Namespace Google.Apis.DLP.v2.Data
Classes
GooglePrivacyDlpV2Action
A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more.
GooglePrivacyDlpV2ActionDetails
The results of an Action.
GooglePrivacyDlpV2ActivateJobTriggerRequest
Request message for ActivateJobTrigger.
GooglePrivacyDlpV2AllInfoTypes
Apply transformation to all findings.
GooglePrivacyDlpV2AllOtherBigQueryTables
Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target.
GooglePrivacyDlpV2AllOtherDatabaseResources
Match database resources not covered by any other filter.
GooglePrivacyDlpV2AllOtherResources
Match discovery resources not covered by any other filter.
GooglePrivacyDlpV2AllText
Apply to all text.
GooglePrivacyDlpV2AmazonS3Bucket
Amazon S3 bucket.
GooglePrivacyDlpV2AmazonS3BucketConditions
Amazon S3 bucket conditions.
GooglePrivacyDlpV2AmazonS3BucketRegex
Amazon S3 bucket regex.
GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails
Result of a risk analysis operation request.
GooglePrivacyDlpV2AuxiliaryTable
An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).
GooglePrivacyDlpV2AwsAccount
AWS account.
GooglePrivacyDlpV2AwsAccountRegex
AWS account regex.
GooglePrivacyDlpV2AwsDiscoveryStartingLocation
The AWS starting location for discovery.
GooglePrivacyDlpV2BigQueryDiscoveryTarget
Target used to match against for discovery with BigQuery tables
GooglePrivacyDlpV2BigQueryField
Message defining a field of a BigQuery table.
GooglePrivacyDlpV2BigQueryKey
Row key for identifying a record in BigQuery table.
GooglePrivacyDlpV2BigQueryOptions
Options defining BigQuery table and row identifiers.
GooglePrivacyDlpV2BigQueryRegex
A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
GooglePrivacyDlpV2BigQueryRegexes
A collection of regular expressions to determine what tables to match against.
GooglePrivacyDlpV2BigQueryTable
Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id,
and table_name. Within a query a table is often referenced with a string in the format of: :. or ...
GooglePrivacyDlpV2BigQueryTableCollection
Specifies a collection of BigQuery tables. Used for Discovery.
GooglePrivacyDlpV2BigQueryTableTypes
The types of BigQuery tables supported by Cloud DLP.
GooglePrivacyDlpV2BoundingBox
Bounding box encompassing detected text within an image.
GooglePrivacyDlpV2Bucket
Bucket is represented as a range, along with replacement values.
GooglePrivacyDlpV2BucketingConfig
Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically
provided by the user for custom behavior, such as 1-30 -> LOW, 31-65 -> MEDIUM, 66-100 ->
HIGH. This can be used on data of type: number, long, string, timestamp. If the bound Value type differs from
the type of data being transformed, we will first attempt converting the type of the data to be transformed to
match the type of the bound before comparing. See
https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more.
GooglePrivacyDlpV2ByteContentItem
Container for bytes to inspect or redact.
GooglePrivacyDlpV2CancelDlpJobRequest
The request message for canceling a DLP job.
GooglePrivacyDlpV2CategoricalStatsConfig
Compute numerical stats over an individual column, including number of distinct values and value count distribution.
GooglePrivacyDlpV2CategoricalStatsHistogramBucket
Histogram of value frequencies in the column.
GooglePrivacyDlpV2CategoricalStatsResult
Result of the categorical stats computation.
GooglePrivacyDlpV2CharacterMaskConfig
Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3.
GooglePrivacyDlpV2CharsToIgnore
Characters to skip when doing deidentification of a value. These will be left alone and skipped.
GooglePrivacyDlpV2CloudSqlDiscoveryTarget
Target used to match against for discovery with Cloud SQL tables.
GooglePrivacyDlpV2CloudSqlIamCredential
Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.
GooglePrivacyDlpV2CloudSqlProperties
Cloud SQL connection properties.
GooglePrivacyDlpV2CloudStorageDiscoveryTarget
Target used to match against for discovery with Cloud Storage buckets.
GooglePrivacyDlpV2CloudStorageFileSet
Message representing a set of files in Cloud Storage.
GooglePrivacyDlpV2CloudStorageOptions
Options defining a file or a set of files within a Cloud Storage bucket.
GooglePrivacyDlpV2CloudStoragePath
Message representing a single file or path in Cloud Storage.
