google.privacy.dlp.v2

BYTES_TYPE_UNSPECIFIED

IMAGE

IMAGE_JPEG

IMAGE_BMP

IMAGE_PNG

IMAGE_SVG

TEXT_UTF8

AVRO

COMMON_CHARS_TO_IGNORE_UNSPECIFIED

NUMERIC

0-9

ALPHA_UPPER_CASE

A-Z

ALPHA_LOWER_CASE

a-z

PUNCTUATION

US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[]^_`{|}~

WHITESPACE

Whitespace character, one of [ \t\n\x0B\f\r]

CONTENT_UNSPECIFIED

Includes entire content of a file or a data stream.

CONTENT_TEXT

Text content within the data, excluding any metadata.

CONTENT_IMAGE

Images found in the data.

DLP_JOB_TYPE_UNSPECIFIED

INSPECT_JOB

The job inspected Google Cloud for sensitive data.

RISK_ANALYSIS_JOB

The job executed a Risk Analysis computation.

EXCLUSION_TYPE_UNSPECIFIED

A finding of this custom info type will not be excluded from results.

EXCLUSION_TYPE_EXCLUDE

A finding of this custom info type will be excluded from final results, but can still affect rule execution.

FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED

NUMERIC

[0-9] (radix of 10)

HEXADECIMAL

[0-9A-F] (radix of 16)

UPPER_CASE_ALPHA_NUMERIC

[0-9A-Z] (radix of 36)

ALPHA_NUMERIC

[0-9A-Za-z] (radix of 62)

FILE_TYPE_UNSPECIFIED

Includes all files.

BINARY_FILE

Includes all file extensions not covered by text file types.

TEXT_FILE

Included file extensions: asc, brf, c, cc, cpp, csv, cxx, c++, cs, css, dart, eml, go, h, hh, hpp, hxx, h++, hs, html, htm, shtml, shtm, xhtml, lhs, ini, java, js, json, ocaml, md, mkd, markdown, m, ml, mli, pl, pm, php, phtml, pht, py, pyw, rb, rbw, rs, rc, scala, sh, sql, tex, txt, text, tsv, vcard, vcs, wml, xml, xsl, xsd, yml, yaml.

IMAGE

Included file extensions: bmp, gif, jpg, jpeg, jpe, png. bytes_limit_per_file has no effect on image files.

AVRO

Included file extensions: avro

ENUM_TYPE_UNSPECIFIED

INSPECT

Supported by the inspect operations.

RISK_ANALYSIS

Supported by the risk analysis operations.

JOB_STATE_UNSPECIFIED

PENDING

The job has not yet started.

RUNNING

The job is currently running.

DONE

The job is no longer running.

CANCELED

The job was canceled before it could complete.

FAILED

The job had an error and did not complete.

LIKELIHOOD_UNSPECIFIED

Default value; same as POSSIBLE.

VERY_UNLIKELY

Few matching elements.

UNLIKELY

POSSIBLE

Some matching elements.

LIKELY

VERY_LIKELY

Many matching elements.

LOGICAL_OPERATOR_UNSPECIFIED

AND

MATCHING_TYPE_UNSPECIFIED

Invalid.

MATCHING_TYPE_FULL_MATCH

Full match.

• Dictionary: join of Dictionary results matched complete finding quote
• Regex: all regex matches fill a finding quote start to end
• Exclude info type: completely inside affecting info types findings

MATCHING_TYPE_PARTIAL_MATCH

Partial match.

• Dictionary: at least one of the tokens in the finding matches
• Regex: substring of the finding matches
• Exclude info type: intersects with affecting info types findings

MATCHING_TYPE_INVERSE_MATCH

Inverse match.

• Dictionary: no tokens in the finding match the dictionary
• Regex: finding doesn't match the regex
• Exclude info type: no intersection with affecting info types findings

OUTPUT_SCHEMA_UNSPECIFIED

BASIC_COLUMNS

Basic schema including only info_type, quote, certainty, and timestamp.

GCS_COLUMNS

Schema tailored to findings from scanning Google Cloud Storage.

DATASTORE_COLUMNS

Schema tailored to findings from scanning Google Datastore.

BIG_QUERY_COLUMNS

Schema tailored to findings from scanning Google BigQuery.

ALL_COLUMNS

Schema containing all columns.

RELATIONAL_OPERATOR_UNSPECIFIED

EQUAL_TO

Equal. Attempts to match even with incompatible types.

NOT_EQUAL_TO

Not equal to. Attempts to match even with incompatible types.

GREATER_THAN

Greater than.

LESS_THAN

Less than.

GREATER_THAN_OR_EQUALS

Greater than or equals.

LESS_THAN_OR_EQUALS

Less than or equals.

EXISTS

Exists

SAMPLE_METHOD_UNSPECIFIED

TOP

Scan from the top (default).

RANDOM_START

For each file larger than bytes_limit_per_file, randomly pick the offset to start scanning. The scanned bytes are contiguous.

SAMPLE_METHOD_UNSPECIFIED

TOP

Scan from the top (default).

RANDOM_START

Randomly pick the row to start scanning. The scanned rows are contiguous.

STATUS_UNSPECIFIED

HEALTHY

Trigger is healthy.

PAUSED

Trigger is temporarily paused.

CANCELLED

Trigger is cancelled and can not be resumed.

STORED_INFO_TYPE_STATE_UNSPECIFIED

PENDING

StoredInfoType version is being created.

