buckets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID and bucket name." }, "GooglePrivacyDlpV2BigQueryTable": { "id": "GooglePrivacyDlpV2BigQueryTable", "type": "object", "properties": { "projectId": { "description": "The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call.", "type": "string" }, "tableId": { "description": "Name of the table.", "type": "string" }, "datasetId": { "description": "Dataset ID of the table.", "type": "string" } }, "description": "Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`." }, "GooglePrivacyDlpV2Schedule": { "description": "Schedule for inspect job triggers.", "type": "object", "properties": { "recurrencePeriodDuration": { "format": "google-duration", "type": "string", "description": "With this option a job is started on a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days." } }, "id": "GooglePrivacyDlpV2Schedule" }, "GooglePrivacyDlpV2HotwordRule": { "description": "The rule that adjusts the likelihood of findings within a certain proximity of hotwords.", "type": "object", "properties": { "proximity": { "description": "Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The finding itself will be included in the window, so that hotwords can be used to match substrings of the finding itself. Suppose you want Cloud DLP to promote the likelihood of the phone number regex \"\\(\\d{3}\\) \\d{3}-\\d{4}\" if the area code is known to be the area code of a company's office. In this case, use the hotword regex \"\\(xxx\\)\", where \"xxx\" is the area code in question. For tabular data, if you want to modify the likelihood of an entire column of findngs, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values).", "$ref": "GooglePrivacyDlpV2Proximity" }, "hotwordRegex": { "description": "Regular expression pattern defining what qualifies as a hotword.", "$ref": "GooglePrivacyDlpV2Regex" }, "likelihoodAdjustment": { "description": "Likelihood adjustment to apply to all matching findings.", "$ref": "GooglePrivacyDlpV2LikelihoodAdjustment" } }, "id": "GooglePrivacyDlpV2HotwordRule" }, "GooglePrivacyDlpV2ContentMetadata": { "id": "GooglePrivacyDlpV2ContentMetadata", "type": "object", "properties": { "properties": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2KeyValueMetadataProperty" }, "description": "User provided key-value pairs of content metadata." } }, "description": "Metadata on content to be scanned." }, "GooglePrivacyDlpV2ReplaceDictionaryConfig": { "description": "Replace each input value with a value randomly selected from the dictionary.", "id": "GooglePrivacyDlpV2ReplaceDictionaryConfig", "type": "object", "properties": { "wordList": { "description": "A list of words to select from for random replacement. The [limits](https://cloud.google.com/sensitive-data-protection/limits) page contains details about the size limits of dictionaries.", "$ref": "GooglePrivacyDlpV2WordList" } } }, "GooglePrivacyDlpV2StorageMetadataLabel": { "id": "GooglePrivacyDlpV2StorageMetadataLabel", "type": "object", "properties": { "key": { "description": "Label name.", "type": "string" } }, "description": "Storage metadata label to indicate which metadata entry contains findings." }, "GooglePrivacyDlpV2StatisticalTable": { "type": "object", "properties": { "quasiIds": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2QuasiIdentifierField" }, "description": "Required. Quasi-identifier columns." }, "relativeFrequency": { "description": "Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero.", "$ref": "GooglePrivacyDlpV2FieldId" }, "table": { "description": "Required. Auxiliary table location.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "id": "GooglePrivacyDlpV2StatisticalTable", "description": "An auxiliary table containing statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable)." }, "GooglePrivacyDlpV2CloudStorageResourceReference": { "id": "GooglePrivacyDlpV2CloudStorageResourceReference", "type": "object", "properties": { "projectId": { "description": "Required. If within a project-level config, then this must match the config's project id.", "type": "string" }, "bucketName": { "description": "Required. The bucket to scan.", "type": "string" } }, "description": "Identifies a single Cloud Storage bucket." }, "GooglePrivacyDlpV2Proximity": { "id": "GooglePrivacyDlpV2Proximity", "type": "object", "properties": { "windowAfter": { "description": "Number of characters after the finding to consider.", "format": "int32", "type": "integer" }, "windowBefore": { "format": "int32", "type": "integer", "description": "Number of characters before the finding to consider. For tabular data, if you want to modify the likelihood of an entire column of findngs, set this to 1. For more information, see [Hotword example: Set the match likelihood of a table column] (https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes-likelihood#match-column-values)." } }, "description": "Message for specifying a window around a finding to apply a detection rule." }, "GooglePrivacyDlpV2StoredInfoType": { "type": "object", "properties": { "name": { "description": "Resource name.", "type": "string" }, "pendingVersions": { "description": "Pending versions of the stored info type. Empty if no versions are pending.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2StoredInfoTypeVersion" } }, "currentVersion": { "description": "Current version of the stored info type.", "$ref": "GooglePrivacyDlpV2StoredInfoTypeVersion" } }, "id": "GooglePrivacyDlpV2StoredInfoType", "description": "StoredInfoType resource message that contains information about the current version and any pending updates." }, "GooglePrivacyDlpV2Manual": { "description": "Job trigger option for hybrid jobs. Jobs must be manually created and finished.", "id": "GooglePrivacyDlpV2Manual", "type": "object", "properties": {} }, "GooglePrivacyDlpV2InfoTypeDescription": { "description": "InfoType description.", "type": "object", "properties": { "categories": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeCategory" }, "description": "The category of the infoType." }, "launchStatus": { "description": "The launch status of the infoType.", "enumDescriptions": [ "Unspecified.", "InfoType is generally available.", "InfoType is in public preview.", "InfoType is in private preview." ], "enum": [ "INFO_TYPE_LAUNCH_STATUS_UNSPECIFIED", "GENERAL_AVAILABILITY", "PUBLIC_PREVIEW", "PRIVATE_PREVIEW" ], "type": "string" }, "locationSupport": { "description": "Locations at which this feature can be used. May change over time.", "$ref": "GooglePrivacyDlpV2LocationSupport" }, "example": { "description": "A sample that is a true positive for this infoType.", "type": "string" }, "description": { "description": "Description of the infotype. Translated when language is provided in the request.", "type": "string" }, "displayName": { "description": "Human readable form of the infoType name.", "type": "string" }, "sensitivityScore": { "description": "The default sensitivity of the infoType.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "specificInfoTypes": { "type": "array", "items": { "type": "string" }, "description": "If this field is set, this infoType is a general infoType and these specific infoTypes are contained within it. General infoTypes are infoTypes that encompass multiple specific infoTypes. For example, the \"GEOGRAPHIC_DATA\" general infoType would have set for this field \"LOCATION\", \"LOCATION_COORDINATES\", and \"STREET_ADDRESS\"." }, "name": { "description": "Internal name of the infoType.", "type": "string" }, "supportedBy": { "description": "Which parts of the API supports this InfoType.", "type": "array", "items": { "type": "string", "enum": [ "ENUM_TYPE_UNSPECIFIED", "INSPECT", "RISK_ANALYSIS" ], "enumDescriptions": [ "Unused.", "Supported by the inspect operations.", "Supported by the risk analysis operations." ] } }, "versions": { "description": "A list of available versions for the infotype.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2VersionDescription" } } }, "id": "GooglePrivacyDlpV2InfoTypeDescription" }, "GooglePrivacyDlpV2CharacterMaskConfig": { "description": "Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3.", "id": "GooglePrivacyDlpV2CharacterMaskConfig", "type": "object", "properties": { "maskingCharacter": { "description": "Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.", "type": "string" }, "numberToMask": { "description": "Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If `number_to_mask` is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - `masking_character` is `*` - `number_to_mask` is `-4` - `reverse_order` is `false` - `CharsToIgnore` includes `-` - Input string is `1234-5678-9012-3456` The resulting de-identified string is `****-****-****-3456`. Cloud DLP masks all but the last four characters. If `reverse_order` is `true`, all but the first four characters are masked as `1234-****-****-****`.", "format": "int32", "type": "integer" }, "charactersToIgnore": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2CharsToIgnore" }, "description": "When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`." }, "reverseOrder": { "description": "Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.", "type": "boolean" } } }, "GooglePrivacyDlpV2InfoType": { "type": "object", "properties": { "name": { "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$_-]{1,64}`.", "type": "string" }, "version": { "description": "Optional version name for this InfoType.", "type": "string" }, "sensitivityScore": { "description": "Optional custom sensitivity for this InfoType. This only applies to data profiling.", "$ref": "GooglePrivacyDlpV2SensitivityScore" } }, "id": "GooglePrivacyDlpV2InfoType", "description": "Type of information detected by the API." }, "GooglePrivacyDlpV2CloudStorageRegexFileSet": { "description": "Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include. Included files are those that match at least one item in `include_regex` and do not match any items in `exclude_regex`. Note that a file that matches items from both lists will _not_ be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression. For example, given the input `{bucket_name: \"mybucket\", include_regex: [\"directory1/.*\"], exclude_regex: [\"directory1/excluded.*\"]}`: * `gs://mybucket/directory1/myfile` will be included * `gs://mybucket/directory1/directory2/myfile` will be included (`.*` matches across `/`) * `gs://mybucket/directory0/directory1/myfile` will _not_ be included (the full path doesn't match any items in `include_regex`) * `gs://mybucket/directory1/excludedfile` will _not_ be included (the path matches an item in `exclude_regex`) If `include_regex` is left empty, it will match all files by default (this is equivalent to setting `include_regex: [\".*\"]`). Some other common use cases: * `{bucket_name: \"mybucket\", exclude_regex: [\".*\\.pdf\"]}` will include all files in `mybucket` except for .pdf files * `{bucket_name: \"mybucket\", include_regex: [\"directory/[^/]+\"]}` will include all files directly under `gs://mybucket/directory/`, without matching across `/`", "type": "object", "properties": { "bucketName": { "description": "The name of a Cloud Storage bucket. Required.", "type": "string" }, "includeRegex": { "type": "array", "items": { "type": "string" }, "description": "A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in `exclude_regex`. Leaving this field empty will match all files by default (this is equivalent to including `.*` in the list). Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub." }, "excludeRegex": { "description": "A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.", "type": "array", "items": { "type": "string" } } }, "id": "GooglePrivacyDlpV2CloudStorageRegexFileSet" }, "GooglePrivacyDlpV2VertexDatasetResourceReference": { "description": "Identifies a single Vertex AI resource. Only datasets are supported.", "type": "object", "properties": { "datasetResourceName": { "description": "Required. The name of the Vertex AI resource. If set within a project-level configuration, the specified resource must be within the project. Examples: * `projects/{project}/locations/{location}/datasets/{dataset}`", "type": "string" } }, "id": "GooglePrivacyDlpV2VertexDatasetResourceReference" }, "GooglePrivacyDlpV2InspectConfig": { "description": "Configuration description of the scanning process. When used with redactContent only info_types and min_likelihood are currently used.", "id": "GooglePrivacyDlpV2InspectConfig", "type": "object", "properties": { "customInfoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2CustomInfoType" }, "description": "CustomInfoTypes provided by the user. See https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes to learn more." }, "ruleSet": { "description": "Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. Not supported for the `metadata_key_value_expression` CustomInfoType.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InspectionRuleSet" } }, "includeQuote": { "description": "When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. This is not used for data profiling.", "type": "boolean" }, "limits": { "description": "Configuration to control the number of findings returned. This is not used for data profiling. When redacting sensitive data from images, finding limits don't apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don't include finding limits in RedactImage requests. Otherwise, Cloud DLP returns an error. When set within an InspectJobConfig, the specified maximum values aren't hard limits. If an inspection job reaches these limits, the job ends gradually, not abruptly. Therefore, the actual number of findings that Cloud DLP returns can be multiple times higher than these maximum values.", "$ref": "GooglePrivacyDlpV2FindingLimits" }, "contentOptions": { "description": "Deprecated and unused.", "type": "array", "items": { "type": "string", "enum": [ "CONTENT_UNSPECIFIED", "CONTENT_TEXT", "CONTENT_IMAGE" ], "enumDescriptions": [ "Includes entire content of a file or a data stream.", "Text content within the data, excluding any metadata.", "Images found in the data." ] } }, "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose a default list of detectors to run, which may change over time. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time." }, "minLikelihoodPerInfoType": { "description": "Minimum likelihood per infotype. For each infotype, a user can specify a minimum likelihood. The system only returns a finding if its likelihood is above this threshold. If this field is not set, the system uses the InspectConfig min_likelihood.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeLikelihood" } }, "minLikelihood": { "description": "Only returns findings equal to or above this threshold. The default is POSSIBLE. In general, the highest likelihood setting yields the fewest findings in results and the lowest chance of a false positive. For more information, see [Match likelihood](https://cloud.google.com/sensitive-data-protection/docs/likelihood).", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ], "type": "string" }, "excludeInfoTypes": { "description": "When true, excludes type information of the findings. This is not used for data profiling.", "type": "boolean" } } }, "GooglePrivacyDlpV2FileStoreInfoTypeSummary": { "description": "Information regarding the discovered InfoType.", "type": "object", "properties": { "infoType": { "description": "The InfoType seen.", "$ref": "GooglePrivacyDlpV2InfoType" } }, "id": "GooglePrivacyDlpV2FileStoreInfoTypeSummary" }, "GooglePrivacyDlpV2TagCondition": { "id": "GooglePrivacyDlpV2TagCondition", "type": "object", "properties": { "tag": { "description": "The tag value to attach to resources.", "$ref": "GooglePrivacyDlpV2TagValue" }, "sensitivityScore": { "description": "Conditions attaching the tag to a resource on its profile having this sensitivity score.", "$ref": "GooglePrivacyDlpV2SensitivityScore" } }, "description": "The tag to attach to profiles matching the condition. At most one `TagCondition` can be specified per sensitivity level." }, "GooglePrivacyDlpV2DataProfilePubSubCondition": { "description": "A condition for determining whether a Pub/Sub should be triggered.", "type": "object", "properties": { "expressions": { "description": "An expression.", "$ref": "GooglePrivacyDlpV2PubSubExpressions" } }, "id": "GooglePrivacyDlpV2DataProfilePubSubCondition" }, "GooglePrivacyDlpV2DiscoveryTableModifiedCadence": { "description": "The cadence at which to update data profiles when a table is modified.", "type": "object", "properties": { "frequency": { "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string", "description": "How frequently data profiles can be updated when tables are modified. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] }, "types": { "description": "The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.", "type": "array", "items": { "enum": [ "TABLE_MODIFICATION_UNSPECIFIED", "TABLE_MODIFIED_TIMESTAMP" ], "type": "string", "enumDescriptions": [ "Unused.", "A table will be considered modified when the last_modified_time from BigQuery has been updated." ] } } }, "id": "GooglePrivacyDlpV2DiscoveryTableModifiedCadence" }, "GooglePrivacyDlpV2InspectionRule": { "id": "GooglePrivacyDlpV2InspectionRule", "type": "object", "properties": { "hotwordRule": { "description": "Hotword-based detection rule.", "$ref": "GooglePrivacyDlpV2HotwordRule" }, "adjustmentRule": { "description": "Adjustment rule.", "$ref": "GooglePrivacyDlpV2AdjustmentRule" }, "exclusionRule": { "description": "Exclusion rule.", "$ref": "GooglePrivacyDlpV2ExclusionRule" } }, "description": "A single inspection rule to be applied to infoTypes, specified in `InspectionRuleSet`." }, "GooglePrivacyDlpV2KmsWrappedCryptoKey": { "type": "object", "properties": { "wrappedKey": { "type": "string", "format": "byte", "description": "Required. The wrapped data crypto key." }, "cryptoKeyName": { "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.", "type": "string" } }, "id": "GooglePrivacyDlpV2KmsWrappedCryptoKey", "description": "Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/sensitive-data-protection/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing)." }, "GooglePrivacyDlpV2KMapEstimationHistogramBucket": { "id": "GooglePrivacyDlpV2KMapEstimationHistogramBucket", "type": "object", "properties": { "maxAnonymity": { "type": "string", "format": "int64", "description": "Always greater than or equal to min_anonymity." }, "minAnonymity": { "description": "Always positive.", "type": "string", "format": "int64" }, "bucketValues": { "description": "Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2KMapEstimationQuasiIdValues" } }, "bucketValueCount": { "description": "Total number of distinct quasi-identifier tuple values in this bucket.", "type": "string", "format": "int64" }, "bucketSize": { "format": "int64", "type": "string", "description": "Number of records within these anonymity bounds." } }, "description": "A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records." }, "GooglePrivacyDlpV2DiscoveryVertexDatasetConditions": { "description": "Requirements that must be true before a dataset is profiled for the first time.", "id": "GooglePrivacyDlpV2DiscoveryVertexDatasetConditions", "type": "object", "properties": { "createdAfter": { "description": "Vertex AI dataset must have been created after this date. Used to avoid backfilling.", "type": "string", "format": "google-datetime" }, "minAge": { "description": "Minimum age a Vertex AI dataset must have. If set, the value must be 1 hour or greater.", "format": "google-duration", "type": "string" } } }, "GooglePrivacyDlpV2DiscoveryVertexDatasetGenerationCadence": { "id": "GooglePrivacyDlpV2DiscoveryVertexDatasetGenerationCadence", "type": "object", "properties": { "refreshFrequency": { "description": "If you set this field, profiles are refreshed at this frequency regardless of whether the underlying datasets have changed. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ], "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string" }, "inspectTemplateModifiedCadence": { "description": "Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to be updated.", "$ref": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" } }, "description": "How often existing datasets should have their profiles refreshed. New datasets are scanned as quickly as possible depending on system capacity." }, "GooglePrivacyDlpV2DiscoveryOtherCloudFilter": { "description": "Determines which resources from the other cloud will have profiles generated. Includes the ability to filter by resource names.", "id": "GooglePrivacyDlpV2DiscoveryOtherCloudFilter", "type": "object", "properties": { "singleResource": { "description": "The resource to scan. Configs using this filter can only have one target (the target with this single resource reference).", "$ref": "GooglePrivacyDlpV2OtherCloudSingleResourceReference" }, "others": { "description": "Optional. Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.", "$ref": "GooglePrivacyDlpV2AllOtherResources" }, "collection": { "description": "A collection of resources for this filter to apply to.", "$ref": "GooglePrivacyDlpV2OtherCloudResourceCollection" } } }, "GooglePrivacyDlpV2SaveToGcsFindingsOutput": { "description": "Collection of findings saved to a Cloud Storage bucket. This is used as the proto schema for textproto files created when specifying a cloud storage path to save Inspect findings.", "type": "object", "properties": { "findings": { "description": "List of findings.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Finding" } } }, "id": "GooglePrivacyDlpV2SaveToGcsFindingsOutput" }, "GooglePrivacyDlpV2InspectContentRequest": { "id": "GooglePrivacyDlpV2InspectContentRequest", "type": "object", "properties": { "inspectTemplateName": { "description": "Template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.", "type": "string" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" }, "inspectConfig": { "description": "Configuration for the inspector. What specified here will override the template referenced by the inspect_template_name argument.", "$ref": "GooglePrivacyDlpV2InspectConfig" }, "item": { "description": "The item to inspect.", "$ref": "GooglePrivacyDlpV2ContentItem" } }, "description": "Request to search for potentially sensitive info in a ContentItem." }, "GooglePrivacyDlpV2PublishToPubSub": { "id": "GooglePrivacyDlpV2PublishToPubSub", "type": "object", "properties": { "topic": { "description": "Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.", "type": "string" } }, "description": "Publish a message into a given Pub/Sub topic when DlpJob has completed. The message contains a single field, `DlpJobName`, which is equal to the finished job's [`DlpJob.name`](https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/projects.dlpJobs#DlpJob). Compatible with: Inspect, Risk" }, "GooglePrivacyDlpV2SensitivityScore": { "description": "Score is calculated from of all elements in the data profile. A higher level means the data is more sensitive.", "id": "GooglePrivacyDlpV2SensitivityScore", "type": "object", "properties": { "score": { "description": "The sensitivity score applied to the resource.", "enumDescriptions": [ "Unused.", "No sensitive information detected. The resource isn't publicly accessible.", "Unable to determine sensitivity.", "Medium risk. Contains personally identifiable information (PII), potentially sensitive data, or fields with free-text data that are at a higher risk of having intermittent sensitive data. Consider limiting access.", "High risk. Sensitive personally identifiable information (SPII) can be present. Exfiltration of data can lead to user data loss. Re-identification of users might be possible. Consider limiting usage and or removing SPII." ], "type": "string", "enum": [ "SENSITIVITY_SCORE_UNSPECIFIED", "SENSITIVITY_LOW", "SENSITIVITY_UNKNOWN", "SENSITIVITY_MODERATE", "SENSITIVITY_HIGH" ] } } }, "GooglePrivacyDlpV2SelectedInfoTypes": { "id": "GooglePrivacyDlpV2SelectedInfoTypes", "type": "object", "properties": { "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "Required. InfoTypes to apply the transformation to. Required. Provided InfoType must be unique within the ImageTransformations message." } }, "description": "Apply transformation to the selected info_types." }, "GooglePrivacyDlpV2OtherCloudDiscoveryTarget": { "id": "GooglePrivacyDlpV2OtherCloudDiscoveryTarget", "type": "object", "properties": { "filter": { "description": "Required. The resources that the discovery cadence applies to. The first target with a matching filter will be the one to apply to a resource.", "$ref": "GooglePrivacyDlpV2DiscoveryOtherCloudFilter" }, "dataSourceType": { "description": "Required. The type of data profiles generated by this discovery target. Supported values are: * aws/s3/bucket", "$ref": "GooglePrivacyDlpV2DataSourceType" }, "disabled": { "description": "Disable profiling for resources that match this filter.", "$ref": "GooglePrivacyDlpV2Disabled" }, "conditions": { "description": "Optional. In addition to matching the filter, these conditions must be true before a profile is generated.", "$ref": "GooglePrivacyDlpV2DiscoveryOtherCloudConditions" }, "generationCadence": { "description": "How often and when to update data profiles. New resources that match both the filter and conditions are scanned as quickly as possible depending on system capacity.", "$ref": "GooglePrivacyDlpV2DiscoveryOtherCloudGenerationCadence" } }, "description": "Target used to match against for discovery of resources from other clouds. An [AWS connector in Security Command Center (Enterprise](https://cloud.google.com/security-command-center/docs/connect-scc-to-aws) is required to use this feature." }, "GooglePrivacyDlpV2TableDataProfile": { "description": "The profile for a scanned table.", "type": "object", "properties": { "fullResource": { "description": "The Cloud Asset Inventory resource that was profiled in order to generate this TableDataProfile. https://cloud.google.com/apis/design/resource_names#full_resource_name", "type": "string" }, "sampleFindingsTable": { "description": "The BigQuery table to which the sample findings are written.", "$ref": "GooglePrivacyDlpV2BigQueryTable" }, "tableSizeBytes": { "description": "The size of the table when the profile was generated.", "format": "int64", "type": "string" }, "datasetId": { "description": "If the resource is BigQuery, the dataset ID.", "type": "string" }, "predictedInfoTypes": { "description": "The infoTypes predicted from this table's data.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoTypeSummary" } }, "tableId": { "description": "The table ID.", "type": "string" }, "scannedColumnCount": { "format": "int64", "type": "string", "description": "The number of columns profiled in the table." }, "tags": { "description": "The tags attached to the table, including any tags attached during profiling. Because tags are attached to Cloud SQL instances rather than Cloud SQL tables, this field is empty for Cloud SQL table profiles.