GooglePrivacyDlpV2CloudStorageRegex
A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
GooglePrivacyDlpV2CloudStorageRegexFileSet
Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow
fine-grained control over which files in the bucket to include. Included files are those that match at least one
item in include_regex and do not match any items in exclude_regex. Note that a file that matches items from
both lists will not be included. For a match to occur, the entire file path (i.e., everything in the url after
the bucket name) must match the regular expression. For example, given the input {bucket_name: "mybucket", include_regex: ["directory1/.*"], exclude_regex: ["directory1/excluded.*"]}: *
gs://mybucket/directory1/myfile will be included * gs://mybucket/directory1/directory2/myfile will be
included (.* matches across /) * gs://mybucket/directory0/directory1/myfile will not be included (the
full path doesn't match any items in include_regex) * gs://mybucket/directory1/excludedfile will not be
included (the path matches an item in exclude_regex) If include_regex is left empty, it will match all files
by default (this is equivalent to setting include_regex: [".*"]). Some other common use cases: *
{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]} will include all files in mybucket except for .pdf
files * {bucket_name: "mybucket", include_regex: ["directory/[^/]+"]} will include all files directly under
gs://mybucket/directory/, without matching across /
GooglePrivacyDlpV2CloudStorageResourceReference
Identifies a single Cloud Storage bucket.
GooglePrivacyDlpV2Color
Represents a color in the RGB color space.
GooglePrivacyDlpV2ColumnDataProfile
The profile for a scanned column within a table.
GooglePrivacyDlpV2Condition
The field type of value and field do not need to match to be considered equal, but not all comparisons are
possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons
are invalid with incompatible types. A value of type: - string can be compared against all other types -
boolean can only be compared against other booleans - integer can be compared against doubles or a string if
the string value can be parsed as an integer. - double can be compared against integers or a string if the
string can be parsed as a double. - Timestamp can be compared against strings in RFC 3339 date string format.
TimeOfDaycan be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
GooglePrivacyDlpV2Conditions
A collection of conditions.
GooglePrivacyDlpV2Connection
A data connection to allow the DLP API to profile data in locations that require additional configuration.
GooglePrivacyDlpV2Container
Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record.
GooglePrivacyDlpV2ContentItem
Type of content to inspect.
GooglePrivacyDlpV2ContentLocation
Precise location of the finding within a document, record, image, or metadata container.
GooglePrivacyDlpV2CreateConnectionRequest
Request message for CreateConnection.
GooglePrivacyDlpV2CreateDeidentifyTemplateRequest
Request message for CreateDeidentifyTemplate.
GooglePrivacyDlpV2CreateDiscoveryConfigRequest
Request message for CreateDiscoveryConfig.
GooglePrivacyDlpV2CreateDlpJobRequest
Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage.
GooglePrivacyDlpV2CreateInspectTemplateRequest
Request message for CreateInspectTemplate.
GooglePrivacyDlpV2CreateJobTriggerRequest
Request message for CreateJobTrigger.
GooglePrivacyDlpV2CreateStoredInfoTypeRequest
Request message for CreateStoredInfoType.
GooglePrivacyDlpV2CryptoDeterministicConfig
Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
GooglePrivacyDlpV2CryptoHashConfig
Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more.
GooglePrivacyDlpV2CryptoKey
This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.
GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig
Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation;
however when used in the ReidentifyContent API method, it serves the opposite function by reversing the
surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and
context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two
characters long. In the case that the identifier is the empty string, it will be skipped. See
https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more. Note: We recommend using
CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size,
plus warrant referential integrity.
GooglePrivacyDlpV2CustomInfoType
Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question.
GooglePrivacyDlpV2DataProfileAction
A task to execute when a data profile has been generated.
GooglePrivacyDlpV2DataProfileBigQueryRowSchema
The schema of data to be saved to the BigQuery table when the DataProfileAction is enabled.
GooglePrivacyDlpV2DataProfileConfigSnapshot
Snapshot of the configurations used to generate the profile.
GooglePrivacyDlpV2DataProfileJobConfig
Configuration for setting up a job to scan resources for profile generation. Only one data profile configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
GooglePrivacyDlpV2DataProfileLocation
The data that will be profiled.
GooglePrivacyDlpV2DataProfilePubSubCondition
A condition for determining whether a Pub/Sub should be triggered.
GooglePrivacyDlpV2DataProfilePubSubMessage
Pub/Sub topic message for a DataProfileAction.PubSubNotification event. To receive a message of protocol buffer schema type, convert the message data to an object of this proto class.
GooglePrivacyDlpV2DataRiskLevel
Score is a summary of all elements in the data profile. A higher number means more risk.
GooglePrivacyDlpV2DataSourceType
Message used to identify the type of resource being profiled.
GooglePrivacyDlpV2DatabaseResourceCollection
Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures.
GooglePrivacyDlpV2DatabaseResourceReference
Identifies a single database resource, like a table within a database.
GooglePrivacyDlpV2DatabaseResourceRegex
A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
GooglePrivacyDlpV2DatabaseResourceRegexes
A collection of regular expressions to determine what database resources to match against.
GooglePrivacyDlpV2DatastoreKey
Record key for a finding in Cloud Datastore.
GooglePrivacyDlpV2DatastoreOptions
Options defining a data set within Google Cloud Datastore.