READY

StoredInfoType version is ready for use.

FAILED

StoredInfoType creation failed. All relevant error messages are returned in the StoredInfoTypeVersion message.

INVALID

StoredInfoType is no longer valid because artifacts stored in user-controlled storage were modified. To fix an invalid StoredInfoType, use the UpdateStoredInfoType method to create a new version.

TIME_PART_UNSPECIFIED

YEAR

[0-9999]

MONTH

[1-12]

DAY_OF_MONTH

[1-31]

DAY_OF_WEEK

[1-7]

WEEK_OF_YEAR

[1-52]

HOUR_OF_DAY

[0-23]

TRANSFORMATION_RESULT_CODE_UNSPECIFIED

SUCCESS

ERROR

saveFindings

Object

Save resulting findings in a provided location.

This object should have the same structure as SaveFindings

pubSub

Object

Publish a notification to a pubsub topic.

This object should have the same structure as PublishToPubSub

publishSummaryToCscc

Object

Publish summary to Cloud Security Command Center (Alpha).

This object should have the same structure as PublishSummaryToCscc

publishFindingsToCloudDataCatalog

Object

Publish findings to Cloud Datahub.

This object should have the same structure as PublishFindingsToCloudDataCatalog

jobNotificationEmails

Object

Enable email notification to project owners and editors on job's completion/failure.

This object should have the same structure as JobNotificationEmails

name

string

Resource name of the trigger to activate, for example projects/dlp-test-project/jobTriggers/53234423.

requestedPrivacyMetric

Object

Privacy metric to compute.

This object should have the same structure as PrivacyMetric

requestedSourceTable

Object

Input dataset to compute metrics over.

This object should have the same structure as BigQueryTable

numericalStatsResult

Object

This object should have the same structure as NumericalStatsResult

categoricalStatsResult

Object

This object should have the same structure as CategoricalStatsResult

kAnonymityResult

Object

This object should have the same structure as KAnonymityResult

lDiversityResult

Object

This object should have the same structure as LDiversityResult

kMapEstimationResult

Object

This object should have the same structure as KMapEstimationResult

deltaPresenceEstimationResult

Object

This object should have the same structure as DeltaPresenceEstimationResult

table

Object

Auxiliary table location. [required]

This object should have the same structure as BigQueryTable

quasiIds

Array of Object

Quasi-identifier columns. [required]

This object should have the same structure as QuasiIdField

relativeFrequency

Object

The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero. [required]

This object should have the same structure as FieldId

table

Object

Source table of the field.

This object should have the same structure as BigQueryTable

field

Object

Designated field in the BigQuery table.

This object should have the same structure as FieldId

tableReference

Object

Complete BigQuery table reference.

This object should have the same structure as BigQueryTable

rowNumber

number

Absolute number of the row from the beginning of the table at the time of scanning.

tableReference

Object

Complete BigQuery table reference.

This object should have the same structure as BigQueryTable

identifyingFields

Array of Object

References to fields uniquely identifying rows within the table. Nested fields in the format, like person.birthdate.year, are allowed.

This object should have the same structure as FieldId

rowsLimit

number

Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.

rowsLimitPercent

number

Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.

sampleMethod

number

The number should be among the values of SampleMethod

excludedFields

Array of Object

References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings.

This object should have the same structure as FieldId

projectId

string

The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.

datasetId

string

Dataset ID of the table.

tableId

string

Name of the table.

top

number

Top coordinate of the bounding box. (0,0) is upper left.

left

number

Left coordinate of the bounding box. (0,0) is upper left.

width

number

Width of the bounding box in pixels.

height

number

Height of the bounding box in pixels.

min

Object

Lower bound of the range, inclusive. Type should be the same as max if used.

This object should have the same structure as Value

max

Object

Upper bound of the range, exclusive; type must match min.

This object should have the same structure as Value

replacementValue

Object

Replacement value for this bucket. If not provided the default behavior will be to hyphenate the min-max range.

This object should have the same structure as Value

buckets

Array of Object

Set of buckets. Ranges must be non-overlapping.

This object should have the same structure as Bucket

type

number

The type of data stored in the bytes string. Default will be TEXT_UTF8.

The number should be among the values of BytesType

data

Buffer

Content data to inspect or redact.

name

string

The name of the DlpJob resource to be cancelled.

field

Object

Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data.

This object should have the same structure as FieldId

valueFrequencyLowerBound

number

Lower bound on the value frequency of the values in this bucket.

valueFrequencyUpperBound

number

Upper bound on the value frequency of the values in this bucket.

bucketSize

number

Total number of values in this bucket.

bucketValues

Array of Object

Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20.

This object should have the same structure as ValueFrequency

bucketValueCount

number

Total number of distinct values in this bucket.

valueFrequencyHistogramBuckets

Array of Object

Histogram of value frequencies in the column.

This object should have the same structure as CategoricalStatsHistogramBucket

maskingCharacter

string

Character to mask the sensitive values—for example, "" for an alphabetic string such as name, or "0" for a numeric string such as ZIP code or credit card number. String must have length 1. If not supplied, we will default to "" for strings, 0 for digits.

numberToMask

number

Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

reverseOrder

boolean

Mask characters in reverse order. For example, if masking_character is '0', number_to_mask is 14, and reverse_order is false, then 1234-5678-9012-3456 -> 00000000000000-3456 If masking_character is '', number_to_mask is 3, and reverse_order is true, then 12345 -> 12**

charactersToIgnore

Array of Object

When masking a string, items in this list will be skipped when replacing. For example, if your string is 555-555-5555 and you ask us to skip - and mask 5 chars with * we would produce ***-*55-5555.