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Tag" } }, "otherInfoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2OtherInfoTypeSummary" }, "description": "Other infoTypes found in this table's data." }, "rowCount": { "description": "Number of rows in the table when the profile was generated. This will not be populated for BigLake tables.", "type": "string", "format": "int64" }, "failedColumnCount": { "description": "The number of columns skipped in the table because of an error.", "format": "int64", "type": "string" }, "lastModifiedTime": { "description": "The time when this table was last modified", "type": "string", "format": "google-datetime" }, "createTime": { "description": "The time at which the table was created.", "type": "string", "format": "google-datetime" }, "state": { "description": "State of a profile. This will always be set to DONE when the table data profile is written to another service like BigQuery or Pub/Sub.", "enumDescriptions": [ "Unused.", "The profile is currently running. Once a profile has finished it will transition to DONE.", "The profile is no longer generating. If profile_status.status.code is 0, the profile succeeded, otherwise, it failed." ], "enum": [ "STATE_UNSPECIFIED", "RUNNING", "DONE" ], "type": "string" }, "sensitivityScore": { "description": "The sensitivity score of this table.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "profileStatus": { "description": "Success or error status from the most recent profile generation attempt. May be empty if the profile is still being generated.", "$ref": "GooglePrivacyDlpV2ProfileStatus" }, "resourceVisibility": { "description": "How broadly a resource has been shared.", "enumDescriptions": [ "Unused.", "Visible to any user.", "May contain public items. For example, if a Cloud Storage bucket has uniform bucket level access disabled, some objects inside it may be public, but none are known yet.", "Visible only to specific users." ], "enum": [ "RESOURCE_VISIBILITY_UNSPECIFIED", "RESOURCE_VISIBILITY_PUBLIC", "RESOURCE_VISIBILITY_INCONCLUSIVE", "RESOURCE_VISIBILITY_RESTRICTED" ], "type": "string" }, "configSnapshot": { "description": "The snapshot of the configurations used to generate the profile.", "$ref": "GooglePrivacyDlpV2DataProfileConfigSnapshot" }, "relatedResources": { "description": "Resources related to this profile.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2RelatedResource" } }, "expirationTime": { "description": "Optional. The time when this table expires.", "type": "string", "format": "google-datetime" }, "datasetProjectId": { "description": "The Google Cloud project ID that owns the resource.", "type": "string" }, "dataRiskLevel": { "description": "The data risk level of this table.", "$ref": "GooglePrivacyDlpV2DataRiskLevel" }, "profileLastGenerated": { "format": "google-datetime", "type": "string", "description": "The last time the profile was generated." }, "resourceLabels": { "description": "The labels applied to the resource at the time the profile was generated.", "additionalProperties": { "type": "string" }, "type": "object" }, "encryptionStatus": { "description": "How the table is encrypted.", "enumDescriptions": [ "Unused.", "Google manages server-side encryption keys on your behalf.", "Customer provides the key." ], "enum": [ "ENCRYPTION_STATUS_UNSPECIFIED", "ENCRYPTION_GOOGLE_MANAGED", "ENCRYPTION_CUSTOMER_MANAGED" ], "type": "string" }, "dataSourceType": { "description": "The resource type that was profiled.", "$ref": "GooglePrivacyDlpV2DataSourceType" }, "name": { "description": "The name of the profile.", "type": "string" }, "datasetLocation": { "description": "If supported, the location where the dataset's data is stored. See https://cloud.google.com/bigquery/docs/locations for supported locations.", "type": "string" }, "projectDataProfile": { "description": "The resource name of the project data profile for this table.", "type": "string" }, "domains": { "description": "Domains associated with the profile.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Domain" } } }, "id": "GooglePrivacyDlpV2TableDataProfile" }, "GooglePrivacyDlpV2StoredType": { "description": "A reference to a StoredInfoType to use with scanning.", "type": "object", "properties": { "name": { "description": "Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`.", "type": "string" }, "createTime": { "type": "string", "format": "google-datetime", "description": "Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system." } }, "id": "GooglePrivacyDlpV2StoredType" }, "GooglePrivacyDlpV2PublishSummaryToCscc": { "description": "Publish the result summary of a DlpJob to [Security Command Center](https://cloud.google.com/security-command-center). This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by [service-specific policies for Security Command Center](https://cloud.google.com/terms/service-terms). Only a single instance of this action can be specified. Compatible with: Inspect", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2PublishSummaryToCscc" }, "GooglePrivacyDlpV2PrimitiveTransformation": { "description": "A rule for transforming a value.", "id": "GooglePrivacyDlpV2PrimitiveTransformation", "type": "object", "properties": { "replaceConfig": { "description": "Replace with a specified value.", "$ref": "GooglePrivacyDlpV2ReplaceValueConfig" }, "fixedSizeBucketingConfig": { "description": "Fixed size bucketing", "$ref": "GooglePrivacyDlpV2FixedSizeBucketingConfig" }, "replaceWithInfoTypeConfig": { "description": "Replace with infotype", "$ref": "GooglePrivacyDlpV2ReplaceWithInfoTypeConfig" }, "redactConfig": { "description": "Redact", "$ref": "GooglePrivacyDlpV2RedactConfig" }, "characterMaskConfig": { "description": "Mask", "$ref": "GooglePrivacyDlpV2CharacterMaskConfig" }, "cryptoReplaceFfxFpeConfig": { "description": "Ffx-Fpe. Strongly discouraged, consider using CryptoDeterministicConfig instead. Fpe is computationally expensive incurring latency costs.", "$ref": "GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig" }, "bucketingConfig": { "description": "Bucketing", "$ref": "GooglePrivacyDlpV2BucketingConfig" }, "timePartConfig": { "description": "Time extraction", "$ref": "GooglePrivacyDlpV2TimePartConfig" }, "cryptoDeterministicConfig": { "description": "Deterministic Crypto", "$ref": "GooglePrivacyDlpV2CryptoDeterministicConfig" }, "cryptoHashConfig": { "description": "Crypto", "$ref": "GooglePrivacyDlpV2CryptoHashConfig" }, "replaceDictionaryConfig": { "description": "Replace with a value randomly drawn (with replacement) from a dictionary.", "$ref": "GooglePrivacyDlpV2ReplaceDictionaryConfig" }, "dateShiftConfig": { "description": "Date Shift", "$ref": "GooglePrivacyDlpV2DateShiftConfig" } } }, "GooglePrivacyDlpV2KAnonymityEquivalenceClass": { "description": "The set of columns' values that share the same ldiversity value", "id": "GooglePrivacyDlpV2KAnonymityEquivalenceClass", "type": "object", "properties": { "equivalenceClassSize": { "description": "Size of the equivalence class, for example number of rows with the above set of values.", "format": "int64", "type": "string" }, "quasiIdsValues": { "description": "Set of values defining the equivalence class. One value per quasi-identifier column in the original KAnonymity metric message. The order is always the same as the original request.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" } } } }, "GooglePrivacyDlpV2OrgConfig": { "description": "Project and scan location information. Only set when the parent is an org.", "type": "object", "properties": { "location": { "description": "The data to scan: folder, org, or project", "$ref": "GooglePrivacyDlpV2DiscoveryStartingLocation" }, "projectId": { "description": "The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the DLP API must be enabled.", "type": "string" } }, "id": "GooglePrivacyDlpV2OrgConfig" }, "GooglePrivacyDlpV2AdjustByMatchingInfoTypes": { "description": "AdjustmentRule condition for matching infoTypes.", "id": "GooglePrivacyDlpV2AdjustByMatchingInfoTypes", "type": "object", "properties": { "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "Sensitive Data Protection adjusts the likelihood of a finding if that finding also matches one of these infoTypes. For example, you can create a rule to adjust the likelihood of a `PHONE_NUMBER` finding if the string is found within a document that is classified as `DOCUMENT_TYPE/HR/RESUME`. To configure this, set `PHONE_NUMBER` in `InspectionRuleSet.info_types`. Add an `adjustment_rule` with an `adjust_by_matching_info_types.info_types` that contains `DOCUMENT_TYPE/HR/RESUME`. In this case, the likelihood of the `PHONE_NUMBER` finding is adjusted, but the likelihood of the `DOCUMENT_TYPE/HR/RESUME` finding is not." }, "minLikelihood": { "type": "string", "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ], "description": "Required. Minimum likelihood of the `adjust_by_matching_info_types.info_types` finding. If the likelihood is lower than this value, Sensitive Data Protection doesn't adjust the likelihood of the `InspectionRuleSet.info_types` finding.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ] }, "matchingType": { "enum": [ "MATCHING_TYPE_UNSPECIFIED", "MATCHING_TYPE_FULL_MATCH", "MATCHING_TYPE_PARTIAL_MATCH", "MATCHING_TYPE_INVERSE_MATCH", "MATCHING_TYPE_RULE_SPECIFIC" ], "type": "string", "description": "How the adjustment rule is applied. Only `MATCHING_TYPE_PARTIAL_MATCH` is supported: - Partial match: adjusts the findings of infoTypes specified in the inspection rule when they have a nonempty intersection with a finding of an infoType specified in this adjustment rule.", "enumDescriptions": [ "Invalid.", "Full match. - Dictionary: join of Dictionary results matched the complete finding quote - Regex: all regex matches fill a finding quote from start to end - Exclude infoType: completely inside affecting infoTypes findings", "Partial match. - Dictionary: at least one of the tokens in the finding matches - Regex: substring of the finding matches - Exclude infoType: intersects with affecting infoTypes findings", "Inverse match. - Dictionary: no tokens in the finding match the dictionary - Regex: finding doesn't match the regex - Exclude infoType: no intersection with affecting infoTypes findings", "Rule-specific match. The matching logic is based on the specific rule being used. This is required for rules where the matching behavior is not a simple string comparison (e.g., image containment). This matching type can only be used with the `ExcludeByImageFindings` rule. - Exclude by image findings: The matching logic is defined within `ExcludeByImageFindings` based on spatial relationships between bounding boxes." ] } } }, "GooglePrivacyDlpV2EntityId": { "id": "GooglePrivacyDlpV2EntityId", "type": "object", "properties": { "field": { "description": "Composite key indicating which field contains the entity identifier.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "description": "An entity in a dataset is a field or set of fields that correspond to a single person. For example, in medical records the `EntityId` might be a patient identifier, or for financial records it might be an account identifier. This message is used when generalizations or analysis must take into account that multiple rows correspond to the same entity." }, "GooglePrivacyDlpV2NumericalStatsResult": { "description": "Result of the numerical stats computation.", "id": "GooglePrivacyDlpV2NumericalStatsResult", "type": "object", "properties": { "maxValue": { "description": "Maximum value appearing in the column.", "$ref": "GooglePrivacyDlpV2Value" }, "minValue": { "description": "Minimum value appearing in the column.", "$ref": "GooglePrivacyDlpV2Value" }, "quantileValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" }, "description": "List of 99 values that partition the set of field values into 100 equal sized buckets." } } }, "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest": { "description": "Request message for CreateDeidentifyTemplate.", "id": "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest", "type": "object", "properties": { "locationId": { "description": "Deprecated. This field has no effect.", "type": "string" }, "templateId": { "description": "The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" }, "deidentifyTemplate": { "description": "Required. The DeidentifyTemplate to create.", "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } } }, "GooglePrivacyDlpV2AllOtherDatabaseResources": { "id": "GooglePrivacyDlpV2AllOtherDatabaseResources", "type": "object", "properties": {}, "description": "Match database resources not covered by any other filter." }, "GooglePrivacyDlpV2LeaveUntransformed": { "description": "Skips the data without modifying it if the requested transformation would cause an error. For example, if a `DateShift` transformation were applied an an IP address, this mode would leave the IP address unchanged in the response.", "id": "GooglePrivacyDlpV2LeaveUntransformed", "type": "object", "properties": {} }, "GooglePrivacyDlpV2KMapEstimationResult": { "description": "Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.", "type": "object", "properties": { "kMapEstimationHistogram": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2KMapEstimationHistogramBucket" }, "description": "The intervals [min_anonymity, max_anonymity] do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_anonymity: 1, max_anonymity: 1, frequency: 17} {min_anonymity: 2, max_anonymity: 3, frequency: 42} {min_anonymity: 5, max_anonymity: 10, frequency: 99} mean that there are no record with an estimated anonymity of 4, 5, or larger than 10." } }, "id": "GooglePrivacyDlpV2KMapEstimationResult" }, "GooglePrivacyDlpV2CloudSqlIamCredential": { "description": "Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.", "id": "GooglePrivacyDlpV2CloudSqlIamCredential", "type": "object", "properties": {} }, "GooglePrivacyDlpV2InspectResult": { "description": "All the findings for a single scanned item.", "id": "GooglePrivacyDlpV2InspectResult", "type": "object", "properties": { "findings": { "description": "List of findings for an item.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Finding" } }, "findingsTruncated": { "description": "If true, then this item might have more findings than were returned, and the findings returned are an arbitrary subset of all findings. The findings list might be truncated because the input items were too large, or because the server reached the maximum amount of resources allowed for a single API call. For best results, divide the input into smaller batches.", "type": "boolean" } } }, "GooglePrivacyDlpV2Container": { "id": "GooglePrivacyDlpV2Container", "type": "object", "properties": { "relativePath": { "description": "The rest of the path after the root. Examples: - For BigQuery table `project_id:dataset_id.table_id`, the relative path is `table_id` - For Cloud Storage file `gs://bucket/folder/filename.txt`, the relative path is `folder/filename.txt`", "type": "string" }, "version": { "description": "Findings container version, if available (\"generation\" for Cloud Storage).", "type": "string" }, "projectId": { "description": "Project where the finding was found. Can be different from the project that owns the finding.", "type": "string" }, "type": { "description": "Container type, for example BigQuery or Cloud Storage.", "type": "string" }, "fullPath": { "description": "A string representation of the full container name. Examples: - BigQuery: 'Project:DataSetId.TableId' - Cloud Storage: 'gs://Bucket/folders/filename.txt'", "type": "string" }, "rootPath": { "description": "The root of the container. Examples: - For BigQuery table `project_id:dataset_id.table_id`, the root is `dataset_id` - For Cloud Storage file `gs://bucket/folder/filename.txt`, the root is `gs://bucket`", "type": "string" }, "updateTime": { "type": "string", "format": "google-datetime", "description": "Findings container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated." } }, "description": "Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record." }, "GooglePrivacyDlpV2InfoTypeLikelihood": { "description": "Configuration for setting a minimum likelihood per infotype. Used to customize the minimum likelihood level for specific infotypes in the request. For example, use this if you want to lower the precision for PERSON_NAME without lowering the precision for the other infotypes in the request.", "id": "GooglePrivacyDlpV2InfoTypeLikelihood", "type": "object", "properties": { "minLikelihood": { "description": "Only returns findings equal to or above this threshold. This field is required or else the configuration fails.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ], "type": "string" }, "infoType": { "description": "Type of information the likelihood threshold applies to. Only one likelihood per info_type should be provided. If InfoTypeLikelihood does not have an info_type, the configuration fails.", "$ref": "GooglePrivacyDlpV2InfoType" } } }, "GooglePrivacyDlpV2Dictionary": { "description": "Custom information type based on a dictionary of words or phrases. This can be used to match sensitive information specific to the data, such as a list of employee IDs or job titles. Dictionary words are case-insensitive and all characters other than letters and digits in the unicode [Basic Multilingual Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) will be replaced with whitespace when scanning for matches, so the dictionary phrase \"Sam Johnson\" will match all three phrases \"sam johnson\", \"Sam, Johnson\", and \"Sam (Johnson)\". Additionally, the characters surrounding any match must be of a different type than the adjacent characters within the word, so letters must be next to non-letters and digits next to non-digits. For example, the dictionary word \"jen\" will match the first three letters of the text \"jen123\" but will return no matches for \"jennifer\". Dictionary words containing a large number of characters that are not letters or digits may result in unexpected findings because such characters are treated as whitespace. The [limits](https://cloud.google.com/sensitive-data-protection/limits) page contains details about the size limits of dictionaries. For dictionaries that do not fit within these constraints, consider using `LargeCustomDictionaryConfig` in the `StoredInfoType` API.", "id": "GooglePrivacyDlpV2Dictionary", "type": "object", "properties": { "wordList": { "description": "List of words or phrases to search for.", "$ref": "GooglePrivacyDlpV2WordList" }, "cloudStoragePath": { "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", "$ref": "GooglePrivacyDlpV2CloudStoragePath" } } }, "GooglePrivacyDlpV2Range": { "id": "GooglePrivacyDlpV2Range", "type": "object", "properties": { "end": { "description": "Index of the last character of the range (exclusive).", "format": "int64", "type": "string" }, "start": { "description": "Index of the first character of the range (inclusive).", "type": "string", "format": "int64" } }, "description": "Generic half-open interval [start, end)" }, "GooglePrivacyDlpV2Error": { "id": "GooglePrivacyDlpV2Error", "type": "object", "properties": { "timestamps": { "description": "The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.", "type": "array", "items": { "format": "google-datetime", "type": "string" } }, "extraInfo": { "description": "Additional information about the error.", "enumDescriptions": [ "Unused.", "Image scan is not available in the region.", "File store cluster is not supported for profile generation." ], "type": "string", "enum": [ "ERROR_INFO_UNSPECIFIED", "IMAGE_SCAN_UNAVAILABLE_IN_REGION", "FILE_STORE_CLUSTER_UNSUPPORTED" ] }, "details": { "description": "Detailed error codes and messages.", "$ref": "GoogleRpcStatus" } }, "description": "Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger." }, "GooglePrivacyDlpV2CancelDlpJobRequest": { "description": "The request message for canceling a DLP job.", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2CancelDlpJobRequest" }, "GooglePrivacyDlpV2ExcludeByHotword": { "type": "object", "properties": { "hotwordRegex": { "description": "Regular expression pattern defining what qualifies as a hotword.", "$ref": "GooglePrivacyDlpV2Regex" }, "proximity": { "description": "Range of characters within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. The windowBefore property in proximity should be set to 1 if the hotword needs to be included in a column header.", "$ref": "GooglePrivacyDlpV2Proximity" } }, "id": "GooglePrivacyDlpV2ExcludeByHotword", "description": "The rule to exclude findings based on a hotword. For record inspection of tables, column names are considered hotwords. An example of this is to exclude a finding if it belongs to a BigQuery column that matches a specific pattern." }, "GooglePrivacyDlpV2ImageLocation": { "id": "GooglePrivacyDlpV2ImageLocation", "type": "object", "properties": { "boundingBoxes": { "description": "Bounding boxes locating the pixels within the image containing the finding.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2BoundingBox" } } }, "description": "Location of the finding within an image." }, "GooglePrivacyDlpV2TransformationLocation": { "id": "GooglePrivacyDlpV2TransformationLocation", "type": "object", "properties": { "findingId": { "description": "For infotype transformations, link to the corresponding findings ID so that location information does not need to be duplicated. Each findings ID correlates to an entry in the findings output table, this table only gets created when users specify to save findings (add the save findings action to the request).", "type": "string" }, "recordTransformation": { "description": "For record transformations, provide a field and container information.", "$ref": "GooglePrivacyDlpV2RecordTransformation" }, "containerType": { "description": "Information about the functionality of the container where this finding occurred, if available.", "enumDescriptions": [ "Unused.", "Body of a file.", "Metadata for a file.", "A table." ], "enum": [ "TRANSFORM_UNKNOWN_CONTAINER", "TRANSFORM_BODY", "TRANSFORM_METADATA", "TRANSFORM_TABLE" ], "type": "string" } }, "description": "Specifies the location of a transformation." }, "GooglePrivacyDlpV2InfoTypeSummary": { "description": "The infoType details for this column.", "type": "object", "properties": { "infoType": { "description": "The infoType.", "$ref": "GooglePrivacyDlpV2InfoType" }, "estimatedPrevalence": { "description": "Not populated for predicted infotypes.", "deprecated": true, "format": "int32", "type": "integer" } }, "id": "GooglePrivacyDlpV2InfoTypeSummary" }, "GooglePrivacyDlpV2LikelihoodAdjustment": { "description": "Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.", "type": "object", "properties": { "fixedLikelihood": { "description": "Set the likelihood of a finding to a fixed value.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "type": "string", "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ] }, "relativeLikelihood": { "format": "int32", "type": "integer", "description": "Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`." } }, "id": "GooglePrivacyDlpV2LikelihoodAdjustment" }, "GooglePrivacyDlpV2ListJobTriggersResponse": { "description": "Response message for ListJobTriggers.", "type": "object", "properties": { "jobTriggers": { "description": "List of triggeredJobs, up to page_size in ListJobTriggersRequest.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2JobTrigger" } }, "nextPageToken": { "description": "If the next page is available then this value is the next page token to be used in the following ListJobTriggers request.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListJobTriggersResponse" }, "GooglePrivacyDlpV2DiscoveryCloudStorageGenerationCadence": { "id": "GooglePrivacyDlpV2DiscoveryCloudStorageGenerationCadence", "type": "object", "properties": { "refreshFrequency": { "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string", "description": "Optional. Data changes in Cloud Storage can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying buckets have changed. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] }, "inspectTemplateModifiedCadence": { "description": "Optional. Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to update.", "$ref": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" } }, "description": "How often existing buckets should have their profiles refreshed. New buckets are scanned as quickly as possible depending on system capacity." }, "GooglePrivacyDlpV2AdjustByImageFindings": { "type": "object", "properties": { "minLikelihood": { "description": "Required. Minimum likelihood of the `adjust_by_image_findings.info_types` finding. If the likelihood is lower than this value, Sensitive Data Protection doesn't adjust the likelihood of the `InspectionRuleSet.info_types` finding.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "type": "string", "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ] }, "infoTypes": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2InfoType" }, "description": "A list of image-supported infoTypes—excluding [document infoTypes](https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#documents)—to be used as context for the adjustment rule. Sensitive Data Protection adjusts the likelihood of an image finding if its bounding box has the specified spatial relationship (defined by `image_containment_type`) with a finding of an infoType in this list. For example, you can create a rule to adjust the likelihood of a `US_PASSPORT` finding if it is enclosed by a finding of `OBJECT_TYPE/PERSON/PASSPORT`. To configure this, set `US_PASSPORT` in `InspectionRuleSet.info_types`. Add an `adjustment_rule` with an `adjust_by_image_findings.info_types` that contains `OBJECT_TYPE/PERSON/PASSPORT` and `image_containment_type` set to `encloses`. In this case, the likelihood of the `US_PASSPORT` finding is adjusted, but the likelihood of the `OBJECT_TYPE/PERSON/PASSPORT` finding is not." }, "imageContainmentType": { "description": "Specifies the required spatial relationship between the bounding boxes of the target finding and the context infoType findings.", "$ref": "GooglePrivacyDlpV2ImageContainmentType" } }, "id": "GooglePrivacyDlpV2AdjustByImageFindings", "description": "AdjustmentRule condition for image findings. This rule is silently ignored if the content being inspected is not an image." }, "GooglePrivacyDlpV2ColumnDataProfile": { "description": "The profile for a scanned column within a table.", "id": "GooglePrivacyDlpV2ColumnDataProfile", "type": "object", "properties": { "tableDataProfile": { "description": "The resource name of the table data profile.", "type": "string" }, "datasetProjectId": { "description": "The Google Cloud project ID that owns the profiled resource.", "type": "string" }, "tableId": { "description": "The table ID.", "type": "string" }, "datasetId": { "description": "The BigQuery dataset ID, if the resource profiled is a BigQuery table.", "type": "string" }, "tableFullResource": { "description": "The resource name of the resource this column is within.", "type": "string" }, "column": { "description": "The name of the column.", "type": "string" }, "freeTextScore": { "format": "double", "type": "number", "description": "The likelihood that this column contains free-form text. A value close to 1 may indicate the column is likely to contain free-form or natural language text. Range in 0-1." }, "estimatedNullPercentage": { "description": "Approximate percentage of entries being null in the column.", "enumDescriptions": [ "Unused.", "Very few null entries.", "Some null entries.", "A few null entries.", "A lot of null entries." ], "type": "string", "enum": [ "NULL_PERCENTAGE_LEVEL_UNSPECIFIED", "NULL_PERCENTAGE_VERY_LOW", "NULL_PERCENTAGE_LOW", "NULL_PERCENTAGE_MEDIUM", "NULL_PERCENTAGE_HIGH" ] }, "columnInfoType": { "description": "If it's been determined this column can be identified as a single type, this will be set. Otherwise the column either has unidentifiable content or mixed types.", "$ref": "GooglePrivacyDlpV2InfoTypeSummary" }, "policyState": { "description": "Indicates if a policy tag has been applied to the column.", "enumDescriptions": [ "No policy tags.", "Column has policy tag applied." ], "enum": [ "COLUMN_POLICY_STATE_UNSPECIFIED", "COLUMN_POLICY_TAGGED" ], "type": "string" }, "state": { "enum": [ "STATE_UNSPECIFIED", "RUNNING", "DONE" ], "type": "string", "description": "State of a profile.", "enumDescriptions": [ "Unused.", "The profile is currently running. Once a profile has finished it will transition to DONE.", "The profile is no longer generating. If profile_status.status.code is 0, the profile succeeded, otherwise, it failed." ] }, "sensitivityScore": { "description": "The sensitivity of this column.