GooglePrivacyDlpV2DateShiftConfig
Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/sensitive-data-protection/docs/concepts-date-shifting to learn more.
GooglePrivacyDlpV2DateTime
Message for a date time object. e.g. 2018-01-01, 5th August.
GooglePrivacyDlpV2Deidentify
Create a de-identified copy of the requested table or files. A TransformationDetail will be created for each transformation. If any rows in BigQuery are skipped during de-identification (transformation errors or row size exceeds BigQuery insert API limits) they are placed in the failure output table. If the original row exceeds the BigQuery insert API limit it will be truncated when written to the failure output table. The failure output table can be set in the action.deidentify.output.big_query_output.deidentified_failure_output_table field, if no table is set, a table will be automatically created in the same project and dataset as the original table. Compatible with: Inspect
GooglePrivacyDlpV2DeidentifyConfig
The configuration that controls how the data will change.
GooglePrivacyDlpV2DeidentifyContentRequest
Request to de-identify a ContentItem.
GooglePrivacyDlpV2DeidentifyContentResponse
Results of de-identifying a ContentItem.
GooglePrivacyDlpV2DeidentifyDataSourceDetails
The results of a Deidentify action from an inspect job.
GooglePrivacyDlpV2DeidentifyDataSourceStats
Summary of what was modified during a transformation.
GooglePrivacyDlpV2DeidentifyTemplate
DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.
GooglePrivacyDlpV2DeltaPresenceEstimationConfig
δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead.
GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket
A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.
GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
GooglePrivacyDlpV2DeltaPresenceEstimationResult
Result of the δ-presence computation. Note that these results are an estimation, not exact values.
GooglePrivacyDlpV2DetectionRule
Deprecated; use InspectionRuleSet instead. Rule for modifying a CustomInfoType to alter behavior under
certain circumstances, depending on the specific details of the rule. Not supported for the surrogate_type
custom infoType.
GooglePrivacyDlpV2Dictionary
Custom information type based on a dictionary of words or phrases. This can be used to match sensitive
information specific to the data, such as a list of employee IDs or job titles. Dictionary words are
case-insensitive and all characters other than letters and digits in the unicode Basic Multilingual
Plane will be replaced with
whitespace when scanning for matches, so the dictionary phrase "Sam Johnson" will match all three phrases "sam
johnson", "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters surrounding any match must be of a
different type than the adjacent characters within the word, so letters must be next to non-letters and digits
next to non-digits. For example, the dictionary word "jen" will match the first three letters of the text
"jen123" but will return no matches for "jennifer". Dictionary words containing a large number of characters
that are not letters or digits may result in unexpected findings because such characters are treated as
whitespace. The limits page contains details about
the size limits of dictionaries. For dictionaries that do not fit within these constraints, consider using
LargeCustomDictionaryConfig in the StoredInfoType API.
GooglePrivacyDlpV2Disabled
Do not profile the tables.
GooglePrivacyDlpV2DiscoveryBigQueryConditions
Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age).
GooglePrivacyDlpV2DiscoveryBigQueryFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID.
GooglePrivacyDlpV2DiscoveryCloudSqlConditions
Requirements that must be true before a table is profiled for the first time.
GooglePrivacyDlpV2DiscoveryCloudSqlFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name.
GooglePrivacyDlpV2DiscoveryCloudSqlGenerationCadence
How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity.
GooglePrivacyDlpV2DiscoveryCloudStorageConditions
Requirements that must be true before a Cloud Storage bucket or object is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
GooglePrivacyDlpV2DiscoveryCloudStorageFilter
Determines which buckets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID and bucket name.
GooglePrivacyDlpV2DiscoveryCloudStorageGenerationCadence
How often existing buckets should have their profiles refreshed. New buckets are scanned as quickly as possible depending on system capacity.
GooglePrivacyDlpV2DiscoveryConfig
Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
GooglePrivacyDlpV2DiscoveryFileStoreConditions
Requirements that must be true before a file store is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
GooglePrivacyDlpV2DiscoveryGenerationCadence
What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity.
GooglePrivacyDlpV2DiscoveryInspectTemplateModifiedCadence
The cadence at which to update data profiles when the inspection rules defined by the InspectTemplate change.
GooglePrivacyDlpV2DiscoveryOtherCloudConditions
Requirements that must be true before a resource is profiled for the first time.
GooglePrivacyDlpV2DiscoveryOtherCloudFilter
Determines which resources from the other cloud will have profiles generated. Includes the ability to filter by resource names.
GooglePrivacyDlpV2DiscoveryOtherCloudGenerationCadence
How often existing resources should have their profiles refreshed. New resources are scanned as quickly as possible depending on system capacity.
GooglePrivacyDlpV2DiscoverySchemaModifiedCadence
The cadence at which to update data profiles when a schema is modified.