This object should have the same structure as CharsToIgnore

charactersToSkip

string

commonCharactersToIgnore

number

The number should be among the values of CommonCharsToIgnore

url

string

The url, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed.

fileSet

Object

The set of one or more files to scan.

This object should have the same structure as FileSet

bytesLimitPerFile

number

Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.

bytesLimitPerFilePercent

number

Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.

fileTypes

Array of number

List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well.

The number should be among the values of FileType

sampleMethod

number

The number should be among the values of SampleMethod

filesLimitPercent

number

Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0.

path

string

A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

bucketName

string

The name of a Cloud Storage bucket. Required.

includeRegex

Array of string

A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in exclude_regex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list).

Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

excludeRegex

Array of string

A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan.

Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

red

number

The amount of red in the color as a value in the interval [0, 1].

green

number

The amount of green in the color as a value in the interval [0, 1].

blue

number

The amount of blue in the color as a value in the interval [0, 1].

field

Object

Field within the record this condition is evaluated against. [required]

This object should have the same structure as FieldId

operator

number

Operator used to compare the field or infoType to the value. [required]

The number should be among the values of RelationalOperator

value

Object

Value to compare against. [Required, except for EXISTS tests.]

This object should have the same structure as Value

conditions

Array of Object

This object should have the same structure as Condition

value

string

String data to inspect or redact.

table

Object

Structured content for inspection. See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to learn more.

This object should have the same structure as Table

byteItem

Object

Content data to inspect or redact. Replaces type and data.

This object should have the same structure as ByteContentItem

containerName

string

Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows:

• BigQuery tables: <project_id>:<dataset_id>.<table_id>
• Cloud Storage files: gs://<bucket>/<path>
• Datastore namespace:

Nested names could be absent if the embedded object has no string identifier (for an example an image contained within a document).

recordLocation

Object

Location within a row or record of a database table.

This object should have the same structure as RecordLocation

imageLocation

Object

Location within an image's pixels.

This object should have the same structure as ImageLocation

documentLocation

Object

Location data for document files.

This object should have the same structure as DocumentLocation

containerTimestamp

Object

Findings container modification timestamp, if applicable. For Google Cloud Storage contains last file modification timestamp. For BigQuery table contains last_modified_time property. For Datastore - not populated.

This object should have the same structure as Timestamp

containerVersion

string

Findings container version, if available ("generation" for Google Cloud Storage).

parent

string

The parent resource name, for example projects/my-project-id or organizations/my-org-id.

deidentifyTemplate

Object

The DeidentifyTemplate to create.

This object should have the same structure as DeidentifyTemplate

templateId

string

The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

parent

string

The parent resource name, for example projects/my-project-id.

inspectJob

Object

This object should have the same structure as InspectJobConfig

riskJob

Object

This object should have the same structure as RiskAnalysisJobConfig

jobId

string

The job id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

parent

string

The parent resource name, for example projects/my-project-id or organizations/my-org-id.

inspectTemplate

Object

The InspectTemplate to create.

This object should have the same structure as InspectTemplate

templateId

string

The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

parent

string

The parent resource name, for example projects/my-project-id.

jobTrigger

Object

The JobTrigger to create.

This object should have the same structure as JobTrigger

triggerId

string

The trigger id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

parent

string

The parent resource name, for example projects/my-project-id or organizations/my-org-id.

config

Object

Configuration of the storedInfoType to create.

This object should have the same structure as StoredInfoTypeConfig

storedInfoTypeId

string

The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

cryptoKey

Object

The key used by the encryption function.

This object should have the same structure as CryptoKey

surrogateInfoType

Object

The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: ():

For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'

This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.

In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either

• reverse a surrogate that does not correspond to an actual identifier
• be unable to parse the surrogate and result in an error

Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

This object should have the same structure as InfoType

context

Object

Optional. A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.

If the context is not set, plaintext would be used as is for encryption. If the context is set but:

1. there is no record present when transforming a given value or
2. the field is not present when transforming a given value,

plaintext would be used as is for encryption.

Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and non-structured ContentItems.

This object should have the same structure as FieldId

cryptoKey

Object

The key used by the hash function.

This object should have the same structure as CryptoKey

transient

Object

This object should have the same structure as TransientCryptoKey

unwrapped

Object

This object should have the same structure as UnwrappedCryptoKey

kmsWrapped

Object

This object should have the same structure as KmsWrappedCryptoKey

cryptoKey

Object

The key used by the encryption algorithm. [required]

This object should have the same structure as CryptoKey

context

Object

The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.

If the context is set but:

1. there is no record present when transforming a given value or
2. the field is not present when transforming a given value,

a default tweak will be used.

Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and non-structured ContentItems. Currently, the referenced field may be of value type integer or string.

The tweak is constructed as a sequence of bytes in big endian byte order such that:

• a 64 bit integer is encoded followed by a single byte of value 1
• a string is encoded in UTF-8 format followed by a single byte of value 2

This object should have the same structure as FieldId

commonAlphabet

number

The number should be among the values of FfxCommonNativeAlphabet

customAlphabet

string

This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 62]. This must be encoded as ASCII. The order of characters does not matter.

radix

number

The native way to select the alphabet. Must be in the range [2, 62].

surrogateInfoType

Object

The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate

For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'

This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text.