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "profileStatus": { "description": "Success or error status from the most recent profile generation attempt. May be empty if the profile is still being generated.", "$ref": "GooglePrivacyDlpV2ProfileStatus" }, "columnType": { "description": "The data type of a given column.", "enumDescriptions": [ "Invalid type.", "Encoded as a string in decimal format.", "Encoded as a boolean \"false\" or \"true\".", "Encoded as a number, or string \"NaN\", \"Infinity\" or \"-Infinity\".", "Encoded as a string value.", "Encoded as a base64 string per RFC 4648, section 4.", "Encoded as an RFC 3339 timestamp with mandatory \"Z\" time zone string: 1985-04-12T23:20:50.52Z", "Encoded as RFC 3339 full-date format string: 1985-04-12", "Encoded as RFC 3339 partial-time format string: 23:20:50.52", "Encoded as RFC 3339 full-date \"T\" partial-time: 1985-04-12T23:20:50.52", "Encoded as WKT", "Encoded as a decimal string.", "Container of ordered fields, each with a type and field name.", "Decimal type.", "Json type.", "Interval type.", "`Range` type.", "`Range` type.", "`Range` type." ], "type": "string", "enum": [ "COLUMN_DATA_TYPE_UNSPECIFIED", "TYPE_INT64", "TYPE_BOOL", "TYPE_FLOAT64", "TYPE_STRING", "TYPE_BYTES", "TYPE_TIMESTAMP", "TYPE_DATE", "TYPE_TIME", "TYPE_DATETIME", "TYPE_GEOGRAPHY", "TYPE_NUMERIC", "TYPE_RECORD", "TYPE_BIGNUMERIC", "TYPE_JSON", "TYPE_INTERVAL", "TYPE_RANGE_DATE", "TYPE_RANGE_DATETIME", "TYPE_RANGE_TIMESTAMP" ] }, "name": { "description": "The name of the profile.", "type": "string" }, "datasetLocation": { "description": "If supported, the location where the dataset's data is stored. See https://cloud.google.com/bigquery/docs/locations for supported BigQuery locations.", "type": "string" }, "estimatedUniquenessScore": { "description": "Approximate uniqueness of the column.", "enumDescriptions": [ "Some columns do not have estimated uniqueness. Possible reasons include having too few values.", "Low uniqueness, possibly a boolean, enum or similiarly typed column.", "Medium uniqueness.", "High uniqueness, possibly a column of free text or unique identifiers." ], "enum": [ "UNIQUENESS_SCORE_LEVEL_UNSPECIFIED", "UNIQUENESS_SCORE_LOW", "UNIQUENESS_SCORE_MEDIUM", "UNIQUENESS_SCORE_HIGH" ], "type": "string" }, "otherMatches": { "description": "Other types found within this column. List will be unordered.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2OtherInfoTypeSummary" } }, "profileLastGenerated": { "format": "google-datetime", "type": "string", "description": "The last time the profile was generated." }, "dataRiskLevel": { "description": "The data risk level for this column.", "$ref": "GooglePrivacyDlpV2DataRiskLevel" } } }, "GooglePrivacyDlpV2ReidentifyContentResponse": { "id": "GooglePrivacyDlpV2ReidentifyContentResponse", "type": "object", "properties": { "item": { "description": "The re-identified item.", "$ref": "GooglePrivacyDlpV2ContentItem" }, "overview": { "description": "An overview of the changes that were made to the `item`.", "$ref": "GooglePrivacyDlpV2TransformationOverview" } }, "description": "Results of re-identifying an item." }, "GooglePrivacyDlpV2DiscoveryStartingLocation": { "type": "object", "properties": { "folderId": { "format": "int64", "type": "string", "description": "The ID of the folder within an organization to be scanned." }, "organizationId": { "type": "string", "format": "int64", "description": "The ID of an organization to scan." } }, "id": "GooglePrivacyDlpV2DiscoveryStartingLocation", "description": "The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization." }, "GooglePrivacyDlpV2Finding": { "description": "Represents a piece of potentially sensitive content.", "type": "object", "properties": { "resourceName": { "description": "The job that stored the finding.", "type": "string" }, "createTime": { "format": "google-datetime", "type": "string", "description": "Timestamp when finding was detected." }, "location": { "description": "Where the content was found.", "$ref": "GooglePrivacyDlpV2Location" }, "infoType": { "description": "The type of content that might have been found. Provided if `excluded_types` is false.", "$ref": "GooglePrivacyDlpV2InfoType" }, "triggerName": { "description": "Job trigger name, if applicable, for this finding.", "type": "string" }, "quote": { "description": "The content that was found. Even if the content is not textual, it may be converted to a textual representation here. Provided if `include_quote` is true and the finding is less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes in length, the quote may be omitted.", "type": "string" }, "labels": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The labels associated with this `Finding`. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 10 labels can be associated with a given finding. Examples: * `\"environment\" : \"production\"` * `\"pipeline\" : \"etl\"`" }, "jobCreateTime": { "type": "string", "format": "google-datetime", "description": "Time the job started that produced this finding." }, "findingId": { "description": "The unique finding id.", "type": "string" }, "name": { "description": "Resource name in format projects/{project}/locations/{location}/findings/{finding} Populated only when viewing persisted findings.", "type": "string" }, "likelihood": { "description": "Confidence of how likely it is that the `info_type` is correct.", "enumDescriptions": [ "Default value; same as POSSIBLE.", "Highest chance of a false positive.", "High chance of a false positive.", "Some matching signals. The default value.", "Low chance of a false positive.", "Confidence level is high. Lowest chance of a false positive." ], "enum": [ "LIKELIHOOD_UNSPECIFIED", "VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY" ], "type": "string" }, "quoteInfo": { "description": "Contains data parsed from quotes. Only populated if include_quote was set to true and a supported infoType was requested. Currently supported infoTypes: DATE, DATE_OF_BIRTH and TIME.", "$ref": "GooglePrivacyDlpV2QuoteInfo" }, "jobName": { "description": "The job that stored the finding.", "type": "string" } }, "id": "GooglePrivacyDlpV2Finding" }, "GooglePrivacyDlpV2PathElement": { "type": "object", "properties": { "name": { "description": "The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `\"\"`.", "type": "string" }, "kind": { "description": "The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `\"\"`.", "type": "string" }, "id": { "type": "string", "format": "int64", "description": "The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future." } }, "id": "GooglePrivacyDlpV2PathElement", "description": "A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete." }, "GooglePrivacyDlpV2RequestedDeidentifyOptions": { "id": "GooglePrivacyDlpV2RequestedDeidentifyOptions", "type": "object", "properties": { "snapshotDeidentifyTemplate": { "description": "Snapshot of the state of the `DeidentifyTemplate` from the Deidentify action at the time this job was run.", "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "snapshotStructuredDeidentifyTemplate": { "description": "Snapshot of the state of the structured `DeidentifyTemplate` from the `Deidentify` action at the time this job was run.", "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "snapshotImageRedactTemplate": { "description": "Snapshot of the state of the image transformation `DeidentifyTemplate` from the `Deidentify` action at the time this job was run.", "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } }, "description": "De-identification options." }, "GooglePrivacyDlpV2OutputStorageConfig": { "type": "object", "properties": { "storagePath": { "description": "Store findings in an existing Cloud Storage bucket. Files will be generated with the job ID and file part number as the filename and will contain findings in textproto format as SaveToGcsFindingsOutput. The filename will follow the naming convention `-`. Example: `my-job-id-2`. Supported for Inspect jobs. The bucket must not be the same as the bucket being inspected. If storing findings to Cloud Storage, the output schema field should not be set. If set, it will be ignored.", "$ref": "GooglePrivacyDlpV2CloudStoragePath" }, "outputSchema": { "description": "Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the `Finding` object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage.", "enumDescriptions": [ "Unused.", "Basic schema including only `info_type`, `quote`, `certainty`, and `timestamp`.", "Schema tailored to findings from scanning Cloud Storage.", "Schema tailored to findings from scanning Google Datastore.", "Schema tailored to findings from scanning Google BigQuery.", "Schema containing all columns." ], "enum": [ "OUTPUT_SCHEMA_UNSPECIFIED", "BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS" ], "type": "string" }, "table": { "description": "Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific time zone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the `Finding` object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "id": "GooglePrivacyDlpV2OutputStorageConfig", "description": "Cloud repository for storing output." }, "GooglePrivacyDlpV2PubSubNotification": { "id": "GooglePrivacyDlpV2PubSubNotification", "type": "object", "properties": { "pubsubCondition": { "description": "Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.", "$ref": "GooglePrivacyDlpV2DataProfilePubSubCondition" }, "topic": { "description": "Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.", "type": "string" }, "detailOfMessage": { "enum": [ "DETAIL_LEVEL_UNSPECIFIED", "TABLE_PROFILE", "RESOURCE_NAME", "FILE_STORE_PROFILE" ], "type": "string", "description": "How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).", "enumDescriptions": [ "Unused.", "The full table data profile.", "The name of the profiled resource.", "The full file store data profile." ] }, "event": { "enum": [ "EVENT_TYPE_UNSPECIFIED", "NEW_PROFILE", "CHANGED_PROFILE", "SCORE_INCREASED", "ERROR_CHANGED" ], "type": "string", "description": "The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.", "enumDescriptions": [ "Unused.", "New profile (not a re-profile).", "One of the following profile metrics changed: Data risk score, Sensitivity score, Resource visibility, Encryption type, Predicted infoTypes, Other infoTypes", "Table data risk score or sensitivity score increased.", "A user (non-internal) error occurred." ] } }, "description": "Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`." }, "GooglePrivacyDlpV2KMapEstimationConfig": { "description": "Reidentifiability metric. This corresponds to a risk model similar to what is called \"journalist risk\" in the literature, except the attack dataset is statistically modeled instead of being perfectly known. This can be done using publicly available data (like the US Census), or using a custom statistical model (indicated as one or several BigQuery tables), or by extrapolating from the distribution of values in the input dataset.", "id": "GooglePrivacyDlpV2KMapEstimationConfig", "type": "object", "properties": { "quasiIds": { "description": "Required. Fields considered to be quasi-identifiers. No two columns can have the same tag.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TaggedField" } }, "regionCode": { "description": "ISO 3166-1 alpha-2 region code to use in the statistical modeling. Set if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.", "type": "string" }, "auxiliaryTables": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2AuxiliaryTable" }, "description": "Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers column must appear in exactly one column of one auxiliary table." } } }, "GooglePrivacyDlpV2OtherCloudDiscoveryStartingLocation": { "description": "The other cloud starting location for discovery.", "id": "GooglePrivacyDlpV2OtherCloudDiscoveryStartingLocation", "type": "object", "properties": { "awsLocation": { "description": "The AWS starting location for discovery.", "$ref": "GooglePrivacyDlpV2AwsDiscoveryStartingLocation" } } }, "GooglePrivacyDlpV2VertexDatasetRegexes": { "type": "object", "properties": { "patterns": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2VertexDatasetRegex" }, "description": "Required. The group of regular expression patterns to match against one or more datasets. Maximum of 100 entries. The sum of the lengths of all regular expressions can't exceed 10 KiB." } }, "id": "GooglePrivacyDlpV2VertexDatasetRegexes", "description": "A collection of regular expressions to determine what datasets to match against." }, "GooglePrivacyDlpV2CreateDiscoveryConfigRequest": { "description": "Request message for CreateDiscoveryConfig.", "type": "object", "properties": { "configId": { "description": "The config ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.", "type": "string" }, "discoveryConfig": { "description": "Required. The DiscoveryConfig to create.", "$ref": "GooglePrivacyDlpV2DiscoveryConfig" } }, "id": "GooglePrivacyDlpV2CreateDiscoveryConfigRequest" }, "GooglePrivacyDlpV2DataSourceType": { "description": "Message used to identify the type of resource being profiled.", "id": "GooglePrivacyDlpV2DataSourceType", "type": "object", "properties": { "dataSource": { "description": "A string that identifies the type of resource being profiled. Current values: * google/bigquery/table * google/project * google/sql/table * google/gcs/bucket", "type": "string" } } }, "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest": { "description": "Request message for UpdateStoredInfoType.", "type": "object", "properties": { "config": { "description": "Updated configuration for the storedInfoType. If not provided, a new version of the storedInfoType will be created with the existing configuration.", "$ref": "GooglePrivacyDlpV2StoredInfoTypeConfig" }, "updateMask": { "type": "string", "format": "google-fieldmask", "description": "Mask to control which fields get updated." } }, "id": "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest" }, "GooglePrivacyDlpV2OtherInfoTypeSummary": { "type": "object", "properties": { "infoType": { "description": "The other infoType.", "$ref": "GooglePrivacyDlpV2InfoType" }, "estimatedPrevalence": { "description": "Approximate percentage of non-null rows that contained data detected by this infotype.", "type": "integer", "format": "int32" }, "excludedFromAnalysis": { "description": "Whether this infoType was excluded from sensitivity and risk analysis due to factors such as low prevalence (subject to change).", "type": "boolean" } }, "id": "GooglePrivacyDlpV2OtherInfoTypeSummary", "description": "Infotype details for other infoTypes found within a column." }, "GooglePrivacyDlpV2TransformationDescription": { "type": "object", "properties": { "description": { "description": "A description of the transformation. This is empty for a RECORD_SUPPRESSION, or is the output of calling toString() on the `PrimitiveTransformation` protocol buffer message for any other type of transformation.", "type": "string" }, "condition": { "description": "A human-readable string representation of the `RecordCondition` corresponding to this transformation. Set if a `RecordCondition` was used to determine whether or not to apply this transformation. Examples: * (age_field \u003e 85) * (age_field \u003c= 18) * (zip_field exists) * (zip_field == 01234) && (city_field != \"Springville\") * (zip_field == 01234) && (age_field \u003c= 18) && (city_field exists)", "type": "string" }, "type": { "description": "The transformation type.", "enumDescriptions": [ "Unused", "Record suppression", "Replace value", "Replace value using a dictionary.", "Redact", "Character mask", "FFX-FPE", "Fixed size bucketing", "Bucketing", "Replace with info type", "Time part", "Crypto hash", "Date shift", "Deterministic crypto", "Redact image" ], "type": "string", "enum": [ "TRANSFORMATION_TYPE_UNSPECIFIED", "RECORD_SUPPRESSION", "REPLACE_VALUE", "REPLACE_DICTIONARY", "REDACT", "CHARACTER_MASK", "CRYPTO_REPLACE_FFX_FPE", "FIXED_SIZE_BUCKETING", "BUCKETING", "REPLACE_WITH_INFO_TYPE", "TIME_PART", "CRYPTO_HASH", "DATE_SHIFT", "CRYPTO_DETERMINISTIC_CONFIG", "REDACT_IMAGE" ] }, "infoType": { "description": "Set if the transformation was limited to a specific `InfoType`.", "$ref": "GooglePrivacyDlpV2InfoType" } }, "id": "GooglePrivacyDlpV2TransformationDescription", "description": "A flattened description of a `PrimitiveTransformation` or `RecordSuppression`." }, "GooglePrivacyDlpV2TransformationDetails": { "id": "GooglePrivacyDlpV2TransformationDetails", "type": "object", "properties": { "containerName": { "description": "The top level name of the container where the transformation is located (this will be the source file name or table name).", "type": "string" }, "statusDetails": { "description": "Status of the transformation, if transformation was not successful, this will specify what caused it to fail, otherwise it will show that the transformation was successful.", "$ref": "GooglePrivacyDlpV2TransformationResultStatus" }, "transformationLocation": { "description": "The precise location of the transformed content in the original container.", "$ref": "GooglePrivacyDlpV2TransformationLocation" }, "transformation": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2TransformationDescription" }, "description": "Description of transformation. This would only contain more than one element if there were multiple matching transformations and which one to apply was ambiguous. Not set for states that contain no transformation, currently only state that contains no transformation is TransformationResultStateType.METADATA_UNRETRIEVABLE." }, "resourceName": { "description": "The name of the job that completed the transformation.", "type": "string" }, "transformedBytes": { "description": "The number of bytes that were transformed. If transformation was unsuccessful or did not take place because there was no content to transform, this will be zero.", "format": "int64", "type": "string" } }, "description": "Details about a single transformation. This object contains a description of the transformation, information about whether the transformation was successfully applied, and the precise location where the transformation occurred. These details are stored in a user-specified BigQuery table." }, "GooglePrivacyDlpV2ExclusionRule": { "description": "The rule that specifies conditions when findings of infoTypes specified in `InspectionRuleSet` are removed from results.", "id": "GooglePrivacyDlpV2ExclusionRule", "type": "object", "properties": { "excludeByHotword": { "description": "Drop if the hotword rule is contained in the proximate context. For tabular data, the context includes the column name.", "$ref": "GooglePrivacyDlpV2ExcludeByHotword" }, "dictionary": { "description": "Dictionary which defines the rule.", "$ref": "GooglePrivacyDlpV2Dictionary" }, "excludeInfoTypes": { "description": "Set of infoTypes for which findings would affect this rule.", "$ref": "GooglePrivacyDlpV2ExcludeInfoTypes" }, "excludeByImageFindings": { "description": "Exclude findings based on image containment rules. For example, exclude an image finding if it overlaps with another image finding.", "$ref": "GooglePrivacyDlpV2ExcludeByImageFindings" }, "regex": { "description": "Regular expression which defines the rule.", "$ref": "GooglePrivacyDlpV2Regex" }, "matchingType": { "description": "How the rule is applied, see MatchingType documentation for details.", "enumDescriptions": [ "Invalid.", "Full match. - Dictionary: join of Dictionary results matched the complete finding quote - Regex: all regex matches fill a finding quote from start to end - Exclude infoType: completely inside affecting infoTypes findings", "Partial match. - Dictionary: at least one of the tokens in the finding matches - Regex: substring of the finding matches - Exclude infoType: intersects with affecting infoTypes findings", "Inverse match. - Dictionary: no tokens in the finding match the dictionary - Regex: finding doesn't match the regex - Exclude infoType: no intersection with affecting infoTypes findings", "Rule-specific match. The matching logic is based on the specific rule being used. This is required for rules where the matching behavior is not a simple string comparison (e.g., image containment). This matching type can only be used with the `ExcludeByImageFindings` rule. - Exclude by image findings: The matching logic is defined within `ExcludeByImageFindings` based on spatial relationships between bounding boxes." ], "enum": [ "MATCHING_TYPE_UNSPECIFIED", "MATCHING_TYPE_FULL_MATCH", "MATCHING_TYPE_PARTIAL_MATCH", "MATCHING_TYPE_INVERSE_MATCH", "MATCHING_TYPE_RULE_SPECIFIC" ], "type": "string" } } }, "GooglePrivacyDlpV2AmazonS3BucketRegex": { "description": "Amazon S3 bucket regex.", "type": "object", "properties": { "awsAccountRegex": { "description": "The AWS account regex.", "$ref": "GooglePrivacyDlpV2AwsAccountRegex" }, "bucketNameRegex": { "description": "Optional. Regex to test the bucket name against. If empty, all buckets match.", "type": "string" } }, "id": "GooglePrivacyDlpV2AmazonS3BucketRegex" }, "GooglePrivacyDlpV2Location": { "description": "Specifies the location of the finding.", "id": "GooglePrivacyDlpV2Location", "type": "object", "properties": { "byteRange": { "description": "Zero-based byte offsets delimiting the finding. These are relative to the finding's containing element. Note that when the content is not textual, this references the UTF-8 encoded textual representation of the content. Omitted if content is an image.", "$ref": "GooglePrivacyDlpV2Range" }, "container": { "description": "Information about the container where this finding occurred, if available.", "$ref": "GooglePrivacyDlpV2Container" }, "codepointRange": { "description": "Unicode character offsets delimiting the finding. These are relative to the finding's containing element. Provided when the content is text.", "$ref": "GooglePrivacyDlpV2Range" }, "contentLocations": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ContentLocation" }, "description": "List of nested objects pointing to the precise location of the finding within the file or record." } } }, "GooglePrivacyDlpV2ProjectDataProfile": { "id": "GooglePrivacyDlpV2ProjectDataProfile", "type": "object", "properties": { "profileLastGenerated": { "description": "The last time the profile was generated.", "format": "google-datetime", "type": "string" }, "dataRiskLevel": { "description": "The data risk level of this project.", "$ref": "GooglePrivacyDlpV2DataRiskLevel" }, "profileStatus": { "description": "Success or error status of the last attempt to profile the project.", "$ref": "GooglePrivacyDlpV2ProfileStatus" }, "sensitivityScore": { "description": "The sensitivity score of this project.", "$ref": "GooglePrivacyDlpV2SensitivityScore" }, "name": { "description": "The resource name of the profile.", "type": "string" }, "tableDataProfileCount": { "description": "The number of table data profiles generated for this project.", "type": "string", "format": "int64" }, "projectId": { "description": "Project ID or account that was profiled.", "type": "string" }, "fileStoreDataProfileCount": { "description": "The number of file store data profiles generated for this project.", "format": "int64", "type": "string" } }, "description": "An aggregated profile for this project, based on the resources profiled within it." }, "GooglePrivacyDlpV2Connection": { "id": "GooglePrivacyDlpV2Connection", "type": "object", "properties": { "cloudSql": { "description": "Connect to a Cloud SQL instance.", "$ref": "GooglePrivacyDlpV2CloudSqlProperties" }, "state": { "type": "string", "enum": [ "CONNECTION_STATE_UNSPECIFIED", "MISSING_CREDENTIALS", "AVAILABLE", "ERROR" ], "description": "Required. The connection's state in its lifecycle.", "enumDescriptions": [ "Unused", "The DLP API automatically created this connection during an initial scan, and it is awaiting full configuration by a user.", "A configured connection that has not encountered any errors.", "A configured connection that encountered errors during its last use. It will not be used again until it is set to AVAILABLE. If the resolution requires external action, then the client must send a request to set the status to AVAILABLE when the connection is ready for use. If the resolution doesn't require external action, then any changes to the connection properties will automatically mark it as AVAILABLE." ] }, "name": { "description": "Output only. Name of the connection: `projects/{project}/locations/{location}/connections/{name}`.", "readOnly": true, "type": "string" }, "errors": { "description": "Output only. Set if status == ERROR, to provide additional details. Will store the last 10 errors sorted with the most recent first.", "readOnly": true, "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" } } }, "description": "A data connection to allow the DLP API to profile data in locations that require additional configuration." }, "GooglePrivacyDlpV2ListDlpJobsResponse": { "id": "GooglePrivacyDlpV2ListDlpJobsResponse", "type": "object", "properties": { "jobs": { "description": "A list of DlpJobs that matches the specified filter in the request.