GooglePrivacyDlpV2DiscoveryStartingLocation
The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization.
GooglePrivacyDlpV2DiscoveryTableModifiedCadence
The cadence at which to update data profiles when a table is modified.
GooglePrivacyDlpV2DiscoveryTarget
Target used to match against for Discovery.
GooglePrivacyDlpV2DlpJob
Combines all of the information about a DLP job.
GooglePrivacyDlpV2DocumentLocation
Location of a finding within a document.
GooglePrivacyDlpV2EntityId
An entity in a dataset is a field or set of fields that correspond to a single person. For example, in medical
records the EntityId might be a patient identifier, or for financial records it might be an account
identifier. This message is used when generalizations or analysis must take into account that multiple rows
correspond to the same entity.
GooglePrivacyDlpV2Error
Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
GooglePrivacyDlpV2ExcludeByHotword
The rule to exclude findings based on a hotword. For record inspection of tables, column names are considered hotwords. An example of this is to exclude a finding if it belongs to a BigQuery column that matches a specific pattern.
GooglePrivacyDlpV2ExcludeInfoTypes
List of excluded infoTypes.
GooglePrivacyDlpV2ExclusionRule
The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from
results.
GooglePrivacyDlpV2Export
If set, the detailed data profiles will be persisted to the location of your choice whenever updated.
GooglePrivacyDlpV2Expressions
An expression, consisting of an operator and conditions.
GooglePrivacyDlpV2FieldId
General identifier of a data field in a storage service.
GooglePrivacyDlpV2FieldTransformation
The transformation to apply to the field.
GooglePrivacyDlpV2FileClusterSummary
The file cluster summary.
GooglePrivacyDlpV2FileClusterType
Message used to identify file cluster type being profiled.
GooglePrivacyDlpV2FileExtensionInfo
Information regarding the discovered file extension.
GooglePrivacyDlpV2FileSet
Set of files to scan.
GooglePrivacyDlpV2FileStoreCollection
Match file stores (e.g. buckets) using regex filters.
GooglePrivacyDlpV2FileStoreDataProfile
The profile for a file store. * Cloud Storage: maps 1:1 with a bucket. * Amazon S3: maps 1:1 with a bucket.
GooglePrivacyDlpV2FileStoreInfoTypeSummary
Information regarding the discovered InfoType.
GooglePrivacyDlpV2FileStoreRegex
A pattern to match against one or more file stores.
GooglePrivacyDlpV2FileStoreRegexes
A collection of regular expressions to determine what file store to match against.
GooglePrivacyDlpV2Finding
Represents a piece of potentially sensitive content.
GooglePrivacyDlpV2FindingLimits
Configuration to control the number of findings returned for inspection. This is not used for de-identification or data profiling. When redacting sensitive data from images, finding limits don't apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don't include finding limits in RedactImage requests. Otherwise, Cloud DLP returns an error.
GooglePrivacyDlpV2FinishDlpJobRequest
The request message for finishing a DLP hybrid job.
GooglePrivacyDlpV2FixedSizeBucketingConfig
Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". This can be used on data of type: double, long. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more.
GooglePrivacyDlpV2HotwordRule
The rule that adjusts the likelihood of findings within a certain proximity of hotwords.
GooglePrivacyDlpV2HybridContentItem
An individual hybrid item to inspect. Will be stored temporarily during processing.
GooglePrivacyDlpV2HybridFindingDetails
Populate to associate additional data with each finding.
GooglePrivacyDlpV2HybridInspectDlpJobRequest
Request to search for potentially sensitive info in a custom location.
GooglePrivacyDlpV2HybridInspectJobTriggerRequest
Request to search for potentially sensitive info in a custom location.
GooglePrivacyDlpV2HybridInspectResponse
Quota exceeded errors will be thrown once quota has been met.
GooglePrivacyDlpV2HybridInspectStatistics
Statistics related to processing hybrid inspect requests.
GooglePrivacyDlpV2HybridOptions
Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.
GooglePrivacyDlpV2ImageLocation
Location of the finding within an image.
GooglePrivacyDlpV2ImageRedactionConfig
Configuration for determining how redaction of images should occur.
GooglePrivacyDlpV2ImageTransformation
Configuration for determining how redaction of images should occur.
GooglePrivacyDlpV2ImageTransformations
A type of transformation that is applied over images.
GooglePrivacyDlpV2InfoType
Type of information detected by the API.
GooglePrivacyDlpV2InfoTypeCategory
Classification of infoTypes to organize them according to geographic location, industry, and data type.
GooglePrivacyDlpV2InfoTypeDescription
InfoType description.
GooglePrivacyDlpV2InfoTypeLikelihood
Configuration for setting a minimum likelihood per infotype. Used to customize the minimum likelihood level for specific infotypes in the request. For example, use this if you want to lower the precision for PERSON_NAME without lowering the precision for the other infotypes in the request.