In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

This object should have the same structure as InfoType

infoType

Object

CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in InspectContent.info_types field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in InspectContent.info_types list then the name is treated as a custom info type.

This object should have the same structure as InfoType

likelihood

number

Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to VERY_LIKELY if not specified.

The number should be among the values of Likelihood

dictionary

Object

A list of phrases to detect as a CustomInfoType.

This object should have the same structure as Dictionary

regex

Object

Regular expression based CustomInfoType.

This object should have the same structure as Regex

surrogateType

Object

Message for detecting output from deidentification transformations that support reversing.

This object should have the same structure as SurrogateType

storedType

Object

Load an existing StoredInfoType resource for use in InspectDataSource. Not currently supported in InspectContent.

This object should have the same structure as StoredType

detectionRules

Array of Object

Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the surrogate_type CustomInfoType.

This object should have the same structure as DetectionRule

exclusionType

number

If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching.

The number should be among the values of ExclusionType

entityKey

Object

Datastore entity key.

This object should have the same structure as Key

partitionId

Object

A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.

This object should have the same structure as PartitionId

kind

Object

The kind to process.

This object should have the same structure as KindExpression

upperBoundDays

number

Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.

For example, 3 means shift date to at most 3 days into the future. [Required]

lowerBoundDays

number

For example, -5 means shift date to at most 5 days back in the past. [Required]

context

Object

Points to the field that contains the context, for example, an entity id. If set, must also set method. If set, shift will be consistent for the given context.

This object should have the same structure as FieldId

cryptoKey

Object

Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key.

This object should have the same structure as CryptoKey

date

Object

One or more of the following must be set. All fields are optional, but when set must be valid date or time values.

This object should have the same structure as Date

dayOfWeek

number

The number should be among the values of DayOfWeek

time

Object

This object should have the same structure as TimeOfDay

timeZone

Object

This object should have the same structure as TimeZone

infoTypeTransformations

Object

Treat the dataset as free-form text and apply the same free text transformation everywhere.

This object should have the same structure as InfoTypeTransformations

recordTransformations

Object

Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

This object should have the same structure as RecordTransformations

parent

string

The parent resource name, for example projects/my-project-id.

deidentifyConfig

Object

Configuration for the de-identification of the content item. Items specified here will override the template referenced by the deidentify_template_name argument.

This object should have the same structure as DeidentifyConfig

inspectConfig

Object

Configuration for the inspector. Items specified here will override the template referenced by the inspect_template_name argument.

This object should have the same structure as InspectConfig

item

Object

The item to de-identify. Will be treated as text.

This object should have the same structure as ContentItem

inspectTemplateName

string

Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

deidentifyTemplateName

string

Optional template to use. Any configuration directly specified in deidentify_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

item

Object

The de-identified item.

This object should have the same structure as ContentItem

overview

Object

An overview of the changes that were made on the item.

This object should have the same structure as TransformationOverview

name

string

The template name. Output only.

The template will have one of the following formats: projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID

displayName

string

Display name (max 256 chars).

description

string

Short description (max 256 chars).

createTime

Object

The creation timestamp of a inspectTemplate, output only field.

This object should have the same structure as Timestamp

updateTime

Object

The last update timestamp of a inspectTemplate, output only field.

This object should have the same structure as Timestamp

deidentifyConfig

Object

///////////// // The core content of the template // ///////////////

This object should have the same structure as DeidentifyConfig

name

string

Resource name of the organization and deidentify template to be deleted, for example organizations/433245324/deidentifyTemplates/432452342 or projects/project-id/deidentifyTemplates/432452342.

name

string

The name of the DlpJob resource to be deleted.

name

string

Resource name of the organization and inspectTemplate to be deleted, for example organizations/433245324/inspectTemplates/432452342 or projects/project-id/inspectTemplates/432452342.

name

string

Resource name of the project and the triggeredJob, for example projects/dlp-test-project/jobTriggers/53234423.

name

string

Resource name of the organization and storedInfoType to be deleted, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

quasiIds

Array of Object

Fields considered to be quasi-identifiers. No two fields can have the same tag. [required]

This object should have the same structure as QuasiId

regionCode

string

ISO 3166-1 alpha-2 region code to use in the statistical modeling. Required if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.

auxiliaryTables

Array of Object

Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table.

This object should have the same structure as StatisticalTable

minProbability

number

Between 0 and 1.

maxProbability

number

Always greater than or equal to min_probability.

bucketSize

number

Number of records within these probability bounds.

bucketValues

Array of Object

Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.

This object should have the same structure as DeltaPresenceEstimationQuasiIdValues

bucketValueCount

number

Total number of distinct quasi-identifier tuple values in this bucket.

quasiIdsValues

Array of Object

The quasi-identifier values.

This object should have the same structure as Value

estimatedProbability

number

The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside and outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi-identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15.

deltaPresenceEstimationHistogram

Array of Object

The intervals [min_probability, max_probability) do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4.

This object should have the same structure as DeltaPresenceEstimationHistogramBucket

hotwordRule

Object

Hotword-based detection rule.

This object should have the same structure as HotwordRule

wordList

Object

List of words or phrases to search for.

This object should have the same structure as WordList

cloudStoragePath

Object

Newline-delimited file of words in Cloud Storage. Only a single file is accepted.