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DlpJob" } }, "nextPageToken": { "description": "The standard List next-page token.", "type": "string" } }, "description": "The response message for listing DLP jobs." }, "GooglePrivacyDlpV2FileStoreCollection": { "description": "Match file stores (e.g. buckets) using filters.", "type": "object", "properties": { "includeTags": { "description": "Optional. To be included in the collection, a resource must meet all of the following requirements: - If tag filters are provided, match all provided tag filters. - If one or more patterns are specified, match at least one pattern. For a resource to match the tag filters, the resource must have all of the provided tags attached. Tags refer to Resource Manager tags bound to the resource or its ancestors. For more information, see [Manage schedules](https://cloud.google.com/sensitive-data-protection/docs/profile-project-cloud-storage#manage-schedules).", "$ref": "GooglePrivacyDlpV2TagFilters" }, "includeRegexes": { "description": "Optional. A collection of regular expressions to match a file store against.", "$ref": "GooglePrivacyDlpV2FileStoreRegexes" } }, "id": "GooglePrivacyDlpV2FileStoreCollection" }, "GooglePrivacyDlpV2DiscoveryConfig": { "type": "object", "properties": { "status": { "description": "Required. A status for this configuration.", "enumDescriptions": [ "Unused", "The discovery config is currently active.", "The discovery config is paused temporarily." ], "type": "string", "enum": [ "STATUS_UNSPECIFIED", "RUNNING", "PAUSED" ] }, "updateTime": { "description": "Output only. The last update timestamp of a DiscoveryConfig.", "readOnly": true, "type": "string", "format": "google-datetime" }, "createTime": { "description": "Output only. The creation timestamp of a DiscoveryConfig.", "readOnly": true, "type": "string", "format": "google-datetime" }, "orgConfig": { "description": "Only set when the parent is an org.", "$ref": "GooglePrivacyDlpV2OrgConfig" }, "inspectTemplates": { "type": "array", "items": { "type": "string" }, "description": "Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including \"global\"). Each region is scanned using the applicable template. If no region-specific template is specified, but a \"global\" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency." }, "name": { "description": "Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.", "type": "string" }, "actions": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DataProfileAction" }, "description": "Actions to execute at the completion of scanning." }, "displayName": { "description": "Display name (max 100 chars)", "type": "string" }, "otherCloudStartingLocation": { "description": "Must be set only when scanning other clouds.", "$ref": "GooglePrivacyDlpV2OtherCloudDiscoveryStartingLocation" }, "processingLocation": { "description": "Optional. Processing location configuration. Vertex AI dataset scanning will set processing_location.image_fallback_type to MultiRegionProcessing by default.", "$ref": "GooglePrivacyDlpV2ProcessingLocation" }, "targets": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DiscoveryTarget" }, "description": "Target to match against for determining what to scan and how frequently." }, "errors": { "description": "Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.", "readOnly": true, "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Error" } }, "lastRunTime": { "description": "Output only. The timestamp of the last time this config was executed.", "readOnly": true, "format": "google-datetime", "type": "string" } }, "id": "GooglePrivacyDlpV2DiscoveryConfig", "description": "Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention)." }, "GooglePrivacyDlpV2DiscoveryGenerationCadence": { "description": "What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity.", "id": "GooglePrivacyDlpV2DiscoveryGenerationCadence", "type": "object", "properties": { "refreshFrequency": { "enum": [ "UPDATE_FREQUENCY_UNSPECIFIED", "UPDATE_FREQUENCY_NEVER", "UPDATE_FREQUENCY_DAILY", "UPDATE_FREQUENCY_MONTHLY" ], "type": "string", "description": "Frequency at which profiles should be updated, regardless of whether the underlying resource has changed. Defaults to never.", "enumDescriptions": [ "Unspecified.", "After the data profile is created, it will never be updated.", "The data profile can be updated up to once every 24 hours.", "The data profile can be updated up to once every 30 days. Default." ] }, "schemaModifiedCadence": { "description": "Governs when to update data profiles when a schema is modified.", "$ref": "GooglePrivacyDlpV2DiscoverySchemaModifiedCadence" }, "tableModifiedCadence": { "description": "Governs when to update data profiles when a table is modified.", "$ref": "GooglePrivacyDlpV2DiscoveryTableModifiedCadence" }, "inspectTemplateModifiedCadence": { "description": "Governs when to update data profiles when the inspection rules defined by the `InspectTemplate` change. If not set, changing the template will not cause a data profile to update.", "$ref": "GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence" } } }, "GooglePrivacyDlpV2TimePartConfig": { "description": "For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a portion of the value.", "type": "object", "properties": { "partToExtract": { "description": "The part of the time to keep.", "enumDescriptions": [ "Unused", "[0-9999]", "[1-12]", "[1-31]", "[1-7]", "[1-53]", "[0-23]" ], "enum": [ "TIME_PART_UNSPECIFIED", "YEAR", "MONTH", "DAY_OF_MONTH", "DAY_OF_WEEK", "WEEK_OF_YEAR", "HOUR_OF_DAY" ], "type": "string" } }, "id": "GooglePrivacyDlpV2TimePartConfig" }, "GooglePrivacyDlpV2AllInfoTypes": { "id": "GooglePrivacyDlpV2AllInfoTypes", "type": "object", "properties": {}, "description": "Apply transformation to all findings." }, "GooglePrivacyDlpV2LDiversityConfig": { "description": "l-diversity metric, used for analysis of reidentification risk.", "type": "object", "properties": { "quasiIds": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" }, "description": "Set of quasi-identifiers indicating how equivalence classes are defined for the l-diversity computation. When multiple fields are specified, they are considered a single composite key." }, "sensitiveAttribute": { "description": "Sensitive field for computing the l-value.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2LDiversityConfig" }, "GooglePrivacyDlpV2FixedSizeBucketingConfig": { "id": "GooglePrivacyDlpV2FixedSizeBucketingConfig", "type": "object", "properties": { "upperBound": { "description": "Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value \"89+\".", "$ref": "GooglePrivacyDlpV2Value" }, "bucketSize": { "description": "Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.", "format": "double", "type": "number" }, "lowerBound": { "description": "Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value \"-10\".", "$ref": "GooglePrivacyDlpV2Value" } }, "description": "Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more." }, "GooglePrivacyDlpV2CloudSqlProperties": { "description": "Cloud SQL connection properties.", "id": "GooglePrivacyDlpV2CloudSqlProperties", "type": "object", "properties": { "connectionName": { "description": "Optional. Immutable. The Cloud SQL instance for which the connection is defined. Only one connection per instance is allowed. This can only be set at creation time, and cannot be updated. It is an error to use a connection_name from different project or region than the one that holds the connection. For example, a Connection resource for Cloud SQL connection_name `project-id:us-central1:sql-instance` must be created under the parent `projects/project-id/locations/us-central1`", "type": "string" }, "usernamePassword": { "description": "A username and password stored in Secret Manager.", "$ref": "GooglePrivacyDlpV2SecretManagerCredential" }, "cloudSqlIam": { "description": "Built-in IAM authentication (must be configured in Cloud SQL).", "$ref": "GooglePrivacyDlpV2CloudSqlIamCredential" }, "databaseEngine": { "description": "Required. The database engine used by the Cloud SQL instance that this connection configures.", "enumDescriptions": [ "An engine that is not currently supported by Sensitive Data Protection.", "Cloud SQL for MySQL instance.", "Cloud SQL for PostgreSQL instance." ], "enum": [ "DATABASE_ENGINE_UNKNOWN", "DATABASE_ENGINE_MYSQL", "DATABASE_ENGINE_POSTGRES" ], "type": "string" }, "maxConnections": { "format": "int32", "type": "integer", "description": "Required. The DLP API will limit its connections to max_connections. Must be 2 or greater." } } }, "GooglePrivacyDlpV2DatabaseResourceReference": { "type": "object", "properties": { "databaseResource": { "description": "Required. Name of a database resource, for example, a table within the database.", "type": "string" }, "projectId": { "description": "Required. If within a project-level config, then this must match the config's project ID.", "type": "string" }, "instance": { "description": "Required. The instance where this resource is located. For example: Cloud SQL instance ID.", "type": "string" }, "database": { "description": "Required. Name of a database within the instance.", "type": "string" } }, "id": "GooglePrivacyDlpV2DatabaseResourceReference", "description": "Identifies a single database resource, like a table within a database." }, "GooglePrivacyDlpV2Value": { "type": "object", "properties": { "timeValue": { "description": "time of day", "$ref": "GoogleTypeTimeOfDay" }, "floatValue": { "description": "float", "format": "double", "type": "number" }, "stringValue": { "description": "string", "type": "string" }, "booleanValue": { "description": "boolean", "type": "boolean" }, "integerValue": { "description": "integer", "format": "int64", "type": "string" }, "dayOfWeekValue": { "description": "day of week", "enumDescriptions": [ "The day of the week is unspecified.", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" ], "enum": [ "DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY" ], "type": "string" }, "timestampValue": { "format": "google-datetime", "type": "string", "description": "timestamp" }, "dateValue": { "description": "date", "$ref": "GoogleTypeDate" } }, "id": "GooglePrivacyDlpV2Value", "description": "Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data." }, "GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog": { "description": "Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag templates are applied to the resource that Cloud DLP scanned. Data Catalog tag templates are stored in the same project and region where the BigQuery table exists. For Cloud DLP to create and apply the tag template, the Cloud DLP service agent must have the `roles/datacatalog.tagTemplateOwner` permission on the project. The tag template contains fields summarizing the results of the DlpJob. Any field values previously written by another DlpJob are deleted. InfoType naming patterns are strictly enforced when using this feature. Findings are persisted in Data Catalog storage and are governed by service-specific policies for Data Catalog. For more information, see [Service Specific Terms](https://cloud.google.com/terms/service-terms). Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog" }, "GooglePrivacyDlpV2UnwrappedCryptoKey": { "description": "Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.", "id": "GooglePrivacyDlpV2UnwrappedCryptoKey", "type": "object", "properties": { "key": { "type": "string", "format": "byte", "description": "Required. A 128/192/256 bit key." } } }, "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse": { "type": "object", "properties": { "deidentifyTemplates": { "description": "List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } }, "nextPageToken": { "description": "If the next page is available then the next page token to be used in the following ListDeidentifyTemplates request.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse", "description": "Response message for ListDeidentifyTemplates." }, "GooglePrivacyDlpV2Encloses": { "description": "Defines a condition where one bounding box encloses another.", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2Encloses" }, "GooglePrivacyDlpV2Action": { "description": "A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more.", "type": "object", "properties": { "publishFindingsToCloudDataCatalog": { "description": "Deprecated because Data Catalog is being turned down. Use publish_findings_to_dataplex_catalog to publish findings to Dataplex Universal Catalog.", "deprecated": true, "$ref": "GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog" }, "saveFindings": { "description": "Save resulting findings in a provided location.", "$ref": "GooglePrivacyDlpV2SaveFindings" }, "deidentify": { "description": "Create a de-identified copy of the input data.", "$ref": "GooglePrivacyDlpV2Deidentify" }, "jobNotificationEmails": { "description": "Sends an email when the job completes. The email goes to IAM project owners and technical [Essential Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts).", "$ref": "GooglePrivacyDlpV2JobNotificationEmails" }, "publishToStackdriver": { "description": "Enable Stackdriver metric dlp.googleapis.com/finding_count.", "$ref": "GooglePrivacyDlpV2PublishToStackdriver" }, "pubSub": { "description": "Publish a notification to a Pub/Sub topic.", "$ref": "GooglePrivacyDlpV2PublishToPubSub" }, "publishFindingsToDataplexCatalog": { "description": "Publish findings as an aspect to Dataplex Universal Catalog.", "$ref": "GooglePrivacyDlpV2PublishFindingsToDataplexCatalog" }, "publishSummaryToCscc": { "description": "Publish summary to Cloud Security Command Center (Alpha).", "$ref": "GooglePrivacyDlpV2PublishSummaryToCscc" } }, "id": "GooglePrivacyDlpV2Action" }, "GooglePrivacyDlpV2GlobalProcessing": { "id": "GooglePrivacyDlpV2GlobalProcessing", "type": "object", "properties": {}, "description": "Processing occurs in the global region." }, "GooglePrivacyDlpV2OtherCloudResourceRegex": { "id": "GooglePrivacyDlpV2OtherCloudResourceRegex", "type": "object", "properties": { "amazonS3BucketRegex": { "description": "Regex for Amazon S3 buckets.", "$ref": "GooglePrivacyDlpV2AmazonS3BucketRegex" } }, "description": "A pattern to match against one or more resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub." }, "GooglePrivacyDlpV2StoredInfoTypeStats": { "type": "object", "properties": { "largeCustomDictionary": { "description": "StoredInfoType where findings are defined by a dictionary of phrases.", "$ref": "GooglePrivacyDlpV2LargeCustomDictionaryStats" } }, "id": "GooglePrivacyDlpV2StoredInfoTypeStats", "description": "Statistics for a StoredInfoType." }, "GooglePrivacyDlpV2KeyValueMetadataLabel": { "description": "The metadata key that contains a finding.", "id": "GooglePrivacyDlpV2KeyValueMetadataLabel", "type": "object", "properties": { "key": { "description": "The metadata key. The format depends on the source of the metadata. Example: - `MSIP_Label_122709e3-8f6b-4860-985f-7f722a94f61e_Enabled` (a Microsoft Purview Information Protection key example)", "type": "string" } } }, "GooglePrivacyDlpV2KindExpression": { "description": "A representation of a Datastore kind.", "type": "object", "properties": { "name": { "description": "The name of the kind.", "type": "string" } }, "id": "GooglePrivacyDlpV2KindExpression" }, "GooglePrivacyDlpV2BigQueryField": { "id": "GooglePrivacyDlpV2BigQueryField", "type": "object", "properties": { "field": { "description": "Designated field in the BigQuery table.", "$ref": "GooglePrivacyDlpV2FieldId" }, "table": { "description": "Source table of the field.", "$ref": "GooglePrivacyDlpV2BigQueryTable" } }, "description": "Message defining a field of a BigQuery table." }, "GooglePrivacyDlpV2Expressions": { "type": "object", "properties": { "conditions": { "description": "Conditions to apply to the expression.", "$ref": "GooglePrivacyDlpV2Conditions" }, "logicalOperator": { "type": "string", "enum": [ "LOGICAL_OPERATOR_UNSPECIFIED", "AND" ], "description": "The operator to apply to the result of conditions. Default and currently only supported value is `AND`.", "enumDescriptions": [ "Unused", "Conditional AND" ] } }, "id": "GooglePrivacyDlpV2Expressions", "description": "An expression, consisting of an operator and conditions." }, "GooglePrivacyDlpV2LDiversityEquivalenceClass": { "description": "The set of columns' values that share the same ldiversity value.", "type": "object", "properties": { "equivalenceClassSize": { "description": "Size of the k-anonymity equivalence class.", "type": "string", "format": "int64" }, "numDistinctSensitiveValues": { "type": "string", "format": "int64", "description": "Number of distinct sensitive values in this equivalence class." }, "quasiIdsValues": { "description": "Quasi-identifier values defining the k-anonymity equivalence class. The order is always the same as the original request.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Value" } }, "topSensitiveValues": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2ValueFrequency" }, "description": "Estimated frequencies of top sensitive values." } }, "id": "GooglePrivacyDlpV2LDiversityEquivalenceClass" }, "GooglePrivacyDlpV2DataProfileFinding": { "description": "Details about a piece of potentially sensitive information that was detected when the data resource was profiled.", "type": "object", "properties": { "quote": { "description": "The content that was found. Even if the content is not textual, it may be converted to a textual representation here. If the finding exceeds 4096 bytes in length, the quote may be omitted.", "type": "string" }, "fullResourceName": { "description": "The [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name) of the resource profiled for this finding.", "type": "string" }, "quoteInfo": { "description": "Contains data parsed from quotes. Currently supported infoTypes: DATE, DATE_OF_BIRTH, and TIME.", "$ref": "GooglePrivacyDlpV2QuoteInfo" }, "dataProfileResourceName": { "description": "Resource name of the data profile associated with the finding.", "type": "string" }, "location": { "description": "Where the content was found.", "$ref": "GooglePrivacyDlpV2DataProfileFindingLocation" }, "infotype": { "description": "The [type of content](https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference) that might have been found.", "$ref": "GooglePrivacyDlpV2InfoType" }, "timestamp": { "type": "string", "format": "google-datetime", "description": "Timestamp when the finding was detected." }, "findingId": { "description": "A unique identifier for the finding.", "type": "string" }, "dataSourceType": { "description": "The type of the resource that was profiled.", "$ref": "GooglePrivacyDlpV2DataSourceType" }, "resourceVisibility": { "enum": [ "RESOURCE_VISIBILITY_UNSPECIFIED", "RESOURCE_VISIBILITY_PUBLIC", "RESOURCE_VISIBILITY_INCONCLUSIVE", "RESOURCE_VISIBILITY_RESTRICTED" ], "type": "string", "description": "How broadly a resource has been shared.", "enumDescriptions": [ "Unused.", "Visible to any user.", "May contain public items. For example, if a Cloud Storage bucket has uniform bucket level access disabled, some objects inside it may be public, but none are known yet.", "Visible only to specific users." ] } }, "id": "GooglePrivacyDlpV2DataProfileFinding" }, "GooglePrivacyDlpV2Bucket": { "type": "object", "properties": { "min": { "description": "Lower bound of the range, inclusive. Type should be the same as max if used.", "$ref": "GooglePrivacyDlpV2Value" }, "replacementValue": { "description": "Required. Replacement value for this bucket.", "$ref": "GooglePrivacyDlpV2Value" }, "max": { "description": "Upper bound of the range, exclusive; type must match min.", "$ref": "GooglePrivacyDlpV2Value" } }, "id": "GooglePrivacyDlpV2Bucket", "description": "Bucket is represented as a range, along with replacement values." }, "GooglePrivacyDlpV2OtherCloudSingleResourceReference": { "id": "GooglePrivacyDlpV2OtherCloudSingleResourceReference", "type": "object", "properties": { "amazonS3Bucket": { "description": "Amazon S3 bucket.", "$ref": "GooglePrivacyDlpV2AmazonS3Bucket" } }, "description": "Identifies a single resource, like a single Amazon S3 bucket." }, "GooglePrivacyDlpV2ListConnectionsResponse": { "type": "object", "properties": { "connections": { "description": "List of connections.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2Connection" } }, "nextPageToken": { "description": "Token to retrieve the next page of results. An empty value means there are no more results.", "type": "string" } }, "id": "GooglePrivacyDlpV2ListConnectionsResponse", "description": "Response message for ListConnections." }, "GooglePrivacyDlpV2DataProfileFindingRecordLocation": { "description": "Location of a finding within a resource that produces a table data profile.", "type": "object", "properties": { "field": { "description": "Field ID of the column containing the finding.", "$ref": "GooglePrivacyDlpV2FieldId" } }, "id": "GooglePrivacyDlpV2DataProfileFindingRecordLocation" }, "GooglePrivacyDlpV2AmazonS3Bucket": { "description": "Amazon S3 bucket.", "type": "object", "properties": { "bucketName": { "description": "Required. The bucket name.", "type": "string" }, "awsAccount": { "description": "The AWS account.", "$ref": "GooglePrivacyDlpV2AwsAccount" } }, "id": "GooglePrivacyDlpV2AmazonS3Bucket" }, "GooglePrivacyDlpV2ReplaceWithInfoTypeConfig": { "description": "Replace each matching finding with the name of the info_type.", "id": "GooglePrivacyDlpV2ReplaceWithInfoTypeConfig", "type": "object", "properties": {} }, "GooglePrivacyDlpV2TableOptions": { "type": "object", "properties": { "identifyingFields": { "description": "The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided.", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" } } }, "id": "GooglePrivacyDlpV2TableOptions", "description": "Instructions regarding the table content being inspected." }, "GooglePrivacyDlpV2CreateConnectionRequest": { "description": "Request message for CreateConnection.", "id": "GooglePrivacyDlpV2CreateConnectionRequest", "type": "object", "properties": { "connection": { "description": "Required. The connection resource.", "$ref": "GooglePrivacyDlpV2Connection" } } }, "GoogleProtobufEmpty": { "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }", "type": "object", "properties": {}, "id": "GoogleProtobufEmpty" }, "GooglePrivacyDlpV2ValueFrequency": { "id": "GooglePrivacyDlpV2ValueFrequency", "type": "object", "properties": { "value": { "description": "A value contained in the field in question.", "$ref": "GooglePrivacyDlpV2Value" }, "count": { "description": "How many times the value is contained in the field.", "format": "int64", "type": "string" } }, "description": "A value of a field, including its frequency." }, "GooglePrivacyDlpV2OtherCloudResourceRegexes": { "id": "GooglePrivacyDlpV2OtherCloudResourceRegexes", "type": "object", "properties": { "patterns": { "type": "array", "items": { "$ref": "GooglePrivacyDlpV2OtherCloudResourceRegex" }, "description": "A group of regular expression patterns to match against one or more resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB." } }, "description": "A collection of regular expressions to determine what resources to match against." }, "GooglePrivacyDlpV2FieldTransformation": { "description": "The transformation to apply to the field.", "id": "GooglePrivacyDlpV2FieldTransformation", "type": "object", "properties": { "primitiveTransformation": { "description": "Apply the transformation to the entire field.", "$ref": "GooglePrivacyDlpV2PrimitiveTransformation" }, "infoTypeTransformations": { "description": "Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.", "$ref": "GooglePrivacyDlpV2InfoTypeTransformations" }, "fields": { "description": "Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".", "type": "array", "items": { "$ref": "GooglePrivacyDlpV2FieldId" } }, "condition": { "description": "Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.", "$ref": "GooglePrivacyDlpV2RecordCondition" } } }, "GooglePrivacyDlpV2AllText": { "description": "Apply to all text.", "type": "object", "properties": {}, "id": "GooglePrivacyDlpV2AllText" }, "GooglePrivacyDlpV2RequestedRiskAnalysisOptions": { "description": "Risk analysis options.", "id": "GooglePrivacyDlpV2RequestedRiskAnalysisOptions", "type": "object", "properties": { "jobConfig": { "description": "The job config for the risk job.", "$ref": "GooglePrivacyDlpV2RiskAnalysisJobConfig" } } } }, "icons": { "x16": "http://www.google.com/images/icons/product/search-16.gif", "x32": "http://www.google.com/images/icons/product/search-32.gif" }, "baseUrl": "https://dlp.googleapis.com/", "endpoints": [ { "description": "Regional Endpoint", "endpointUrl": "https://dlp.africa-south1.rep.googleapis.com/", "location": "africa-south1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-east1.rep.googleapis.com/", "location": "asia-east1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-east2.rep.googleapis.com/", "location": "asia-east2" }, { "endpointUrl": "https://dlp.asia-northeast1.rep.googleapis.com/", "location": "asia-northeast1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-northeast2.rep.googleapis.com/", "location": "asia-northeast2" }, { "endpointUrl": "https://dlp.asia-northeast3.rep.googleapis.com/", "location": "asia-northeast3", "description": "Regional Endpoint" }, { "endpointUrl": "https://dlp.asia-south1.rep.googleapis.com/", "location": "asia-south1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-south2.rep.googleapis.com/", "location": "asia-south2" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-southeast1.rep.googleapis.com/", "location": "asia-southeast1" }, { "endpointUrl": "https://dlp.asia-southeast2.rep.googleapis.com/", "location": "asia-southeast2", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.asia-southeast3.rep.googleapis.com/", "location": "asia-southeast3" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.australia-southeast1.rep.googleapis.com/", "location": "australia-southeast1" }, { "endpointUrl": "https://dlp.australia-southeast2.rep.googleapis.com/", "location": "australia-southeast2", "description": "Regional Endpoint" }, { "endpointUrl": "https://dlp.europe-central2.rep.googleapis.com/", "location": "europe-central2", "description": "Regional Endpoint" }, { "endpointUrl": "https://dlp.europe-north1.rep.googleapis.com/", "location": "europe-north1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-north2.rep.googleapis.com/", "location": "europe-north2" }, { "endpointUrl": "https://dlp.europe-southwest1.rep.googleapis.com/", "location": "europe-southwest1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west1.rep.googleapis.com/", "location": "europe-west1" }, { "endpointUrl": "https://dlp.europe-west10.rep.googleapis.com/", "location": "europe-west10", "description": "Regional Endpoint" }, { "endpointUrl": "https://dlp.europe-west12.rep.googleapis.com/", "location": "europe-west12", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west2.rep.googleapis.com/", "location": "europe-west2" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west3.rep.googleapis.com/", "location": "europe-west3" }, { "endpointUrl": "https://dlp.europe-west4.rep.googleapis.com/", "location": "europe-west4", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west6.rep.googleapis.com/", "location": "europe-west6" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west8.rep.googleapis.com/", "location": "europe-west8" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.europe-west9.rep.googleapis.com/", "location": "europe-west9" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.me-central1.rep.googleapis.com/", "location": "me-central1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.me-central2.rep.googleapis.com/", "location": "me-central2" }, { "endpointUrl": "https://dlp.me-west1.rep.googleapis.com/", "location": "me-west1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.northamerica-northeast1.rep.googleapis.com/", "location": "northamerica-northeast1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.northamerica-northeast2.rep.googleapis.com/", "location": "northamerica-northeast2" }, { "endpointUrl": "https://dlp.northamerica-south1.rep.googleapis.com/", "location": "northamerica-south1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.southamerica-east1.rep.googleapis.com/", "location": "southamerica-east1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.southamerica-west1.rep.googleapis.com/", "location": "southamerica-west1" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-central1.rep.googleapis.com/", "location": "us-central1" }, { "endpointUrl": "https://dlp.us-central2.rep.googleapis.com/", "location": "us-central2", "description": "Regional Endpoint" }, { "endpointUrl": "https://dlp.us-east1.rep.googleapis.com/", "location": "us-east1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-east4.rep.googleapis.com/", "location": "us-east4" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-east5.rep.googleapis.com/", "location": "us-east5" }, { "endpointUrl": "https://dlp.us-south1.rep.googleapis.com/", "location": "us-south1", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-west1.rep.googleapis.com/", "location": "us-west1" }, { "endpointUrl": "https://dlp.us-west2.rep.googleapis.com/", "location": "us-west2", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-west3.rep.googleapis.com/", "location": "us-west3" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-west4.rep.googleapis.com/", "location": "us-west4" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us-west8.rep.googleapis.com/", "location": "us-west8" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.us.rep.googleapis.com/", "location": "us" }, { "endpointUrl": "https://dlp.eu.rep.googleapis.com/", "location": "eu", "description": "Regional Endpoint" }, { "description": "Regional Endpoint", "endpointUrl": "https://dlp.in.rep.googleapis.com/", "location": "in" } ], "resources": { "projects": { "resources": { "locations": { "resources": { "content": { "methods": { "inspect": { "id": "dlp.projects.locations.content.inspect", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2InspectContentRequest" }, "httpMethod": "POST", "path": "v2/{+parent}/content:inspect", "description": "Finds potentially sensitive info in content. This method has limits on input size, processing time, and output size. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. For how to guides, see https://cloud.google.com/sensitive-data-protection/docs/inspecting-images and https://cloud.google.com/sensitive-data-protection/docs/inspecting-text,", "response": { "$ref": "GooglePrivacyDlpV2InspectContentResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/content:inspect", "parameterOrder": [ "parent" ] }, "deidentify": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/content:deidentify", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyContentResponse" }, "parameters": { "parent": { "required": true, "type": "string", "location": "path", "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2DeidentifyContentRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.content.deidentify", "path": "v2/{+parent}/content:deidentify", "description": "De-identifies potentially sensitive info from a ContentItem. This method has limits on input size and output size. See https://cloud.google.com/sensitive-data-protection/docs/deidentify-sensitive-data to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.", "httpMethod": "POST" }, "reidentify": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/content:reidentify", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ReidentifyContentResponse" }, "path": "v2/{+parent}/content:reidentify", "description": "Re-identifies content that has been de-identified. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization#re-identification_in_free_text_code_example to learn more.", "httpMethod": "POST", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2ReidentifyContentRequest" }, "id": "dlp.projects.locations.content.reidentify", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } } }, "dlpJobs": { "methods": { "cancel": { "httpMethod": "POST", "path": "v2/{+name}:cancel", "description": "Starts asynchronous cancellation on a long-running DlpJob. The server makes a best effort to cancel the DlpJob, but success is not guaranteed. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.dlpJobs.cancel", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. The name of the DlpJob resource to be cancelled.", "pattern": "^projects/[^/]+/locations/[^/]+/dlpJobs/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CancelDlpJobRequest" }, "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs/{dlpJobsId}:cancel", "parameterOrder": [ "name" ] }, "list": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.dlpJobs.list", "parameters": { "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "The standard list page size." }, "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect jobs: - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - `trigger_name` - The name of the trigger that created the job. - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * Supported fields for risk analysis jobs: - `state` - RUNNING|CANCELED|FINISHED|FAILED - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * The operator must be `=` or `!=`. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND state = done * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = done OR state = canceled) * end_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "pageToken": { "location": "query", "type": "string", "description": "The standard list page token." }, "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, end_time asc, create_time desc` Supported fields are: - `create_time`: corresponds to the time the job was created. - `end_time`: corresponds to the time the job ended. - `name`: corresponds to the job's name. - `state`: corresponds to `state`" }, "type": { "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ], "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "type": "string", "description": "The type of job. Defaults to `DlpJobType.INSPECT`" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string", "location": "query" } }, "httpMethod": "GET", "path": "v2/{+parent}/dlpJobs", "description": "Lists DlpJobs that match the specified filter in the request. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "response": { "$ref": "GooglePrivacyDlpV2ListDlpJobsResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs", "parameterOrder": [ "parent" ] }, "create": { "httpMethod": "POST", "path": "v2/{+parent}/dlpJobs", "description": "Creates a new job to inspect storage or calculate risk metrics. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more. When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.dlpJobs.create", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDlpJobRequest" }, "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs", "parameterOrder": [ "parent" ] }, "get": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs/{dlpJobsId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "parameters": { "name": { "description": "Required. The name of the DlpJob resource.", "pattern": "^projects/[^/]+/locations/[^/]+/dlpJobs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "id": "dlp.projects.locations.dlpJobs.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Gets the latest state of a long-running DlpJob. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "httpMethod": "GET" }, "delete": { "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a long-running DlpJob. This method indicates that the client is no longer interested in the DlpJob result. The job will be canceled if possible. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.dlpJobs.delete", "parameters": { "name": { "description": "Required. The name of the DlpJob resource to be deleted.", "pattern": "^projects/[^/]+/locations/[^/]+/dlpJobs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs/{dlpJobsId}", "parameterOrder": [ "name" ] }, "finish": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs/{dlpJobsId}:finish", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "path": "v2/{+name}:finish", "description": "Finish a running hybrid DlpJob. Triggers the finalization steps and running of any enabled actions that have not yet run.", "httpMethod": "POST", "parameters": { "name": { "description": "Required. The name of the DlpJob resource to be finished.", "pattern": "^projects/[^/]+/locations/[^/]+/dlpJobs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2FinishDlpJobRequest" }, "id": "dlp.projects.locations.dlpJobs.finish", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "hybridInspect": { "parameters": { "name": { "description": "Required. Resource name of the job to execute a hybrid inspect on, for example `projects/dlp-test-project/dlpJob/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/dlpJobs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2HybridInspectDlpJobRequest" }, "id": "dlp.projects.locations.dlpJobs.hybridInspect", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}:hybridInspect", "description": "Inspect hybrid content and store findings to a job. To review the findings, inspect the job. Inspection will occur asynchronously.", "httpMethod": "POST", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/dlpJobs/{dlpJobsId}:hybridInspect", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2HybridInspectResponse" } } } }, "storedInfoTypes": { "methods": { "delete": { "path": "v2/{+name}", "description": "Deletes a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "DELETE", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of the organization and storedInfoType to be deleted, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342." } }, "id": "dlp.projects.locations.storedInfoTypes.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } }, "create": { "path": "v2/{+parent}/storedInfoTypes", "description": "Creates a pre-built stored infoType to be used for inspection. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateStoredInfoTypeRequest" }, "id": "dlp.projects.locations.storedInfoTypes.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" } }, "get": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "parameters": { "name": { "description": "Required. Resource name of the organization and storedInfoType to be read, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^projects/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$", "required": true, "location": "path", "type": "string" } }, "id": "dlp.projects.locations.storedInfoTypes.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Gets a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET" }, "patch": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of organization and storedInfoType to be updated, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest" }, "id": "dlp.projects.locations.storedInfoTypes.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Updates the stored infoType by creating a new version. The existing version will continue to be used until the new version is ready. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "PATCH" }, "list": { "parameters": { "orderBy": { "type": "string", "location": "query", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, display_name, create_time desc` Supported fields are: - `create_time`: corresponds to the time the most recent version of the resource was created. - `state`: corresponds to the state of the resource. - `name`: corresponds to resource name. - `display_name`: corresponds to info type's display name." }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "type": "integer", "location": "query", "format": "int32" }, "parent": { "required": true, "type": "string", "location": "path", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$" }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval. Comes from the previous call to `ListStoredInfoTypes`." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.storedInfoTypes.list", "path": "v2/{+parent}/storedInfoTypes", "description": "Lists stored infoTypes. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListStoredInfoTypesResponse" } } } }, "deidentifyTemplates": { "methods": { "delete": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "type": "string", "location": "path", "required": true } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.deidentifyTemplates.delete", "path": "v2/{+name}", "description": "Deletes a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "DELETE" }, "create": { "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$", "required": true, "type": "string", "location": "path" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest" }, "id": "dlp.projects.locations.deidentifyTemplates.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/deidentifyTemplates", "description": "Creates a DeidentifyTemplate for reusing frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "POST", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } }, "get": { "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "id": "dlp.projects.locations.deidentifyTemplates.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "type": "string", "location": "path", "required": true } } }, "patch": { "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "id": "dlp.projects.locations.deidentifyTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342." } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest" }, "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more." }, "list": { "id": "dlp.projects.locations.deidentifyTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100." }, "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to `ListDeidentifyTemplates`.", "location": "query", "type": "string" }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name.", "location": "query", "type": "string" }, "locationId": { "description": "Deprecated. This field has no effect.", "location": "query", "type": "string" } }, "httpMethod": "GET", "path": "v2/{+parent}/deidentifyTemplates", "description": "Lists DeidentifyTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "response": { "$ref": "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ] } } }, "inspectTemplates": { "methods": { "list": { "path": "v2/{+parent}/inspectTemplates", "description": "Lists InspectTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "GET", "parameters": { "locationId": { "description": "Deprecated. This field has no effect.", "location": "query", "type": "string" }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name.", "location": "query", "type": "string" }, "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to `ListInspectTemplates`.", "location": "query", "type": "string" }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" } }, "id": "dlp.projects.locations.inspectTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/inspectTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListInspectTemplatesResponse" } }, "patch": { "id": "dlp.projects.locations.inspectTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of organization and inspectTemplate to be updated, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateInspectTemplateRequest" }, "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ] }, "create": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.inspectTemplates.create", "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateInspectTemplateRequest" }, "httpMethod": "POST", "path": "v2/{+parent}/inspectTemplates", "description": "Creates an InspectTemplate for reusing frequently used configuration for inspecting content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/inspectTemplates", "parameterOrder": [ "parent" ] }, "get": { "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.projects.locations.inspectTemplates.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of the organization and inspectTemplate to be read, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "location": "path", "type": "string", "required": true } } }, "delete": { "path": "v2/{+name}", "description": "Deletes an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "DELETE", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of the organization and inspectTemplate to be deleted, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.inspectTemplates.delete", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } } } }, "columnDataProfiles": { "methods": { "list": { "parameters": { "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `table_id` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `dataset_id`: The ID of a BigQuery dataset. - `table_id`: The ID of a BigQuery table. - `sensitivity_level`: How sensitive the data in a column is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds.", "type": "string", "location": "query" }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "pattern": "^projects/[^/]+/locations/[^/]+$" }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval." }, "filter": { "type": "string", "location": "query", "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `table_data_profile_name`: The name of the related table data profile - `project_id`: The Google Cloud project ID (REQUIRED) - `dataset_id`: The BigQuery dataset ID (REQUIRED) - `table_id`: The BigQuery table ID (REQUIRED) - `field_id`: The ID of the BigQuery field - `info_type`: The infotype detected in the resource - `sensitivity_level`: HIGH|MEDIUM|LOW - `data_risk_level`: How much risk is associated with this data - `status_code`: An RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` for project_id, dataset_id, and table_id. Other filters also support `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * project_id = 12345 AND status_code = 1 * project_id = 12345 AND sensitivity_level = HIGH * project_id = 12345 AND info_type = STREET_ADDRESS * profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\" The length of this field should be no more than 500 characters." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.columnDataProfiles.list", "path": "v2/{+parent}/columnDataProfiles", "description": "Lists column data profiles for an organization.", "httpMethod": "GET", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/columnDataProfiles", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListColumnDataProfilesResponse" } }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.columnDataProfiles.get", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name, for example `organizations/12345/locations/us/columnDataProfiles/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/columnDataProfiles/[^/]+$" } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a column data profile.", "response": { "$ref": "GooglePrivacyDlpV2ColumnDataProfile" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/columnDataProfiles/{columnDataProfilesId}", "parameterOrder": [ "name" ] } } }, "discoveryConfigs": { "methods": { "patch": { "path": "v2/{+name}", "description": "Updates a discovery configuration.", "httpMethod": "PATCH", "parameters": { "name": { "description": "Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDiscoveryConfigRequest" }, "id": "dlp.projects.locations.discoveryConfigs.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" } }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListDiscoveryConfigsResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/discoveryConfigs", "parameterOrder": [ "parent" ], "id": "dlp.projects.locations.discoveryConfigs.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Size of the page. This value can be limited by a server." }, "orderBy": { "description": "Comma-separated list of config fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `last_run_time`: corresponds to the last time the DiscoveryConfig ran. - `name`: corresponds to the DiscoveryConfig's name. - `status`: corresponds to DiscoveryConfig's status.", "type": "string", "location": "query" }, "parent": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value is as follows: `projects/{project_id}/locations/{location_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval. Comes from the previous call to ListDiscoveryConfigs. `order_by` field must not change for subsequent calls." } }, "httpMethod": "GET", "path": "v2/{+parent}/discoveryConfigs", "description": "Lists discovery configurations." }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a discovery configuration.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.discoveryConfigs.delete", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the project and the config, for example `projects/dlp-test-project/discoveryConfigs/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$" } } }, "create": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/discoveryConfigs", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "path": "v2/{+parent}/discoveryConfigs", "description": "Creates a config for discovery to scan and profile storage.", "httpMethod": "POST", "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization): + Projects scope: `projects/{project_id}/locations/{location_id}` + Organizations scope: `organizations/{org_id}/locations/{location_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDiscoveryConfigRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.discoveryConfigs.create" }, "get": { "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a discovery configuration.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.discoveryConfigs.get", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$", "description": "Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`." } }, "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ] } } }, "image": { "methods": { "redact": { "path": "v2/{+parent}/image:redact", "description": "Redacts potentially sensitive info from an image. This method has limits on input size, processing time, and output size. See https://cloud.google.com/sensitive-data-protection/docs/redacting-sensitive-data-images to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. Only the first frame of each multiframe image is redacted. Metadata and other frames are omitted in the response.", "httpMethod": "POST", "parameters": { "parent": { "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2RedactImageRequest" }, "id": "dlp.projects.locations.image.redact", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/image:redact", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2RedactImageResponse" } } } }, "projectDataProfiles": { "methods": { "list": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/projectDataProfiles", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListProjectDataProfilesResponse" }, "path": "v2/{+parent}/projectDataProfiles", "description": "Lists project data profiles for an organization.", "httpMethod": "GET", "parameters": { "parent": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. organizations/{org_id}/locations/{loc_id}" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval." }, "filter": { "location": "query", "type": "string", "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: the Google Cloud project ID - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100.", "type": "integer", "location": "query", "format": "int32" }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id` * `sensitivity_level desc` Supported fields: - `project_id`: Google Cloud project ID - `sensitivity_level`: How sensitive the data in a project is, at most - `data_risk_level`: How much risk is associated with this data - `profile_last_generated`: Date and time (in epoch seconds) the profile was last generated", "type": "string", "location": "query" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.projectDataProfiles.list" }, "get": { "path": "v2/{+name}", "description": "Gets a project data profile.", "httpMethod": "GET", "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name, for example `organizations/12345/locations/us/projectDataProfiles/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/projectDataProfiles/[^/]+$" } }, "id": "dlp.projects.locations.projectDataProfiles.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/projectDataProfiles/{projectDataProfilesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2ProjectDataProfile" } } } }, "jobTriggers": { "methods": { "create": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+/locations/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateJobTriggerRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.jobTriggers.create", "path": "v2/{+parent}/jobTriggers", "description": "Creates a job trigger to run DLP actions such as scanning storage for sensitive information on a set schedule. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "httpMethod": "POST" }, "get": { "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "id": "dlp.projects.locations.jobTriggers.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/jobTriggers/[^/]+$" } }, "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ] }, "activate": { "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}:activate", "parameterOrder": [ "name" ], "httpMethod": "POST", "path": "v2/{+name}:activate", "description": "Activate a job trigger. Causes the immediate execute of a trigger instead of waiting on the trigger event to occur.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.jobTriggers.activate", "parameters": { "name": { "description": "Required. Resource name of the trigger to activate, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2ActivateJobTriggerRequest" } }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "id": "dlp.projects.locations.jobTriggers.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`." } } }, "hybridInspect": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}:hybridInspect", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2HybridInspectResponse" }, "path": "v2/{+name}:hybridInspect", "description": "Inspect hybrid content and store findings to a trigger. The inspection will be processed asynchronously. To review the findings monitor the jobs within the trigger.", "httpMethod": "POST", "parameters": { "name": { "description": "Required. Resource name of the trigger to execute a hybrid inspect on, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2HybridInspectJobTriggerRequest" }, "id": "dlp.projects.locations.jobTriggers.hybridInspect", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListJobTriggersResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers", "parameterOrder": [ "parent" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.jobTriggers.list", "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to ListJobTriggers. `order_by` field must not change for subsequent calls.", "location": "query", "type": "string" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect triggers: - `status` - HEALTHY|PAUSED|CANCELLED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - 'last_run_time` - RFC 3339 formatted timestamp, surrounded by quotation marks. Nanoseconds are ignored. - 'error_count' - Number of errors that have occurred while running. * The operator must be `=` or `!