GooglePrivacyDlpV2InfoTypeLimit
Max findings configuration per infoType, per content item or long running DlpJob.
GooglePrivacyDlpV2InfoTypeStats
Statistics regarding a specific InfoType.
GooglePrivacyDlpV2InfoTypeSummary
The infoType details for this column.
GooglePrivacyDlpV2InfoTypeTransformation
A transformation to apply to text that is identified as a specific info_type.
GooglePrivacyDlpV2InfoTypeTransformations
A type of transformation that will scan unstructured text and apply various PrimitiveTransformations to each
finding, where the transformation is applied to only values that were identified as a specific info_type.
GooglePrivacyDlpV2InspectConfig
Configuration description of the scanning process. When used with redactContent only info_types and min_likelihood are currently used.
GooglePrivacyDlpV2InspectContentRequest
Request to search for potentially sensitive info in a ContentItem.
GooglePrivacyDlpV2InspectContentResponse
Results of inspecting an item.
GooglePrivacyDlpV2InspectDataSourceDetails
The results of an inspect DataSource job.
GooglePrivacyDlpV2InspectJobConfig
Controls what and how to inspect for findings.
GooglePrivacyDlpV2InspectResult
All the findings for a single scanned item.
GooglePrivacyDlpV2InspectTemplate
The inspectTemplate contains a configuration (set of types of sensitive data to be detected) to be used anywhere you otherwise would normally specify InspectConfig. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.
GooglePrivacyDlpV2InspectionRule
A single inspection rule to be applied to infoTypes, specified in InspectionRuleSet.
GooglePrivacyDlpV2InspectionRuleSet
Rule set for modifying a set of infoTypes to alter behavior under certain circumstances, depending on the specific details of the rules within the set.
GooglePrivacyDlpV2JobNotificationEmails
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
GooglePrivacyDlpV2JobTrigger
Contains a configuration to make API calls on a repeating basis. See https://cloud.google.com/sensitive-data-protection/docs/concepts-job-triggers to learn more.
GooglePrivacyDlpV2KAnonymityConfig
k-anonymity metric, used for analysis of reidentification risk.
GooglePrivacyDlpV2KAnonymityEquivalenceClass
The set of columns' values that share the same ldiversity value
GooglePrivacyDlpV2KAnonymityHistogramBucket
Histogram of k-anonymity equivalence classes.
GooglePrivacyDlpV2KAnonymityResult
Result of the k-anonymity computation.
GooglePrivacyDlpV2KMapEstimationConfig
Reidentifiability metric. This corresponds to a risk model similar to what is called "journalist risk" in the literature, except the attack dataset is statistically modeled instead of being perfectly known. This can be done using publicly available data (like the US Census), or using a custom statistical model (indicated as one or several BigQuery tables), or by extrapolating from the distribution of values in the input dataset.
GooglePrivacyDlpV2KMapEstimationHistogramBucket
A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records.
GooglePrivacyDlpV2KMapEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
GooglePrivacyDlpV2KMapEstimationResult
Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.
GooglePrivacyDlpV2Key
A unique identifier for a Datastore entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts.
GooglePrivacyDlpV2KindExpression
A representation of a Datastore kind.
GooglePrivacyDlpV2KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (https://cloud.google.com/sensitive-data-protection/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, charges apply.
GooglePrivacyDlpV2LDiversityConfig
l-diversity metric, used for analysis of reidentification risk.
GooglePrivacyDlpV2LDiversityEquivalenceClass
The set of columns' values that share the same ldiversity value.
GooglePrivacyDlpV2LDiversityHistogramBucket
Histogram of l-diversity equivalence class sensitive value frequencies.
GooglePrivacyDlpV2LDiversityResult
Result of the l-diversity computation.
GooglePrivacyDlpV2LargeCustomDictionaryConfig
Configuration for a custom dictionary created from a data source of any size up to the maximum size defined in
the limits page. The artifacts of dictionary
creation are stored in the specified Cloud Storage location. Consider using CustomInfoType.Dictionary for
smaller dictionaries that satisfy the size requirements.
GooglePrivacyDlpV2LargeCustomDictionaryStats
Summary statistics of a custom dictionary.
GooglePrivacyDlpV2LeaveUntransformed
Skips the data without modifying it if the requested transformation would cause an error. For example, if a
DateShift transformation were applied an an IP address, this mode would leave the IP address unchanged in the
response.
GooglePrivacyDlpV2LikelihoodAdjustment
Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.
GooglePrivacyDlpV2ListColumnDataProfilesResponse
List of profiles generated for a given organization or project.
GooglePrivacyDlpV2ListConnectionsResponse
Response message for ListConnections.
GooglePrivacyDlpV2ListDeidentifyTemplatesResponse
Response message for ListDeidentifyTemplates.