This object should have the same structure as CloudStoragePath

name

string

The server-assigned name.

type

number

The type of job.

The number should be among the values of DlpJobType

state

number

State of a job.

The number should be among the values of JobState

riskDetails

Object

Results from analyzing risk of a data source.

This object should have the same structure as AnalyzeDataSourceRiskDetails

inspectDetails

Object

Results from inspecting a data source.

This object should have the same structure as InspectDataSourceDetails

createTime

Object

Time when the job was created.

This object should have the same structure as Timestamp

startTime

Object

Time when the job started.

This object should have the same structure as Timestamp

endTime

Object

Time when the job finished.

This object should have the same structure as Timestamp

jobTriggerName

string

If created by a job trigger, the resource name of the trigger that instantiated the job.

errors

Array of Object

A stream of errors encountered running the job.

This object should have the same structure as Error

fileOffset

number

Offset of the line, from the beginning of the file, where the finding is located.

field

Object

Composite key indicating which field contains the entity identifier.

This object should have the same structure as FieldId

details

Object

This object should have the same structure as Status

timestamps

Array of Object

The times the error occurred.

This object should have the same structure as Timestamp

infoTypes

Array of Object

InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for InspectionRuleSet.info_types containing "PHONE_NUMBER"andexclusion_rulecontainingexclude_info_types.info_types` with "EMAIL_ADDRESS" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to "555-222-2222@example.org" to generate only a single finding, namely email address.

This object should have the same structure as InfoType

dictionary

Object

Dictionary which defines the rule.

This object should have the same structure as Dictionary

regex

Object

Regular expression which defines the rule.

This object should have the same structure as Regex

excludeInfoTypes

Object

Set of infoTypes for which findings would affect this rule.

This object should have the same structure as ExcludeInfoTypes

matchingType

number

How the rule is applied, see MatchingType documentation for details.

The number should be among the values of MatchingType

logicalOperator

number

The operator to apply to the result of conditions. Default and currently only supported value is AND.

The number should be among the values of LogicalOperator

conditions

Object

This object should have the same structure as Conditions

name

string

Name describing the field.

fields

Array of Object

Input field(s) to apply the transformation to. [required]

This object should have the same structure as FieldId

condition

Object

Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. [optional]

Example Use Cases:

• Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.
• Redact a field if the date of birth field is greater than 85.

This object should have the same structure as RecordCondition

primitiveTransformation

Object

Apply the transformation to the entire field.

This object should have the same structure as PrimitiveTransformation

infoTypeTransformations

Object

Treat the contents of the field as free text, and selectively transform content that matches an InfoType.

This object should have the same structure as InfoTypeTransformations

url

string

The Cloud Storage url of the file(s) to scan, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed.

If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that gs://mybucket/ is equivalent to gs://mybucket/*, and gs://mybucket/directory/ is equivalent to gs://mybucket/directory/*.

Exactly one of url or regex_file_set must be set.

regexFileSet

Object

The regex-filtered set of files to scan. Exactly one of url or regex_file_set must be set.

This object should have the same structure as CloudStorageRegexFileSet

quote

string

The content that was found. Even if the content is not textual, it may be converted to a textual representation here. Provided if include_quote is true and the finding is less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes in length, the quote may be omitted.

infoType

Object

The type of content that might have been found. Provided if excluded_types is false.

This object should have the same structure as InfoType

likelihood

number

Confidence of how likely it is that the info_type is correct.

The number should be among the values of Likelihood

location

Object

Where the content was found.

This object should have the same structure as Location

createTime

Object

Timestamp when finding was detected.

This object should have the same structure as Timestamp

quoteInfo

Object

Contains data parsed from quotes. Only populated if include_quote was set to true and a supported infoType was requested. Currently supported infoTypes: DATE, DATE_OF_BIRTH and TIME.

This object should have the same structure as QuoteInfo

maxFindingsPerItem

number

Max number of findings that will be returned for each item scanned. When set within InspectDataSourceRequest, the maximum returned is 2000 regardless if this is set higher. When set within InspectContentRequest, this field is ignored.

maxFindingsPerRequest

number

Max number of findings that will be returned per request/job. When set within InspectContentRequest, the maximum returned is 2000 regardless if this is set higher.

maxFindingsPerInfoType

Array of Object

Configuration of findings limit given for specified infoTypes.

This object should have the same structure as InfoTypeLimit

lowerBound

Object

Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”. [Required].

This object should have the same structure as Value

upperBound

Object

Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”. [Required].

This object should have the same structure as Value

bucketSize

number

Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].

name

string

Resource name of the organization and deidentify template to be read, for example organizations/433245324/deidentifyTemplates/432452342 or projects/project-id/deidentifyTemplates/432452342.

name

string

The name of the DlpJob resource.

name

string

Resource name of the organization and inspectTemplate to be read, for example organizations/433245324/inspectTemplates/432452342 or projects/project-id/inspectTemplates/432452342.

name

string

Resource name of the project and the triggeredJob, for example projects/dlp-test-project/jobTriggers/53234423.

name

string

Resource name of the organization and storedInfoType to be read, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

hotwordRegex

Object

Regular expression pattern defining what qualifies as a hotword.

This object should have the same structure as Regex

proximity

Object

Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(\d{3}) \d{3}-\d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question.

This object should have the same structure as Proximity

likelihoodAdjustment

Object

Likelihood adjustment to apply to all matching findings.