=` for status and inspected_storage. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND status = HEALTHY * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY) * last_run_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by a server." }, "type": { "description": "The type of jobs. Will use `DlpJobType.INSPECT` if not set.", "type": "string", "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ] }, "locationId": { "location": "query", "type": "string", "description": "Deprecated. This field has no effect." }, "orderBy": { "description": "Comma-separated list of triggeredJob fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the JobTrigger was created. - `update_time`: corresponds to the time the JobTrigger was last updated. - `last_run_time`: corresponds to the last time the JobTrigger ran. - `name`: corresponds to the JobTrigger's name. - `display_name`: corresponds to the JobTrigger's display name. - `status`: corresponds to JobTrigger's status.", "type": "string", "location": "query" } }, "httpMethod": "GET", "path": "v2/{+parent}/jobTriggers", "description": "Lists job triggers. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more." }, "patch": { "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.jobTriggers.patch", "parameters": { "name": { "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateJobTriggerRequest" } } } }, "infoTypes": { "methods": { "list": { "response": { "$ref": "GooglePrivacyDlpV2ListInfoTypesResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/infoTypes", "parameterOrder": [ "parent" ], "id": "dlp.projects.locations.infoTypes.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "languageCode": { "type": "string", "location": "query", "description": "BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned." }, "parent": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "The parent resource name. The format of this value is as follows: `locations/{location_id}`" }, "filter": { "description": "filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT.", "location": "query", "type": "string" }, "locationId": { "location": "query", "type": "string", "description": "Deprecated. This field has no effect." } }, "httpMethod": "GET", "path": "v2/{+parent}/infoTypes", "description": "Returns a list of the sensitive information types that the DLP API supports. See https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference to learn more." } } }, "fileStoreDataProfiles": { "methods": { "delete": { "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the file store data profile.", "pattern": "^projects/[^/]+/locations/[^/]+/fileStoreDataProfiles/[^/]+$" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.fileStoreDataProfiles.delete", "path": "v2/{+name}", "description": "Delete a FileStoreDataProfile. Will not prevent the profile from being regenerated if the resource is still included in a discovery configuration.", "httpMethod": "DELETE", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/fileStoreDataProfiles/{fileStoreDataProfilesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } }, "get": { "response": { "$ref": "GooglePrivacyDlpV2FileStoreDataProfile" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/fileStoreDataProfiles/{fileStoreDataProfilesId}", "parameterOrder": [ "name" ], "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a file store data profile.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.fileStoreDataProfiles.get", "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/fileStoreDataProfiles/[^/]+$", "description": "Required. Resource name, for example `organizations/12345/locations/us/fileStoreDataProfiles/53234423`." } } }, "list": { "parameters": { "orderBy": { "description": "Optional. Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `name` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `sensitivity_level`: How sensitive the data in a table is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds. - `last_modified`: The last time the resource was modified. - `resource_visibility`: Visibility restriction for this resource. - `name`: The name of the profile. - `create_time`: The time the file store was first created.", "location": "query", "type": "string" }, "pageSize": { "description": "Optional. Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "pattern": "^projects/[^/]+/locations/[^/]+$" }, "pageToken": { "description": "Optional. Page token to continue retrieval.", "location": "query", "type": "string" }, "filter": { "description": "Optional. Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: The Google Cloud project ID - `account_id`: The AWS account ID - `file_store_path`: The path like \"gs://bucket\" - `data_source_type`: The profile's data source type, like \"google/storage/bucket\" - `data_storage_location`: The location where the file store's data is stored, like \"us-central1\" - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `resource_visibility`: PUBLIC|RESTRICTED - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `project_id = 12345 AND resource_visibility = PUBLIC` * `file_store_path = \"gs://mybucket\"` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters.", "type": "string", "location": "query" } }, "id": "dlp.projects.locations.fileStoreDataProfiles.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/fileStoreDataProfiles", "description": "Lists file store data profiles for an organization.", "httpMethod": "GET", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/fileStoreDataProfiles", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListFileStoreDataProfilesResponse" } } } }, "connections": { "methods": { "search": { "response": { "$ref": "GooglePrivacyDlpV2SearchConnectionsResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections:search", "parameterOrder": [ "parent" ], "httpMethod": "GET", "path": "v2/{+parent}/connections:search", "description": "Searches for Connections in a parent.", "id": "dlp.projects.locations.connections.search", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization or project with a wildcard location, for example, `organizations/433245324/locations/-` or `projects/project-id/locations/-`.", "pattern": "^projects/[^/]+/locations/[^/]+$" }, "pageToken": { "description": "Optional. Page token from a previous page to return the next set of results. If set, all other request fields must match the original request.", "type": "string", "location": "query" }, "filter": { "location": "query", "type": "string", "description": "Optional. Supported field/value: - `state` - MISSING|AVAILABLE|ERROR The syntax is based on https://google.aip.dev/160." }, "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Optional. Number of results per page, max 1000." } } }, "delete": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.connections.delete", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the Connection to be deleted, in the format: `projects/{project}/locations/{location}/connections/{connection}`.", "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$" } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Delete a Connection.", "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ] }, "create": { "httpMethod": "POST", "path": "v2/{+parent}/connections", "description": "Create a Connection to an external data source.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.connections.create", "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization): + Projects scope: `projects/{project_id}/locations/{location_id}` + Organizations scope: `organizations/{org_id}/locations/{location_id}`", "pattern": "^projects/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateConnectionRequest" }, "response": { "$ref": "GooglePrivacyDlpV2Connection" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections", "parameterOrder": [ "parent" ] }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.connections.get", "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$", "description": "Required. Resource name in the format: `projects/{project}/locations/{location}/connections/{connection}`." } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Get a Connection by name.", "response": { "$ref": "GooglePrivacyDlpV2Connection" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ] }, "patch": { "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$", "description": "Required. Resource name in the format: `projects/{project}/locations/{location}/connections/{connection}`." } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateConnectionRequest" }, "id": "dlp.projects.locations.connections.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Update a Connection.", "httpMethod": "PATCH", "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2Connection" } }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListConnectionsResponse" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/connections", "parameterOrder": [ "parent" ], "id": "dlp.projects.locations.connections.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Resource name of the organization or project, for example, `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "type": "string", "location": "path", "required": true }, "pageToken": { "description": "Optional. Page token from a previous page to return the next set of results. If set, all other request fields must match the original request.", "type": "string", "location": "query" }, "filter": { "description": "Optional. Supported field/value: `state` - MISSING|AVAILABLE|ERROR The syntax is based on https://google.aip.dev/160.", "location": "query", "type": "string" }, "pageSize": { "description": "Optional. Number of results per page, max 1000.", "location": "query", "format": "int32", "type": "integer" } }, "httpMethod": "GET", "path": "v2/{+parent}/connections", "description": "Lists Connections in a parent. Use SearchConnections to see all connections within an organization." } } }, "tableDataProfiles": { "methods": { "list": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/tableDataProfiles", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListTableDataProfilesResponse" }, "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "location": "path", "type": "string", "required": true }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval." }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: The Google Cloud project ID - `dataset_id`: The BigQuery dataset ID - `table_id`: The ID of the BigQuery table - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `resource_visibility`: PUBLIC|RESTRICTED - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `project_id = 12345 AND resource_visibility = PUBLIC` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters.", "location": "query", "type": "string" }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100." }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `table_id` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `dataset_id`: The ID of a BigQuery dataset. - `table_id`: The ID of a BigQuery table. - `sensitivity_level`: How sensitive the data in a table is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds. - `last_modified`: The last time the resource was modified. - `resource_visibility`: Visibility restriction for this resource. - `row_count`: Number of rows in this resource.", "location": "query", "type": "string" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.tableDataProfiles.list", "path": "v2/{+parent}/tableDataProfiles", "description": "Lists table data profiles for an organization.", "httpMethod": "GET" }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.tableDataProfiles.get", "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/tableDataProfiles/[^/]+$", "description": "Required. Resource name, for example `organizations/12345/locations/us/tableDataProfiles/53234423`.", "location": "path", "type": "string", "required": true } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a table data profile.", "response": { "$ref": "GooglePrivacyDlpV2TableDataProfile" }, "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/tableDataProfiles/{tableDataProfilesId}", "parameterOrder": [ "name" ] }, "delete": { "flatPath": "v2/projects/{projectsId}/locations/{locationsId}/tableDataProfiles/{tableDataProfilesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "path": "v2/{+name}", "description": "Delete a TableDataProfile. Will not prevent the profile from being regenerated if the table is still included in a discovery configuration.", "httpMethod": "DELETE", "parameters": { "name": { "description": "Required. Resource name of the table data profile.", "pattern": "^projects/[^/]+/locations/[^/]+/tableDataProfiles/[^/]+$", "required": true, "location": "path", "type": "string" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.locations.tableDataProfiles.delete" } } } } }, "deidentifyTemplates": { "methods": { "list": { "path": "v2/{+parent}/deidentifyTemplates", "description": "Lists DeidentifyTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "GET", "parameters": { "locationId": { "description": "Deprecated. This field has no effect.", "location": "query", "type": "string" }, "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name." }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval. Comes from the previous call to `ListDeidentifyTemplates`." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" } }, "id": "dlp.projects.deidentifyTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse" } }, "patch": { "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "id": "dlp.projects.deidentifyTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "pattern": "^projects/[^/]+/deidentifyTemplates/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest" }, "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "flatPath": "v2/projects/{projectsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ] }, "create": { "path": "v2/{+parent}/deidentifyTemplates", "description": "Creates a DeidentifyTemplate for reusing frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "POST", "parameters": { "parent": { "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest" }, "id": "dlp.projects.deidentifyTemplates.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } }, "get": { "flatPath": "v2/projects/{projectsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "path": "v2/{+name}", "description": "Gets a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "GET", "parameters": { "name": { "pattern": "^projects/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "location": "path", "type": "string", "required": true } }, "id": "dlp.projects.deidentifyTemplates.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.deidentifyTemplates.delete", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342." } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more." } } }, "image": { "methods": { "redact": { "id": "dlp.projects.image.redact", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "required": true, "type": "string", "location": "path", "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2RedactImageRequest" }, "httpMethod": "POST", "path": "v2/{+parent}/image:redact", "description": "Redacts potentially sensitive info from an image. This method has limits on input size, processing time, and output size. See https://cloud.google.com/sensitive-data-protection/docs/redacting-sensitive-data-images to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. Only the first frame of each multiframe image is redacted. Metadata and other frames are omitted in the response.", "response": { "$ref": "GooglePrivacyDlpV2RedactImageResponse" }, "flatPath": "v2/projects/{projectsId}/image:redact", "parameterOrder": [ "parent" ] } } }, "storedInfoTypes": { "methods": { "patch": { "flatPath": "v2/projects/{projectsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "path": "v2/{+name}", "description": "Updates the stored infoType by creating a new version. The existing version will continue to be used until the new version is ready. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "PATCH", "parameters": { "name": { "description": "Required. Resource name of organization and storedInfoType to be updated, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^projects/[^/]+/storedInfoTypes/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.storedInfoTypes.patch" }, "list": { "flatPath": "v2/projects/{projectsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListStoredInfoTypesResponse" }, "path": "v2/{+parent}/storedInfoTypes", "description": "Lists stored infoTypes. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET", "parameters": { "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100." }, "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$", "required": true, "type": "string", "location": "path" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval. Comes from the previous call to `ListStoredInfoTypes`." }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, display_name, create_time desc` Supported fields are: - `create_time`: corresponds to the time the most recent version of the resource was created. - `state`: corresponds to the state of the resource. - `name`: corresponds to resource name. - `display_name`: corresponds to info type's display name.", "type": "string", "location": "query" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string", "location": "query" } }, "id": "dlp.projects.storedInfoTypes.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "delete": { "flatPath": "v2/projects/{projectsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "parameters": { "name": { "pattern": "^projects/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of the organization and storedInfoType to be deleted, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "type": "string", "location": "path", "required": true } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.storedInfoTypes.delete", "path": "v2/{+name}", "description": "Deletes a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "DELETE" }, "create": { "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateStoredInfoTypeRequest" }, "id": "dlp.projects.storedInfoTypes.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/storedInfoTypes", "description": "Creates a pre-built stored infoType to be used for inspection. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "POST", "flatPath": "v2/projects/{projectsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" } }, "get": { "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "flatPath": "v2/projects/{projectsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "id": "dlp.projects.storedInfoTypes.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "description": "Required. Resource name of the organization and storedInfoType to be read, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^projects/[^/]+/storedInfoTypes/[^/]+$", "required": true, "type": "string", "location": "path" } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more." } } }, "content": { "methods": { "inspect": { "httpMethod": "POST", "path": "v2/{+parent}/content:inspect", "description": "Finds potentially sensitive info in content. This method has limits on input size, processing time, and output size. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. For how to guides, see https://cloud.google.com/sensitive-data-protection/docs/inspecting-images and https://cloud.google.com/sensitive-data-protection/docs/inspecting-text,", "id": "dlp.projects.content.inspect", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2InspectContentRequest" }, "response": { "$ref": "GooglePrivacyDlpV2InspectContentResponse" }, "flatPath": "v2/projects/{projectsId}/content:inspect", "parameterOrder": [ "parent" ] }, "deidentify": { "response": { "$ref": "GooglePrivacyDlpV2DeidentifyContentResponse" }, "flatPath": "v2/projects/{projectsId}/content:deidentify", "parameterOrder": [ "parent" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.content.deidentify", "parameters": { "parent": { "description": "Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$", "required": true, "type": "string", "location": "path" } }, "request": { "$ref": "GooglePrivacyDlpV2DeidentifyContentRequest" }, "httpMethod": "POST", "path": "v2/{+parent}/content:deidentify", "description": "De-identifies potentially sensitive info from a ContentItem. This method has limits on input size and output size. See https://cloud.google.com/sensitive-data-protection/docs/deidentify-sensitive-data to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated." }, "reidentify": { "flatPath": "v2/projects/{projectsId}/content:reidentify", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ReidentifyContentResponse" }, "parameters": { "parent": { "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2ReidentifyContentRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.content.reidentify", "path": "v2/{+parent}/content:reidentify", "description": "Re-identifies content that has been de-identified. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization#re-identification_in_free_text_code_example to learn more.", "httpMethod": "POST" } } }, "inspectTemplates": { "methods": { "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.projects.inspectTemplates.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of the organization and inspectTemplate to be deleted, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "location": "path", "type": "string", "required": true } } }, "create": { "path": "v2/{+parent}/inspectTemplates", "description": "Creates an InspectTemplate for reusing frequently used configuration for inspecting content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "POST", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateInspectTemplateRequest" }, "id": "dlp.projects.inspectTemplates.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/projects/{projectsId}/inspectTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" } }, "get": { "flatPath": "v2/projects/{projectsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization and inspectTemplate to be read, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "pattern": "^projects/[^/]+/inspectTemplates/[^/]+$" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.inspectTemplates.get", "path": "v2/{+name}", "description": "Gets an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "GET" }, "patch": { "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.projects.inspectTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of organization and inspectTemplate to be updated, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateInspectTemplateRequest" }, "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/projects/{projectsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ] }, "list": { "parameters": { "parent": { "required": true, "type": "string", "location": "path", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$" }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval. Comes from the previous call to `ListInspectTemplates`." }, "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100." }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string", "location": "query" }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name.", "type": "string", "location": "query" } }, "id": "dlp.projects.inspectTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/inspectTemplates", "description": "Lists InspectTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "GET", "flatPath": "v2/projects/{projectsId}/inspectTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListInspectTemplatesResponse" } } } }, "jobTriggers": { "methods": { "create": { "flatPath": "v2/projects/{projectsId}/jobTriggers", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateJobTriggerRequest" }, "id": "dlp.projects.jobTriggers.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/jobTriggers", "description": "Creates a job trigger to run DLP actions such as scanning storage for sensitive information on a set schedule. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "httpMethod": "POST" }, "get": { "flatPath": "v2/projects/{projectsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/jobTriggers/[^/]+$", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.jobTriggers.get", "path": "v2/{+name}", "description": "Gets a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "httpMethod": "GET" }, "activate": { "flatPath": "v2/projects/{projectsId}/jobTriggers/{jobTriggersId}:activate", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the trigger to activate, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/jobTriggers/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2ActivateJobTriggerRequest" }, "id": "dlp.projects.jobTriggers.activate", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}:activate", "description": "Activate a job trigger. Causes the immediate execute of a trigger instead of waiting on the trigger event to occur.", "httpMethod": "POST" }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "id": "dlp.projects.jobTriggers.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^projects/[^/]+/jobTriggers/[^/]+$" } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more." }, "list": { "flatPath": "v2/projects/{projectsId}/jobTriggers", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListJobTriggersResponse" }, "path": "v2/{+parent}/jobTriggers", "description": "Lists job triggers. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "httpMethod": "GET", "parameters": { "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." }, "type": { "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ], "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "type": "string", "description": "The type of jobs. Will use `DlpJobType.INSPECT` if not set." }, "orderBy": { "description": "Comma-separated list of triggeredJob fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the JobTrigger was created. - `update_time`: corresponds to the time the JobTrigger was last updated. - `last_run_time`: corresponds to the last time the JobTrigger ran. - `name`: corresponds to the JobTrigger's name. - `display_name`: corresponds to the JobTrigger's display name. - `status`: corresponds to JobTrigger's status.", "location": "query", "type": "string" }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^projects/[^/]+$" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to ListJobTriggers. `order_by` field must not change for subsequent calls.", "location": "query", "type": "string" }, "filter": { "location": "query", "type": "string", "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect triggers: - `status` - HEALTHY|PAUSED|CANCELLED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - 'last_run_time` - RFC 3339 formatted timestamp, surrounded by quotation marks. Nanoseconds are ignored. - 'error_count' - Number of errors that have occurred while running. * The operator must be `=` or `!