GooglePrivacyDlpV2ListDiscoveryConfigsResponse
Response message for ListDiscoveryConfigs.
GooglePrivacyDlpV2ListDlpJobsResponse
The response message for listing DLP jobs.
GooglePrivacyDlpV2ListFileStoreDataProfilesResponse
List of file store data profiles generated for a given organization or project.
GooglePrivacyDlpV2ListInfoTypesResponse
Response to the ListInfoTypes request.
GooglePrivacyDlpV2ListInspectTemplatesResponse
Response message for ListInspectTemplates.
GooglePrivacyDlpV2ListJobTriggersResponse
Response message for ListJobTriggers.
GooglePrivacyDlpV2ListProjectDataProfilesResponse
List of profiles generated for a given organization or project.
GooglePrivacyDlpV2ListStoredInfoTypesResponse
Response message for ListStoredInfoTypes.
GooglePrivacyDlpV2ListTableDataProfilesResponse
List of profiles generated for a given organization or project.
GooglePrivacyDlpV2Location
Specifies the location of the finding.
GooglePrivacyDlpV2Manual
Job trigger option for hybrid jobs. Jobs must be manually created and finished.
GooglePrivacyDlpV2MetadataLocation
Metadata Location
GooglePrivacyDlpV2NumericalStatsConfig
Compute numerical stats over an individual column, including min, max, and quantiles.
GooglePrivacyDlpV2NumericalStatsResult
Result of the numerical stats computation.
GooglePrivacyDlpV2OrConditions
There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery.
GooglePrivacyDlpV2OrgConfig
Project and scan location information. Only set when the parent is an org.
GooglePrivacyDlpV2OtherCloudDiscoveryStartingLocation
The other cloud starting location for discovery.
GooglePrivacyDlpV2OtherCloudDiscoveryTarget
Target used to match against for discovery of resources from other clouds. An AWS connector in Security Command Center (Enterprise is required to use this feature.
GooglePrivacyDlpV2OtherCloudResourceCollection
Match resources using regex filters.
GooglePrivacyDlpV2OtherCloudResourceRegex
A pattern to match against one or more resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
GooglePrivacyDlpV2OtherCloudResourceRegexes
A collection of regular expressions to determine what resources to match against.
GooglePrivacyDlpV2OtherCloudSingleResourceReference
Identifies a single resource, like a single Amazon S3 bucket.
GooglePrivacyDlpV2OtherInfoTypeSummary
Infotype details for other infoTypes found within a column.
GooglePrivacyDlpV2OutputStorageConfig
Cloud repository for storing output.
GooglePrivacyDlpV2PartitionId
Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID.
GooglePrivacyDlpV2PathElement
A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
GooglePrivacyDlpV2PrimitiveTransformation
A rule for transforming a value.
GooglePrivacyDlpV2PrivacyMetric
Privacy metric to compute for reidentification risk analysis.
GooglePrivacyDlpV2ProfileStatus
Success or errors for the profile generation.
GooglePrivacyDlpV2ProjectDataProfile
An aggregated profile for this project, based on the resources profiled within it.
GooglePrivacyDlpV2Proximity
Message for specifying a window around a finding to apply a detection rule.
GooglePrivacyDlpV2PubSubCondition
A condition consisting of a value.
GooglePrivacyDlpV2PubSubExpressions
An expression, consisting of an operator and conditions.
GooglePrivacyDlpV2PubSubNotification
Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The
message payload data will be the byte serialization of DataProfilePubSubMessage.
GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog
Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag templates are applied to the resource that
Cloud DLP scanned. Data Catalog tag templates are stored in the same project and region where the BigQuery table
exists. For Cloud DLP to create and apply the tag template, the Cloud DLP service agent must have the
roles/datacatalog.tagTemplateOwner permission on the project. The tag template contains fields summarizing the
results of the DlpJob. Any field values previously written by another DlpJob are deleted. InfoType naming
patterns are strictly enforced when using this feature. Findings are persisted in Data Catalog storage and are
governed by service-specific policies for Data Catalog. For more information, see Service Specific
Terms. Only a single instance of this action can be specified.
This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect
GooglePrivacyDlpV2PublishSummaryToCscc
Publish the result summary of a DlpJob to Security Command Center. This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by service-specific policies for Security Command Center. Only a single instance of this action can be specified. Compatible with: Inspect
GooglePrivacyDlpV2PublishToChronicle
Message expressing intention to publish to Google Security Operations.
GooglePrivacyDlpV2PublishToPubSub
Publish a message into a given Pub/Sub topic when DlpJob has completed. The message contains a single field,
DlpJobName, which is equal to the finished job's
DlpJob.name.
Compatible with: Inspect, Risk
GooglePrivacyDlpV2PublishToSecurityCommandCenter
If set, a summary finding will be created or updated in Security Command Center for each profile.
GooglePrivacyDlpV2PublishToStackdriver
Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.