This object should have the same structure as LikelihoodAdjustment

boundingBoxes

Array of Object

Bounding boxes locating the pixels within the image containing the finding.

This object should have the same structure as BoundingBox

infoType

Object

Only one per info_type should be provided per request. If not specified, and redact_all_text is false, the DLP API will redact all text that it matches against all info_types that are found, but not specified in another ImageRedactionConfig.

This object should have the same structure as InfoType

redactAllText

boolean

If true, all text found in the image, regardless whether it matches an info_type, is redacted. Only one should be provided.

redactionColor

Object

The color to use when redacting content from an image. If not specified, the default is black.

This object should have the same structure as Color

name

string

Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. InfoType names should conform to the pattern [a-zA-Z0-9_]{1,64}.

name

string

Internal name of the infoType.

displayName

string

Human readable form of the infoType name.

supportedBy

Array of number

Which parts of the API supports this InfoType.

The number should be among the values of InfoTypeSupportedBy

description

string

Description of the infotype. Translated when language is provided in the request.

infoType

Object

Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.

This object should have the same structure as InfoType

maxFindings

number

Max findings limit for the given infoType.

infoType

Object

The type of finding this stat is for.

This object should have the same structure as InfoType

count

number

Number of findings for this infoType.

infoTypes

Array of Object

InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.

This object should have the same structure as InfoType

primitiveTransformation

Object

Primitive transformation to apply to the infoType. [required]

This object should have the same structure as PrimitiveTransformation

transformations

Array of Object

Transformation for each infoType. Cannot specify more than one for a given infoType. [required]

This object should have the same structure as InfoTypeTransformation

infoTypes

Array of Object

Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference.

When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.

The special InfoType name "ALL_BASIC" can be used to trigger all detectors, but may change over time as new InfoTypes are added. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference.

This object should have the same structure as InfoType

minLikelihood

number

Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more.

The number should be among the values of Likelihood

limits

Object

This object should have the same structure as FindingLimits

includeQuote

boolean

When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote.

excludeInfoTypes

boolean

When true, excludes type information of the findings.

customInfoTypes

Array of Object

CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.

This object should have the same structure as CustomInfoType

contentOptions

Array of number

List of options defining data content to scan. If empty, text, images, and other content will be included.

The number should be among the values of ContentOption

ruleSet

Array of Object

Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.

This object should have the same structure as InspectionRuleSet

parent

string

The parent resource name, for example projects/my-project-id.

inspectConfig

Object

Configuration for the inspector. What specified here will override the template referenced by the inspect_template_name argument.

This object should have the same structure as InspectConfig

item

Object

The item to inspect.

This object should have the same structure as ContentItem

inspectTemplateName

string

Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

result

Object

The findings.

This object should have the same structure as InspectResult

requestedOptions

Object

The configuration used for this job.

This object should have the same structure as RequestedOptions

result

Object

A summary of the outcome of this inspect job.

This object should have the same structure as Result

hotwordRule

Object

Hotword-based detection rule.

This object should have the same structure as HotwordRule

exclusionRule

Object

Exclusion rule.

This object should have the same structure as ExclusionRule

infoTypes

Array of Object

List of infoTypes this rule set is applied to.

This object should have the same structure as InfoType

rules

Array of Object

Set of rules to be applied to infoTypes. The rules are applied in order.

This object should have the same structure as InspectionRule

storageConfig

Object

The data to scan.

This object should have the same structure as StorageConfig

inspectConfig

Object

How and what to scan for.

This object should have the same structure as InspectConfig

inspectTemplateName

string

If provided, will be used as the default for all values in InspectConfig. inspect_config will be merged into the values persisted as part of the template.

actions

Array of Object

Actions to execute at the completion of the job.

This object should have the same structure as Action

findings

Array of Object

List of findings for an item.

This object should have the same structure as Finding

findingsTruncated

boolean

If true, then this item might have more findings than were returned, and the findings returned are an arbitrary subset of all findings. The findings list might be truncated because the input items were too large, or because the server reached the maximum amount of resources allowed for a single API call. For best results, divide the input into smaller batches.

name

string

The template name. Output only.

The template will have one of the following formats: projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID

displayName

string

Display name (max 256 chars).

description

string

Short description (max 256 chars).

createTime

Object

The creation timestamp of a inspectTemplate, output only field.

This object should have the same structure as Timestamp

updateTime

Object

The last update timestamp of a inspectTemplate, output only field.

This object should have the same structure as Timestamp

inspectConfig

Object

The core content of the template. Configuration of the scanning process.

This object should have the same structure as InspectConfig

name

string

Unique resource name for the triggeredJob, assigned by the service when the triggeredJob is created, for example projects/dlp-test-project/triggeredJobs/53234423.

displayName

string

Display name (max 100 chars)

description

string

User provided description (max 256 chars)

inspectJob

Object

This object should have the same structure as InspectJobConfig

triggers

Array of Object

A list of triggers which will be OR'ed together. Only one in the list needs to trigger for a job to be started. The list may contain only a single Schedule trigger and must have at least one object.

This object should have the same structure as Trigger

errors

Array of Object

A stream of errors encountered when the trigger was activated. Repeated errors may result in the JobTrigger automatically being paused. Will return the last 100 errors. Whenever the JobTrigger is modified this list will be cleared. Output only field.