=` for status and inspected_storage. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND status = HEALTHY * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY) * last_run_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters." }, "pageSize": { "description": "Size of the page. This value can be limited by a server.", "type": "integer", "location": "query", "format": "int32" } }, "id": "dlp.projects.jobTriggers.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "patch": { "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "flatPath": "v2/projects/{projectsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "id": "dlp.projects.jobTriggers.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^projects/[^/]+/jobTriggers/[^/]+$", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateJobTriggerRequest" } } } }, "dlpJobs": { "methods": { "cancel": { "parameters": { "name": { "description": "Required. The name of the DlpJob resource to be cancelled.", "pattern": "^projects/[^/]+/dlpJobs/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2CancelDlpJobRequest" }, "id": "dlp.projects.dlpJobs.cancel", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}:cancel", "description": "Starts asynchronous cancellation on a long-running DlpJob. The server makes a best effort to cancel the DlpJob, but success is not guaranteed. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "httpMethod": "POST", "flatPath": "v2/projects/{projectsId}/dlpJobs/{dlpJobsId}:cancel", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } }, "list": { "httpMethod": "GET", "path": "v2/{+parent}/dlpJobs", "description": "Lists DlpJobs that match the specified filter in the request. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.dlpJobs.list", "parameters": { "orderBy": { "type": "string", "location": "query", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, end_time asc, create_time desc` Supported fields are: - `create_time`: corresponds to the time the job was created. - `end_time`: corresponds to the time the job ended. - `name`: corresponds to the job's name. - `state`: corresponds to `state`" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string", "location": "query" }, "type": { "type": "string", "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ], "description": "The type of job. Defaults to `DlpJobType.INSPECT`" }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "The standard list page size." }, "parent": { "location": "path", "type": "string", "required": true, "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect jobs: - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - `trigger_name` - The name of the trigger that created the job. - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * Supported fields for risk analysis jobs: - `state` - RUNNING|CANCELED|FINISHED|FAILED - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * The operator must be `=` or `!=`. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND state = done * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = done OR state = canceled) * end_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "pageToken": { "description": "The standard list page token.", "type": "string", "location": "query" } }, "response": { "$ref": "GooglePrivacyDlpV2ListDlpJobsResponse" }, "flatPath": "v2/projects/{projectsId}/dlpJobs", "parameterOrder": [ "parent" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/projects/{projectsId}/dlpJobs/{dlpJobsId}", "parameterOrder": [ "name" ], "id": "dlp.projects.dlpJobs.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "description": "Required. The name of the DlpJob resource to be deleted.", "pattern": "^projects/[^/]+/dlpJobs/[^/]+$", "required": true, "type": "string", "location": "path" } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a long-running DlpJob. This method indicates that the client is no longer interested in the DlpJob result. The job will be canceled if possible. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more." }, "create": { "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "flatPath": "v2/projects/{projectsId}/dlpJobs", "parameterOrder": [ "parent" ], "httpMethod": "POST", "path": "v2/{+parent}/dlpJobs", "description": "Creates a new job to inspect storage or calculate risk metrics. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more. When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.dlpJobs.create", "parameters": { "parent": { "pattern": "^projects/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDlpJobRequest" } }, "get": { "response": { "$ref": "GooglePrivacyDlpV2DlpJob" }, "flatPath": "v2/projects/{projectsId}/dlpJobs/{dlpJobsId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.projects.dlpJobs.get", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^projects/[^/]+/dlpJobs/[^/]+$", "description": "Required. The name of the DlpJob resource." } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets the latest state of a long-running DlpJob. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more." } } } } }, "infoTypes": { "methods": { "list": { "httpMethod": "GET", "path": "v2/infoTypes", "description": "Returns a list of the sensitive information types that the DLP API supports. See https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference to learn more.", "id": "dlp.infoTypes.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "languageCode": { "description": "BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned.", "type": "string", "location": "query" }, "parent": { "location": "query", "type": "string", "description": "The parent resource name. The format of this value is as follows: `locations/{location_id}`" }, "filter": { "type": "string", "location": "query", "description": "filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT." }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." } }, "response": { "$ref": "GooglePrivacyDlpV2ListInfoTypesResponse" }, "flatPath": "v2/infoTypes", "parameterOrder": [] } } }, "locations": { "resources": { "infoTypes": { "methods": { "list": { "flatPath": "v2/locations/{locationsId}/infoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListInfoTypesResponse" }, "path": "v2/{+parent}/infoTypes", "description": "Returns a list of the sensitive information types that the DLP API supports. See https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference to learn more.", "httpMethod": "GET", "parameters": { "languageCode": { "type": "string", "location": "query", "description": "BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned." }, "parent": { "pattern": "^locations/[^/]+$", "description": "The parent resource name. The format of this value is as follows: `locations/{location_id}`", "location": "path", "type": "string", "required": true }, "filter": { "description": "filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT.", "type": "string", "location": "query" }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.locations.infoTypes.list" } } } } }, "organizations": { "resources": { "locations": { "resources": { "jobTriggers": { "methods": { "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.jobTriggers.delete", "parameters": { "name": { "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "pattern": "^organizations/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "required": true, "type": "string", "location": "path" } } }, "create": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/jobTriggers", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "path": "v2/{+parent}/jobTriggers", "description": "Creates a job trigger to run DLP actions such as scanning storage for sensitive information on a set schedule. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more.", "httpMethod": "POST", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateJobTriggerRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.jobTriggers.create" }, "get": { "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.jobTriggers.get", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "type": "string", "location": "path", "required": true } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more." }, "patch": { "response": { "$ref": "GooglePrivacyDlpV2JobTrigger" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/jobTriggers/{jobTriggersId}", "parameterOrder": [ "name" ], "id": "dlp.organizations.locations.jobTriggers.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/jobTriggers/[^/]+$", "description": "Required. Resource name of the project and the triggeredJob, for example `projects/dlp-test-project/jobTriggers/53234423`.", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateJobTriggerRequest" }, "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates a job trigger. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more." }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListJobTriggersResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/jobTriggers", "parameterOrder": [ "parent" ], "id": "dlp.organizations.locations.jobTriggers.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "pageSize": { "description": "Size of the page. This value can be limited by a server.", "type": "integer", "location": "query", "format": "int32" }, "parent": { "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "type": "string", "location": "path" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to ListJobTriggers. `order_by` field must not change for subsequent calls.", "location": "query", "type": "string" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect triggers: - `status` - HEALTHY|PAUSED|CANCELLED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - 'last_run_time` - RFC 3339 formatted timestamp, surrounded by quotation marks. Nanoseconds are ignored. - 'error_count' - Number of errors that have occurred while running. * The operator must be `=` or `!=` for status and inspected_storage. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND status = HEALTHY * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY) * last_run_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "orderBy": { "description": "Comma-separated list of triggeredJob fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the JobTrigger was created. - `update_time`: corresponds to the time the JobTrigger was last updated. - `last_run_time`: corresponds to the last time the JobTrigger ran. - `name`: corresponds to the JobTrigger's name. - `display_name`: corresponds to the JobTrigger's display name. - `status`: corresponds to JobTrigger's status.", "location": "query", "type": "string" }, "type": { "description": "The type of jobs. Will use `DlpJobType.INSPECT` if not set.", "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ], "type": "string", "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ] }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." } }, "httpMethod": "GET", "path": "v2/{+parent}/jobTriggers", "description": "Lists job triggers. See https://cloud.google.com/sensitive-data-protection/docs/creating-job-triggers to learn more." } } }, "dlpJobs": { "methods": { "list": { "id": "dlp.organizations.locations.dlpJobs.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "The standard list page size." }, "parent": { "description": "Required. Parent resource name. The format of this value varies depending on whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields/values for inspect jobs: - `state` - PENDING|RUNNING|CANCELED|FINISHED|FAILED - `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY - `trigger_name` - The name of the trigger that created the job. - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * Supported fields for risk analysis jobs: - `state` - RUNNING|CANCELED|FINISHED|FAILED - 'end_time` - Corresponds to the time the job finished. - 'start_time` - Corresponds to the time the job finished. * The operator must be `=` or `!=`. The syntax is based on https://google.aip.dev/160. Examples: * inspected_storage = cloud_storage AND state = done * inspected_storage = cloud_storage OR inspected_storage = bigquery * inspected_storage = cloud_storage AND (state = done OR state = canceled) * end_time \u003e \\\"2017-12-12T00:00:00+00:00\\\" The length of this field should be no more than 500 characters.", "location": "query", "type": "string" }, "pageToken": { "type": "string", "location": "query", "description": "The standard list page token." }, "orderBy": { "type": "string", "location": "query", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, end_time asc, create_time desc` Supported fields are: - `create_time`: corresponds to the time the job was created. - `end_time`: corresponds to the time the job ended. - `name`: corresponds to the job's name. - `state`: corresponds to `state`" }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." }, "type": { "description": "The type of job. Defaults to `DlpJobType.INSPECT`", "enumDescriptions": [ "Defaults to INSPECT_JOB.", "The job inspected Google Cloud for sensitive data.", "The job executed a Risk Analysis computation." ], "location": "query", "enum": [ "DLP_JOB_TYPE_UNSPECIFIED", "INSPECT_JOB", "RISK_ANALYSIS_JOB" ], "type": "string" } }, "httpMethod": "GET", "path": "v2/{+parent}/dlpJobs", "description": "Lists DlpJobs that match the specified filter in the request. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-storage and https://cloud.google.com/sensitive-data-protection/docs/compute-risk-analysis to learn more.", "response": { "$ref": "GooglePrivacyDlpV2ListDlpJobsResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/dlpJobs", "parameterOrder": [ "parent" ] } } }, "storedInfoTypes": { "methods": { "delete": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.storedInfoTypes.delete", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization and storedInfoType to be deleted, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$" } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ] }, "create": { "path": "v2/{+parent}/storedInfoTypes", "description": "Creates a pre-built stored infoType to be used for inspection. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "POST", "parameters": { "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateStoredInfoTypeRequest" }, "id": "dlp.organizations.locations.storedInfoTypes.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" } }, "get": { "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of the organization and storedInfoType to be read, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "type": "string", "location": "path", "required": true } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.storedInfoTypes.get", "path": "v2/{+name}", "description": "Gets a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" } }, "patch": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.storedInfoTypes.patch", "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name of organization and storedInfoType to be updated, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/storedInfoTypes/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest" }, "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the stored infoType by creating a new version. The existing version will continue to be used until the new version is ready. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ] }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListStoredInfoTypesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.storedInfoTypes.list", "parameters": { "locationId": { "location": "query", "type": "string", "description": "Deprecated. This field has no effect." }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, display_name, create_time desc` Supported fields are: - `create_time`: corresponds to the time the most recent version of the resource was created. - `state`: corresponds to the state of the resource. - `name`: corresponds to resource name. - `display_name`: corresponds to info type's display name.", "type": "string", "location": "query" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval. Comes from the previous call to `ListStoredInfoTypes`." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" } }, "httpMethod": "GET", "path": "v2/{+parent}/storedInfoTypes", "description": "Lists stored infoTypes. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more." } } }, "deidentifyTemplates": { "methods": { "list": { "response": { "$ref": "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "id": "dlp.organizations.locations.deidentifyTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval. Comes from the previous call to `ListDeidentifyTemplates`." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "type": "integer", "location": "query", "format": "int32" }, "locationId": { "location": "query", "type": "string", "description": "Deprecated. This field has no effect." }, "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name." } }, "httpMethod": "GET", "path": "v2/{+parent}/deidentifyTemplates", "description": "Lists DeidentifyTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more." }, "patch": { "path": "v2/{+name}", "description": "Updates the DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "PATCH", "parameters": { "name": { "description": "Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "required": true, "type": "string", "location": "path" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.deidentifyTemplates.patch", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" } }, "create": { "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "httpMethod": "POST", "path": "v2/{+parent}/deidentifyTemplates", "description": "Creates a DeidentifyTemplate for reusing frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "id": "dlp.organizations.locations.deidentifyTemplates.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest" } }, "get": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "path": "v2/{+name}", "description": "Gets a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "GET", "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342." } }, "id": "dlp.organizations.locations.deidentifyTemplates.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "id": "dlp.organizations.locations.deidentifyTemplates.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342." } } } } }, "inspectTemplates": { "methods": { "list": { "response": { "$ref": "GooglePrivacyDlpV2ListInspectTemplatesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/inspectTemplates", "parameterOrder": [ "parent" ], "httpMethod": "GET", "path": "v2/{+parent}/inspectTemplates", "description": "Lists InspectTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.organizations.locations.inspectTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "location": "path", "type": "string" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to `ListInspectTemplates`.", "type": "string", "location": "query" }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" }, "locationId": { "description": "Deprecated. This field has no effect.", "type": "string", "location": "query" }, "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name." } } }, "patch": { "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.organizations.locations.inspectTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "description": "Required. Resource name of organization and inspectTemplate to be updated, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$", "required": true, "type": "string", "location": "path" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateInspectTemplateRequest" }, "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ] }, "create": { "parameters": { "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateInspectTemplateRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.inspectTemplates.create", "path": "v2/{+parent}/inspectTemplates", "description": "Creates an InspectTemplate for reusing frequently used configuration for inspecting content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "POST", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/inspectTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" } }, "get": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "parameters": { "name": { "description": "Required. Resource name of the organization and inspectTemplate to be read, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$", "required": true, "type": "string", "location": "path" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.inspectTemplates.get", "path": "v2/{+name}", "description": "Gets an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "GET" }, "delete": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" }, "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name of the organization and inspectTemplate to be deleted, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "pattern": "^organizations/[^/]+/locations/[^/]+/inspectTemplates/[^/]+$" } }, "id": "dlp.organizations.locations.inspectTemplates.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Deletes an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "DELETE" } } }, "infoTypes": { "methods": { "list": { "parameters": { "languageCode": { "description": "BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned.", "type": "string", "location": "query" }, "parent": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "The parent resource name. The format of this value is as follows: `locations/{location_id}`" }, "filter": { "location": "query", "type": "string", "description": "filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT." }, "locationId": { "description": "Deprecated. This field has no effect.", "location": "query", "type": "string" } }, "id": "dlp.organizations.locations.infoTypes.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/infoTypes", "description": "Returns a list of the sensitive information types that the DLP API supports. See https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference to learn more.", "httpMethod": "GET", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/infoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListInfoTypesResponse" } } } }, "columnDataProfiles": { "methods": { "list": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.columnDataProfiles.list", "parameters": { "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `table_id` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `dataset_id`: The ID of a BigQuery dataset. - `table_id`: The ID of a BigQuery table. - `sensitivity_level`: How sensitive the data in a column is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100.", "type": "integer", "location": "query", "format": "int32" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "type": "string", "location": "path", "required": true }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval." }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `table_data_profile_name`: The name of the related table data profile - `project_id`: The Google Cloud project ID (REQUIRED) - `dataset_id`: The BigQuery dataset ID (REQUIRED) - `table_id`: The BigQuery table ID (REQUIRED) - `field_id`: The ID of the BigQuery field - `info_type`: The infotype detected in the resource - `sensitivity_level`: HIGH|MEDIUM|LOW - `data_risk_level`: How much risk is associated with this data - `status_code`: An RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` for project_id, dataset_id, and table_id. Other filters also support `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * project_id = 12345 AND status_code = 1 * project_id = 12345 AND sensitivity_level = HIGH * project_id = 12345 AND info_type = STREET_ADDRESS * profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\" The length of this field should be no more than 500 characters.", "type": "string", "location": "query" } }, "httpMethod": "GET", "path": "v2/{+parent}/columnDataProfiles", "description": "Lists column data profiles for an organization.", "response": { "$ref": "GooglePrivacyDlpV2ListColumnDataProfilesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/columnDataProfiles", "parameterOrder": [ "parent" ] }, "get": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/columnDataProfiles/{columnDataProfilesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2ColumnDataProfile" }, "path": "v2/{+name}", "description": "Gets a column data profile.", "httpMethod": "GET", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name, for example `organizations/12345/locations/us/columnDataProfiles/53234423`.", "pattern": "^organizations/[^/]+/locations/[^/]+/columnDataProfiles/[^/]+$" } }, "id": "dlp.organizations.locations.columnDataProfiles.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } } }, "fileStoreDataProfiles": { "methods": { "get": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/fileStoreDataProfiles/{fileStoreDataProfilesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2FileStoreDataProfile" }, "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name, for example `organizations/12345/locations/us/fileStoreDataProfiles/53234423`.", "pattern": "^organizations/[^/]+/locations/[^/]+/fileStoreDataProfiles/[^/]+$" } }, "id": "dlp.organizations.locations.fileStoreDataProfiles.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Gets a file store data profile.", "httpMethod": "GET" }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/fileStoreDataProfiles/{fileStoreDataProfilesId}", "parameterOrder": [ "name" ], "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Delete a FileStoreDataProfile. Will not prevent the profile from being regenerated if the resource is still included in a discovery configuration.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.fileStoreDataProfiles.delete", "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name of the file store data profile.", "pattern": "^organizations/[^/]+/locations/[^/]+/fileStoreDataProfiles/[^/]+$" } } }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListFileStoreDataProfilesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/fileStoreDataProfiles", "parameterOrder": [ "parent" ], "httpMethod": "GET", "path": "v2/{+parent}/fileStoreDataProfiles", "description": "Lists file store data profiles for an organization.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.fileStoreDataProfiles.list", "parameters": { "orderBy": { "location": "query", "type": "string", "description": "Optional. Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `name` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `sensitivity_level`: How sensitive the data in a table is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds. - `last_modified`: The last time the resource was modified. - `resource_visibility`: Visibility restriction for this resource. - `name`: The name of the profile. - `create_time`: The time the file store was first created." }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "location": "path", "type": "string", "required": true }, "pageToken": { "description": "Optional. Page token to continue retrieval.", "type": "string", "location": "query" }, "filter": { "description": "Optional. Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: The Google Cloud project ID - `account_id`: The AWS account ID - `file_store_path`: The path like \"gs://bucket\" - `data_source_type`: The profile's data source type, like \"google/storage/bucket\" - `data_storage_location`: The location where the file store's data is stored, like \"us-central1\" - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `resource_visibility`: PUBLIC|RESTRICTED - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `project_id = 12345 AND resource_visibility = PUBLIC` * `file_store_path = \"gs://mybucket\"` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "pageSize": { "description": "Optional. Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100.", "type": "integer", "location": "query", "format": "int32" } } } } }, "discoveryConfigs": { "methods": { "patch": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "path": "v2/{+name}", "description": "Updates a discovery configuration.", "httpMethod": "PATCH", "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`.", "pattern": "^organizations/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDiscoveryConfigRequest" }, "id": "dlp.organizations.locations.discoveryConfigs.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "list": { "httpMethod": "GET", "path": "v2/{+parent}/discoveryConfigs", "description": "Lists discovery configurations.", "id": "dlp.organizations.locations.discoveryConfigs.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value is as follows: `projects/{project_id}/locations/{location_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "type": "string", "location": "path" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to ListDiscoveryConfigs. `order_by` field must not change for subsequent calls.", "type": "string", "location": "query" }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by a server." }, "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of config fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `last_run_time`: corresponds to the last time the DiscoveryConfig ran. - `name`: corresponds to the DiscoveryConfig's name. - `status`: corresponds to DiscoveryConfig's status." } }, "response": { "$ref": "GooglePrivacyDlpV2ListDiscoveryConfigsResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/discoveryConfigs", "parameterOrder": [ "parent" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.discoveryConfigs.delete", "parameters": { "name": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the project and the config, for example `projects/dlp-test-project/discoveryConfigs/53234423`.", "pattern": "^organizations/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$" } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a discovery configuration." }, "create": { "parameters": { "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization): + Projects scope: `projects/{project_id}/locations/{location_id}` + Organizations scope: `organizations/{org_id}/locations/{location_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDiscoveryConfigRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.discoveryConfigs.create", "path": "v2/{+parent}/discoveryConfigs", "description": "Creates a config for discovery to scan and profile storage.", "httpMethod": "POST", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/discoveryConfigs", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" } }, "get": { "response": { "$ref": "GooglePrivacyDlpV2DiscoveryConfig" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/discoveryConfigs/{discoveryConfigsId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.discoveryConfigs.get", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/discoveryConfigs/[^/]+$", "description": "Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`.", "type": "string", "location": "path", "required": true } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a discovery configuration." } } }, "connections": { "methods": { "search": { "httpMethod": "GET", "path": "v2/{+parent}/connections:search", "description": "Searches for Connections in a parent.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.connections.search", "parameters": { "parent": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name of the organization or project with a wildcard location, for example, `organizations/433245324/locations/-` or `projects/project-id/locations/-`.", "pattern": "^organizations/[^/]+/locations/[^/]+$" }, "pageToken": { "description": "Optional. Page token from a previous page to return the next set of results. If set, all other request fields must match the original request.", "location": "query", "type": "string" }, "filter": { "type": "string", "location": "query", "description": "Optional. Supported field/value: - `state` - MISSING|AVAILABLE|ERROR The syntax is based on https://google.aip.dev/160." }, "pageSize": { "description": "Optional. Number of results per page, max 1000.", "location": "query", "format": "int32", "type": "integer" } }, "response": { "$ref": "GooglePrivacyDlpV2SearchConnectionsResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections:search", "parameterOrder": [ "parent" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.connections.delete", "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/connections/[^/]+$", "description": "Required. Resource name of the Connection to be deleted, in the format: `projects/{project}/locations/{location}/connections/{connection}`." } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Delete a Connection." }, "create": { "path": "v2/{+parent}/connections", "description": "Create a Connection to an external data source.", "httpMethod": "POST", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization): + Projects scope: `projects/{project_id}/locations/{location_id}` + Organizations scope: `organizations/{org_id}/locations/{location_id}`" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateConnectionRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.connections.create", "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2Connection" } }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.connections.get", "parameters": { "name": { "required": true, "type": "string", "location": "path", "description": "Required. Resource name in the format: `projects/{project}/locations/{location}/connections/{connection}`.", "pattern": "^organizations/[^/]+/locations/[^/]+/connections/[^/]+$" } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Get a Connection by name.", "response": { "$ref": "GooglePrivacyDlpV2Connection" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ] }, "patch": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections/{connectionsId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2Connection" }, "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/connections/[^/]+$", "description": "Required. Resource name in the format: `projects/{project}/locations/{location}/connections/{connection}`.", "location": "path", "type": "string", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateConnectionRequest" }, "id": "dlp.organizations.locations.connections.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Update a Connection.", "httpMethod": "PATCH" }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListConnectionsResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/connections", "parameterOrder": [ "parent" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.connections.list", "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. Resource name of the organization or project, for example, `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`." }, "pageToken": { "description": "Optional. Page token from a previous page to return the next set of results. If set, all other request fields must match the original request.", "type": "string", "location": "query" }, "filter": { "type": "string", "location": "query", "description": "Optional. Supported field/value: `state` - MISSING|AVAILABLE|ERROR The syntax is based on https://google.aip.dev/160." }, "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Optional. Number of results per page, max 1000." } }, "httpMethod": "GET", "path": "v2/{+parent}/connections", "description": "Lists Connections in a parent. Use SearchConnections to see all connections within an organization." } } }, "tableDataProfiles": { "methods": { "get": { "response": { "$ref": "GooglePrivacyDlpV2TableDataProfile" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/tableDataProfiles/{tableDataProfilesId}", "parameterOrder": [ "name" ], "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a table data profile.", "id": "dlp.organizations.locations.tableDataProfiles.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+/locations/[^/]+/tableDataProfiles/[^/]+$", "description": "Required. Resource name, for example `organizations/12345/locations/us/tableDataProfiles/53234423`." } } }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/tableDataProfiles/{tableDataProfilesId}", "parameterOrder": [ "name" ], "id": "dlp.organizations.locations.tableDataProfiles.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/tableDataProfiles/[^/]+$", "description": "Required. Resource name of the table data profile.", "location": "path", "type": "string", "required": true } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Delete a TableDataProfile. Will not prevent the profile from being regenerated if the table is still included in a discovery configuration." }, "list": { "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/tableDataProfiles", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListTableDataProfilesResponse" }, "parameters": { "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id asc` * `table_id` * `sensitivity_level desc` Supported fields are: - `project_id`: The Google Cloud project ID. - `dataset_id`: The ID of a BigQuery dataset. - `table_id`: The ID of a BigQuery table. - `sensitivity_level`: How sensitive the data in a table is, at most. - `data_risk_level`: How much risk is associated with this data. - `profile_last_generated`: When the profile was last updated in epoch seconds. - `last_modified`: The last time the resource was modified. - `resource_visibility`: Visibility restriction for this resource. - `row_count`: Number of rows in this resource.", "type": "string", "location": "query" }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Resource name of the organization or project, for example `organizations/433245324/locations/europe` or `projects/project-id/locations/asia`.", "pattern": "^organizations/[^/]+/locations/[^/]+$" }, "pageToken": { "description": "Page token to continue retrieval.", "type": "string", "location": "query" }, "filter": { "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: The Google Cloud project ID - `dataset_id`: The BigQuery dataset ID - `table_id`: The ID of the BigQuery table - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `resource_visibility`: PUBLIC|RESTRICTED - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `project_id = 12345 AND resource_visibility = PUBLIC` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters.", "type": "string", "location": "query" }, "pageSize": { "type": "integer", "location": "query", "format": "int32", "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100." } }, "id": "dlp.organizations.locations.tableDataProfiles.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/tableDataProfiles", "description": "Lists table data profiles for an organization.", "httpMethod": "GET" } } }, "projectDataProfiles": { "methods": { "list": { "response": { "$ref": "GooglePrivacyDlpV2ListProjectDataProfilesResponse" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/projectDataProfiles", "parameterOrder": [ "parent" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.locations.projectDataProfiles.list", "parameters": { "orderBy": { "location": "query", "type": "string", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Only one order field at a time is allowed. Examples: * `project_id` * `sensitivity_level desc` Supported fields: - `project_id`: Google Cloud project ID - `sensitivity_level`: How sensitive the data in a project is, at most - `data_risk_level`: How much risk is associated with this data - `profile_last_generated`: Date and time (in epoch seconds) the profile was last generated" }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by the server. If zero, server returns a page of max size 100." }, "parent": { "description": "Required. organizations/{org_id}/locations/{loc_id}", "pattern": "^organizations/[^/]+/locations/[^/]+$", "required": true, "type": "string", "location": "path" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval." }, "filter": { "location": "query", "type": "string", "description": "Allows filtering. Supported syntax: * Filter expressions are made up of one or more restrictions. * Restrictions can be combined by `AND` or `OR` logical operators. A sequence of restrictions implicitly uses `AND`. * A restriction has the form of `{field} {operator} {value}`. * Supported fields: - `project_id`: the Google Cloud project ID - `sensitivity_level`: HIGH|MODERATE|LOW - `data_risk_level`: HIGH|MODERATE|LOW - `status_code`: an RPC status code as defined in https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto - `profile_last_generated`: Date and time the profile was last generated * The operator must be `=` or `!=`. The `profile_last_generated` filter also supports `\u003c` and `\u003e`. The syntax is based on https://google.aip.dev/160. Examples: * `project_id = 12345 AND status_code = 1` * `project_id = 12345 AND sensitivity_level = HIGH` * `profile_last_generated \u003c \"2025-01-01T00:00:00.000Z\"` The length of this field should be no more than 500 characters." } }, "httpMethod": "GET", "path": "v2/{+parent}/projectDataProfiles", "description": "Lists project data profiles for an organization." }, "get": { "id": "dlp.organizations.locations.projectDataProfiles.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/projectDataProfiles/[^/]+$", "description": "Required. Resource name, for example `organizations/12345/locations/us/projectDataProfiles/53234423`.", "type": "string", "location": "path", "required": true } }, "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a project data profile.", "response": { "$ref": "GooglePrivacyDlpV2ProjectDataProfile" }, "flatPath": "v2/organizations/{organizationsId}/locations/{locationsId}/projectDataProfiles/{projectDataProfilesId}", "parameterOrder": [ "name" ] } } } } }, "storedInfoTypes": { "methods": { "create": { "flatPath": "v2/organizations/{organizationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "parameters": { "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+$" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateStoredInfoTypeRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.storedInfoTypes.create", "path": "v2/{+parent}/storedInfoTypes", "description": "Creates a pre-built stored infoType to be used for inspection. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "POST" }, "get": { "flatPath": "v2/organizations/{organizationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" }, "path": "v2/{+name}", "description": "Gets a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET", "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of the organization and storedInfoType to be read, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342." } }, "id": "dlp.organizations.storedInfoTypes.get", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "delete": { "response": { "$ref": "GoogleProtobufEmpty" }, "flatPath": "v2/organizations/{organizationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.storedInfoTypes.delete", "parameters": { "name": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+/storedInfoTypes/[^/]+$", "description": "Required. Resource name of the organization and storedInfoType to be deleted, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342." } }, "httpMethod": "DELETE", "path": "v2/{+name}", "description": "Deletes a stored infoType. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more." }, "list": { "flatPath": "v2/organizations/{organizationsId}/storedInfoTypes", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListStoredInfoTypesResponse" }, "parameters": { "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." }, "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc, display_name, create_time desc` Supported fields are: - `create_time`: corresponds to the time the most recent version of the resource was created. - `state`: corresponds to the state of the resource. - `name`: corresponds to resource name. - `display_name`: corresponds to info type's display name.", "location": "query", "type": "string" }, "parent": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" }, "pageToken": { "type": "string", "location": "query", "description": "Page token to continue retrieval. Comes from the previous call to `ListStoredInfoTypes`." }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100." } }, "id": "dlp.organizations.storedInfoTypes.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+parent}/storedInfoTypes", "description": "Lists stored infoTypes. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "GET" }, "patch": { "parameters": { "name": { "description": "Required. Resource name of organization and storedInfoType to be updated, for example `organizations/433245324/storedInfoTypes/432452342` or projects/project-id/storedInfoTypes/432452342.", "pattern": "^organizations/[^/]+/storedInfoTypes/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateStoredInfoTypeRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.storedInfoTypes.patch", "path": "v2/{+name}", "description": "Updates the stored infoType by creating a new version. The existing version will continue to be used until the new version is ready. See https://cloud.google.com/sensitive-data-protection/docs/creating-stored-infotypes to learn more.", "httpMethod": "PATCH", "flatPath": "v2/organizations/{organizationsId}/storedInfoTypes/{storedInfoTypesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2StoredInfoType" } } } }, "deidentifyTemplates": { "methods": { "delete": { "parameters": { "name": { "description": "Required. Resource name of the organization and deidentify template to be deleted, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "pattern": "^organizations/[^/]+/deidentifyTemplates/[^/]+$", "required": true, "location": "path", "type": "string" } }, "id": "dlp.organizations.deidentifyTemplates.delete", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "path": "v2/{+name}", "description": "Deletes a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "DELETE", "flatPath": "v2/organizations/{organizationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } }, "create": { "flatPath": "v2/organizations/{organizationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "path": "v2/{+parent}/deidentifyTemplates", "description": "Creates a DeidentifyTemplate for reusing frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+$", "required": true, "location": "path", "type": "string" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateDeidentifyTemplateRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.deidentifyTemplates.create" }, "get": { "httpMethod": "GET", "path": "v2/{+name}", "description": "Gets a DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.deidentifyTemplates.get", "parameters": { "name": { "pattern": "^organizations/[^/]+/deidentifyTemplates/[^/]+$", "description": "Required. Resource name of the organization and deidentify template to be read, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "type": "string", "location": "path", "required": true } }, "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "flatPath": "v2/organizations/{organizationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ] }, "patch": { "flatPath": "v2/organizations/{organizationsId}/deidentifyTemplates/{deidentifyTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2DeidentifyTemplate" }, "path": "v2/{+name}", "description": "Updates the DeidentifyTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "PATCH", "parameters": { "name": { "description": "Required. Resource name of organization and deidentify template to be updated, for example `organizations/433245324/deidentifyTemplates/432452342` or projects/project-id/deidentifyTemplates/432452342.", "pattern": "^organizations/[^/]+/deidentifyTemplates/[^/]+$", "required": true, "type": "string", "location": "path" } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.deidentifyTemplates.patch" }, "list": { "flatPath": "v2/organizations/{organizationsId}/deidentifyTemplates", "parameterOrder": [ "parent" ], "response": { "$ref": "GooglePrivacyDlpV2ListDeidentifyTemplatesResponse" }, "path": "v2/{+parent}/deidentifyTemplates", "description": "Lists DeidentifyTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates-deid to learn more.", "httpMethod": "GET", "parameters": { "orderBy": { "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name.", "type": "string", "location": "query" }, "locationId": { "location": "query", "type": "string", "description": "Deprecated. This field has no effect." }, "pageSize": { "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100.", "location": "query", "format": "int32", "type": "integer" }, "parent": { "required": true, "location": "path", "type": "string", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+$" }, "pageToken": { "description": "Page token to continue retrieval. Comes from the previous call to `ListDeidentifyTemplates`.", "location": "query", "type": "string" } }, "id": "dlp.organizations.deidentifyTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } } }, "inspectTemplates": { "methods": { "create": { "id": "dlp.organizations.inspectTemplates.create", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "parent": { "location": "path", "type": "string", "required": true, "pattern": "^organizations/[^/]+$", "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3" } }, "request": { "$ref": "GooglePrivacyDlpV2CreateInspectTemplateRequest" }, "httpMethod": "POST", "path": "v2/{+parent}/inspectTemplates", "description": "Creates an InspectTemplate for reusing frequently used configuration for inspecting content, images, and storage. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/organizations/{organizationsId}/inspectTemplates", "parameterOrder": [ "parent" ] }, "get": { "flatPath": "v2/organizations/{organizationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "path": "v2/{+name}", "description": "Gets an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "GET", "parameters": { "name": { "description": "Required. Resource name of the organization and inspectTemplate to be read, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "pattern": "^organizations/[^/]+/inspectTemplates/[^/]+$", "required": true, "location": "path", "type": "string" } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.inspectTemplates.get" }, "delete": { "parameters": { "name": { "type": "string", "location": "path", "required": true, "pattern": "^organizations/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of the organization and inspectTemplate to be deleted, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342." } }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "dlp.organizations.inspectTemplates.delete", "path": "v2/{+name}", "description": "Deletes an InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "httpMethod": "DELETE", "flatPath": "v2/organizations/{organizationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ], "response": { "$ref": "GoogleProtobufEmpty" } }, "list": { "response": { "$ref": "GooglePrivacyDlpV2ListInspectTemplatesResponse" }, "flatPath": "v2/organizations/{organizationsId}/inspectTemplates", "parameterOrder": [ "parent" ], "id": "dlp.organizations.inspectTemplates.list", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "orderBy": { "type": "string", "location": "query", "description": "Comma-separated list of fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `create_time`: corresponds to the time the template was created. - `update_time`: corresponds to the time the template was last updated. - `name`: corresponds to the template's name. - `display_name`: corresponds to the template's display name." }, "locationId": { "type": "string", "location": "query", "description": "Deprecated. This field has no effect." }, "pageSize": { "location": "query", "format": "int32", "type": "integer", "description": "Size of the page. This value can be limited by the server. If zero server returns a page of max size 100." }, "parent": { "description": "Required. Parent resource name. The format of this value varies depending on the scope of the request (project or organization) and whether you have [specified a processing location](https://cloud.google.com/sensitive-data-protection/docs/specifying-location): + Projects scope, location specified: `projects/{project_id}/locations/{location_id}` + Projects scope, no location specified (defaults to global): `projects/{project_id}` + Organizations scope, location specified: `organizations/{org_id}/locations/{location_id}` + Organizations scope, no location specified (defaults to global): `organizations/{org_id}` The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3", "pattern": "^organizations/[^/]+$", "required": true, "type": "string", "location": "path" }, "pageToken": { "location": "query", "type": "string", "description": "Page token to continue retrieval. Comes from the previous call to `ListInspectTemplates`." } }, "httpMethod": "GET", "path": "v2/{+parent}/inspectTemplates", "description": "Lists InspectTemplates. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more." }, "patch": { "httpMethod": "PATCH", "path": "v2/{+name}", "description": "Updates the InspectTemplate. See https://cloud.google.com/sensitive-data-protection/docs/creating-templates to learn more.", "id": "dlp.organizations.inspectTemplates.patch", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameters": { "name": { "pattern": "^organizations/[^/]+/inspectTemplates/[^/]+$", "description": "Required. Resource name of organization and inspectTemplate to be updated, for example `organizations/433245324/inspectTemplates/432452342` or projects/project-id/inspectTemplates/432452342.", "type": "string", "location": "path", "required": true } }, "request": { "$ref": "GooglePrivacyDlpV2UpdateInspectTemplateRequest" }, "response": { "$ref": "GooglePrivacyDlpV2InspectTemplate" }, "flatPath": "v2/organizations/{organizationsId}/inspectTemplates/{inspectTemplatesId}", "parameterOrder": [ "name" ] } } } } } }, "fullyEncodeReservedExpansion": true, "mtlsRootUrl": "https://dlp.mtls.googleapis.com/", "ownerDomain": "google.com", "version_module": true, "canonicalName": "DLP", "discoveryVersion": "v1", "basePath": "", "revision": "20260404", "ownerName": "Google", "title": "Sensitive Data Protection (DLP)", "description": "Discover and protect your sensitive data. A fully managed service designed to help you discover, classify, and protect your valuable data assets with ease.", "batchPath": "batch" }