GooglePrivacyDlpV2QuasiId
A column with a semantic tag attached.
GooglePrivacyDlpV2QuasiIdField
A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.
GooglePrivacyDlpV2QuasiIdentifierField
A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.
GooglePrivacyDlpV2QuoteInfo
Message for infoType-dependent details parsed from quote.
GooglePrivacyDlpV2Range
Generic half-open interval [start, end)
GooglePrivacyDlpV2RecordCondition
A condition for determining whether a transformation should be applied to a field.
GooglePrivacyDlpV2RecordKey
Message for a unique key indicating a record that contains a finding.
GooglePrivacyDlpV2RecordLocation
Location of a finding within a row or record.
GooglePrivacyDlpV2RecordSuppression
Configuration to suppress records whose suppression conditions evaluate to true.
GooglePrivacyDlpV2RecordTransformation
The field in a record to transform.
GooglePrivacyDlpV2RecordTransformations
A type of transformation that is applied over structured data such as a table.
GooglePrivacyDlpV2RedactConfig
Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input
'My phone number is 206-555-0123', the output would be 'My phone number is '.
GooglePrivacyDlpV2RedactImageRequest
Request to search for potentially sensitive info in an image and redact it by covering it with a colored rectangle.
GooglePrivacyDlpV2RedactImageResponse
Results of redacting an image.
GooglePrivacyDlpV2Regex
Message defining a custom regular expression.
GooglePrivacyDlpV2ReidentifyContentRequest
Request to re-identify an item.
GooglePrivacyDlpV2ReidentifyContentResponse
Results of re-identifying an item.
GooglePrivacyDlpV2ReplaceDictionaryConfig
Replace each input value with a value randomly selected from the dictionary.
GooglePrivacyDlpV2ReplaceValueConfig
Replace each input value with a given Value.
GooglePrivacyDlpV2ReplaceWithInfoTypeConfig
Replace each matching finding with the name of the info_type.
GooglePrivacyDlpV2RequestedDeidentifyOptions
De-identification options.
GooglePrivacyDlpV2RequestedOptions
Snapshot of the inspection configuration.
GooglePrivacyDlpV2RequestedRiskAnalysisOptions
Risk analysis options.
GooglePrivacyDlpV2Result
All result fields mentioned below are updated while the job is processing.
GooglePrivacyDlpV2RiskAnalysisJobConfig
Configuration for a risk analysis job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-risk-analysis to learn more.
GooglePrivacyDlpV2Row
Values of the row.
GooglePrivacyDlpV2SaveFindings
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk
GooglePrivacyDlpV2Schedule
Schedule for inspect job triggers.
GooglePrivacyDlpV2SchemaModifiedCadence
How frequently to modify the profile when the table's schema is modified.
GooglePrivacyDlpV2SearchConnectionsResponse
Response message for SearchConnections.
GooglePrivacyDlpV2SecretManagerCredential
A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager charges apply.
GooglePrivacyDlpV2SecretsDiscoveryTarget
Discovery target for credentials and secrets in cloud resource metadata. This target does not include any filtering or frequency controls. Cloud DLP will scan cloud resource metadata for secrets daily. No inspect template should be included in the discovery config for a security benchmarks scan. Instead, the built-in list of secrets and credentials infoTypes will be used (see https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets). Credentials and secrets discovered will be reported as vulnerabilities to Security Command Center.
GooglePrivacyDlpV2SelectedInfoTypes
Apply transformation to the selected info_types.
GooglePrivacyDlpV2SensitivityScore
Score is calculated from of all elements in the data profile. A higher level means the data is more sensitive.
GooglePrivacyDlpV2StatisticalTable
An auxiliary table containing statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).
GooglePrivacyDlpV2StorageConfig
Shared message indicating Cloud storage type.
GooglePrivacyDlpV2StorageMetadataLabel
Storage metadata label to indicate which metadata entry contains findings.
GooglePrivacyDlpV2StoredInfoType
StoredInfoType resource message that contains information about the current version and any pending updates.
GooglePrivacyDlpV2StoredInfoTypeConfig
Configuration for stored infoTypes. All fields and subfield are provided by the user. For more information, see https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes.
GooglePrivacyDlpV2StoredInfoTypeStats
Statistics for a StoredInfoType.
GooglePrivacyDlpV2StoredInfoTypeVersion
Version of a StoredInfoType, including the configuration used to build it, create timestamp, and current state.
GooglePrivacyDlpV2StoredType
A reference to a StoredInfoType to use with scanning.
GooglePrivacyDlpV2SummaryResult
A collection that informs the user the number of times a particular TransformationResultCode and error details
occurred.
GooglePrivacyDlpV2SurrogateType
Message for detecting output from deidentification transformations such as
CryptoReplaceFfxFpeConfig.