This object should have the same structure as Error

createTime

Object

The creation timestamp of a triggeredJob, output only field.

This object should have the same structure as Timestamp

updateTime

Object

The last update timestamp of a triggeredJob, output only field.

This object should have the same structure as Timestamp

lastRunTime

Object

The timestamp of the last time this trigger executed, output only field.

This object should have the same structure as Timestamp

status

number

A status for this trigger. [required]

The number should be among the values of Status

quasiIds

Array of Object

Set of fields to compute k-anonymity over. When multiple fields are specified, they are considered a single composite key. Structs and repeated data types are not supported; however, nested fields are supported so long as they are not structs themselves or nested within a repeated field.

This object should have the same structure as FieldId

entityId

Object

Optional message indicating that multiple rows might be associated to a single individual. If the same entity_id is associated to multiple quasi-identifier tuples over distinct rows, we consider the entire collection of tuples as the composite quasi-identifier. This collection is a multiset: the order in which the different tuples appear in the dataset is ignored, but their frequency is taken into account.

Important note: a maximum of 1000 rows can be associated to a single entity ID. If more rows are associated with the same entity ID, some might be ignored.

This object should have the same structure as EntityId

quasiIdsValues

Array of Object

Set of values defining the equivalence class. One value per quasi-identifier column in the original KAnonymity metric message. The order is always the same as the original request.

This object should have the same structure as Value

equivalenceClassSize

number

Size of the equivalence class, for example number of rows with the above set of values.

equivalenceClassSizeLowerBound

number

Lower bound on the size of the equivalence classes in this bucket.

equivalenceClassSizeUpperBound

number

Upper bound on the size of the equivalence classes in this bucket.

bucketSize

number

Total number of equivalence classes in this bucket.

bucketValues

Array of Object

Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20.

This object should have the same structure as KAnonymityEquivalenceClass

bucketValueCount

number

Total number of distinct equivalence classes in this bucket.

equivalenceClassHistogramBuckets

Array of Object

Histogram of k-anonymity equivalence classes.

This object should have the same structure as KAnonymityHistogramBucket

partitionId

Object

Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.

This object should have the same structure as PartitionId

path

Array of Object

The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a root entity, the second element identifies a child of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's ancestors.

A path can never be empty, and a path can have at most 100 elements.

This object should have the same structure as PathElement

name

string

The name of the kind.

quasiIds

Array of Object

Fields considered to be quasi-identifiers. No two columns can have the same tag. [required]

This object should have the same structure as TaggedField

regionCode

string

ISO 3166-1 alpha-2 region code to use in the statistical modeling. Required if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code.

auxiliaryTables

Array of Object

Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers column must appear in exactly one column of one auxiliary table.

This object should have the same structure as AuxiliaryTable

minAnonymity

number

Always positive.

maxAnonymity

number

Always greater than or equal to min_anonymity.

bucketSize

number

Number of records within these anonymity bounds.

bucketValues

Array of Object

Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.

This object should have the same structure as KMapEstimationQuasiIdValues

bucketValueCount

number

Total number of distinct quasi-identifier tuple values in this bucket.

quasiIdsValues

Array of Object

The quasi-identifier values.

This object should have the same structure as Value

estimatedAnonymity

number

The estimated anonymity for these quasi-identifier values.

kMapEstimationHistogram

Array of Object

The intervals [min_anonymity, max_anonymity] do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_anonymity: 1, max_anonymity: 1, frequency: 17} {min_anonymity: 2, max_anonymity: 3, frequency: 42} {min_anonymity: 5, max_anonymity: 10, frequency: 99} mean that there are no record with an estimated anonymity of 4, 5, or larger than 10.

This object should have the same structure as KMapEstimationHistogramBucket

wrappedKey

Buffer

The wrapped data crypto key. [required]

cryptoKeyName

string

The resource name of the KMS CryptoKey to use for unwrapping. [required]

outputPath

Object

Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.

This object should have the same structure as CloudStoragePath

cloudStorageFileSet

Object

Set of files containing newline-delimited lists of dictionary phrases.

This object should have the same structure as CloudStorageFileSet

bigQueryField

Object

Field in a BigQuery table where each cell represents a dictionary phrase.

This object should have the same structure as BigQueryField

approxNumPhrases

number

Approximate number of distinct phrases in the dictionary.

quasiIds

Array of Object

Set of quasi-identifiers indicating how equivalence classes are defined for the l-diversity computation. When multiple fields are specified, they are considered a single composite key.

This object should have the same structure as FieldId

sensitiveAttribute

Object

Sensitive field for computing the l-value.

This object should have the same structure as FieldId

quasiIdsValues

Array of Object

Quasi-identifier values defining the k-anonymity equivalence class. The order is always the same as the original request.

This object should have the same structure as Value

equivalenceClassSize

number

Size of the k-anonymity equivalence class.

numDistinctSensitiveValues

number

Number of distinct sensitive values in this equivalence class.

topSensitiveValues

Array of Object

Estimated frequencies of top sensitive values.

This object should have the same structure as ValueFrequency

sensitiveValueFrequencyLowerBound

number

Lower bound on the sensitive value frequencies of the equivalence classes in this bucket.

sensitiveValueFrequencyUpperBound

number

Upper bound on the sensitive value frequencies of the equivalence classes in this bucket.

bucketSize

number

Total number of equivalence classes in this bucket.

bucketValues

Array of Object

Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20.