These types of transformations are those that perform pseudonymization, thereby producing a "surrogate" as
output. This should be used in conjunction with a field on the transformation such as surrogate_info_type.
This CustomInfoType does not support the use of detection_rules.
GooglePrivacyDlpV2Table
Structured content to inspect. Up to 50,000 Values per request allowed. See
https://cloud.google.com/sensitive-data-protection/docs/inspecting-structured-text#inspecting_a_table to learn
more.
GooglePrivacyDlpV2TableDataProfile
The profile for a scanned table.
GooglePrivacyDlpV2TableLocation
Location of a finding within a table.
GooglePrivacyDlpV2TableOptions
Instructions regarding the table content being inspected.
GooglePrivacyDlpV2TableReference
Message defining the location of a BigQuery table with the projectId inferred from the parent project.
GooglePrivacyDlpV2TagCondition
The tag to attach to profiles matching the condition. At most one TagCondition can be specified per
sensitivity level.
GooglePrivacyDlpV2TagResources
If set, attaches the [tags] (https://cloud.google.com/resource-manager/docs/tags/tags-overview) provided to profiled resources. Tags support access control. You can conditionally grant or deny access to a resource based on whether the resource has a specific tag.
GooglePrivacyDlpV2TagValue
A value of a tag.
GooglePrivacyDlpV2TaggedField
A column with a semantic tag attached.
GooglePrivacyDlpV2ThrowError
Throw an error and fail the request when a transformation error occurs.
GooglePrivacyDlpV2TimePartConfig
For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.
GooglePrivacyDlpV2TimeZone
Time zone of the date time object.
GooglePrivacyDlpV2TimespanConfig
Configuration of the timespan of the items to include in scanning. Currently only supported when inspecting Cloud Storage and BigQuery.
GooglePrivacyDlpV2TransformationConfig
User specified templates and configs for how to deidentify structured, unstructures, and image files. User must provide either a unstructured deidentify template or at least one redact image config.
GooglePrivacyDlpV2TransformationDescription
A flattened description of a PrimitiveTransformation or RecordSuppression.
GooglePrivacyDlpV2TransformationDetails
Details about a single transformation. This object contains a description of the transformation, information about whether the transformation was successfully applied, and the precise location where the transformation occurred. These details are stored in a user-specified BigQuery table.
GooglePrivacyDlpV2TransformationDetailsStorageConfig
Config for storing transformation details.
GooglePrivacyDlpV2TransformationErrorHandling
How to handle transformation errors during de-identification. A transformation error occurs when the requested
transformation is incompatible with the data. For example, trying to de-identify an IP address using a
DateShift transformation would result in a transformation error, since date info cannot be extracted from an
IP address. Information about any incompatible transformations, and how they were handled, is returned in the
response as part of the TransformationOverviews.
GooglePrivacyDlpV2TransformationLocation
Specifies the location of a transformation.
GooglePrivacyDlpV2TransformationOverview
Overview of the modifications that occurred.
GooglePrivacyDlpV2TransformationResultStatus
The outcome of a transformation.
GooglePrivacyDlpV2TransformationSummary
Summary of a single transformation. Only one of 'transformation', 'field_transformation', or 'record_suppress' will be set.
GooglePrivacyDlpV2TransientCryptoKey
Use this to have a random data crypto key generated. It will be discarded after the request finishes.
GooglePrivacyDlpV2Trigger
What event needs to occur for a new job to be started.
GooglePrivacyDlpV2UnwrappedCryptoKey
Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.
GooglePrivacyDlpV2UpdateConnectionRequest
Request message for UpdateConnection.
GooglePrivacyDlpV2UpdateDeidentifyTemplateRequest
Request message for UpdateDeidentifyTemplate.
GooglePrivacyDlpV2UpdateDiscoveryConfigRequest
Request message for UpdateDiscoveryConfig.
GooglePrivacyDlpV2UpdateInspectTemplateRequest
Request message for UpdateInspectTemplate.
GooglePrivacyDlpV2UpdateJobTriggerRequest
Request message for UpdateJobTrigger.
GooglePrivacyDlpV2UpdateStoredInfoTypeRequest
Request message for UpdateStoredInfoType.
GooglePrivacyDlpV2Value
Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data.
GooglePrivacyDlpV2ValueFrequency
A value of a field, including its frequency.
GooglePrivacyDlpV2VersionDescription
Details about each available version for an infotype.
GooglePrivacyDlpV2WordList
Message defining a list of words or phrases to search for in the data.
GoogleProtobufEmpty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
GoogleRpcStatus
The Status type defines a logical error model that is suitable for different programming environments,
including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains
three pieces of data: error code, error message, and error details. You can find out more about this error model
and how to work with it in the API Design Guide.
GoogleTypeDate
Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp
GoogleTypeTimeOfDay
Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API
may choose to allow leap seconds. Related types are google.type.Date and google.protobuf.Timestamp.