This object should have the same structure as LDiversityEquivalenceClass

bucketValueCount

number

Total number of distinct equivalence classes in this bucket.

sensitiveValueFrequencyHistogramBuckets

Array of Object

Histogram of l-diversity equivalence class sensitive value frequencies.

This object should have the same structure as LDiversityHistogramBucket

fixedLikelihood

number

Set the likelihood of a finding to a fixed value.

The number should be among the values of Likelihood

relativeLikelihood

number

Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.

parent

string

The parent resource name, for example projects/my-project-id or organizations/my-org-id.

pageToken

string

Optional page token to continue retrieval. Comes from previous call to ListDeidentifyTemplates.

pageSize

number

Optional size of the page, can be limited by server. If zero server returns a page of max size 100.

orderBy

string

Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant.

Example: name asc,update_time, create_time desc

Supported fields are:

• create_time: corresponds to time the template was created.
• update_time: corresponds to time the template was last updated.
• name: corresponds to template's name.
• display_name: corresponds to template's display name.

deidentifyTemplates

Array of Object

List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.

This object should have the same structure as DeidentifyTemplate

nextPageToken

string

If the next page is available then the next page token to be used in following ListDeidentifyTemplates request.

parent

string

The parent resource name, for example projects/my-project-id.

filter

string

Optional. Allows filtering.

Supported syntax:

• Filter expressions are made up of one or more restrictions.
• Restrictions can be combined by AND or OR logical operators. A sequence of restrictions implicitly uses AND.
• A restriction has the form of <field> <operator> <value>.
• Supported fields/values for inspect jobs:
  • state - PENDING|RUNNING|CANCELED|FINISHED|FAILED
  • inspected_storage - DATASTORE|CLOUD_STORAGE|BIGQUERY
  • trigger_name - The resource name of the trigger that created job.
  • 'end_time` - Corresponds to time the job finished.
  • 'start_time` - Corresponds to time the job finished.
• Supported fields for risk analysis jobs:
  • state - RUNNING|CANCELED|FINISHED|FAILED
  • 'end_time` - Corresponds to time the job finished.
  • 'start_time` - Corresponds to time the job finished.
• The operator must be = or !=.

Examples:

• inspected_storage = cloud_storage AND state = done
• inspected_storage = cloud_storage OR inspected_storage = bigquery
• inspected_storage = cloud_storage AND (state = done OR state = canceled)
• end_time > "2017-12-12T00:00:00+00:00"

The length of this field should be no more than 500 characters.

pageSize

number

The standard list page size.

pageToken

string

The standard list page token.

type

number

The type of job. Defaults to DlpJobType.INSPECT

The number should be among the values of DlpJobType

orderBy

string

Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant.

Example: name asc, end_time asc, create_time desc

Supported fields are:

• create_time: corresponds to time the job was created.
• end_time: corresponds to time the job ended.
• name: corresponds to job's name.
• state: corresponds to state

jobs

Array of Object

A list of DlpJobs that matches the specified filter in the request.

This object should have the same structure as DlpJob

nextPageToken

string

The standard List next-page token.

languageCode

string

Optional BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned.

filter

string

Optional filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT.

infoTypes

Array of Object

Set of sensitive infoTypes.

This object should have the same structure as InfoTypeDescription

parent

string

The parent resource name, for example projects/my-project-id or organizations/my-org-id.

pageToken

string

Optional page token to continue retrieval. Comes from previous call to ListInspectTemplates.

pageSize

number

Optional size of the page, can be limited by server. If zero server returns a page of max size 100.

orderBy

string

Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant.

Example: name asc,update_time, create_time desc

Supported fields are:

• create_time: corresponds to time the template was created.
• update_time: corresponds to time the template was last updated.
• name: corresponds to template's name.
• display_name: corresponds to template's display name.

inspectTemplates

Array of Object

List of inspectTemplates, up to page_size in ListInspectTemplatesRequest.

This object should have the same structure as InspectTemplate

nextPageToken

string

If the next page is available then the next page token to be used in following ListInspectTemplates request.

parent

string

The parent resource name, for example projects/my-project-id.

pageToken

string

Optional page token to continue retrieval. Comes from previous call to ListJobTriggers. order_by field must not change for subsequent calls.

pageSize

number

Optional size of the page, can be limited by a server.

orderBy

string

Optional comma separated list of triggeredJob fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant.

Example: name asc,update_time, create_time desc

Supported fields are:

• create_time: corresponds to time the JobTrigger was created.
• update_time: corresponds to time the JobTrigger was last updated.
• last_run_time: corresponds to the last time the JobTrigger ran.
• name: corresponds to JobTrigger's name.
• display_name: corresponds to JobTrigger's display name.
• status: corresponds to JobTrigger's status.

filter

string

Optional. Allows filtering.

Supported syntax:

• Filter expressions are made up of one or more restrictions.
• Restrictions can be combined by AND or OR logical operators. A sequence of restrictions implicitly uses AND.
• A restriction has the form of <field> <operator> <value>.
• Supported fields/values for inspect jobs:
  • status - HEALTHY|PAUSED|CANCELLED
  • inspected_storage - DATASTORE|CLOUD_STORAGE|BIGQUERY
  • 'last_run_time` - RFC 3339 formatted timestamp, surrounded by quotation marks. Nanoseconds are ignored.
  • 'error_count' - Number of errors that have occurred while running.
• The operator must be = or != for status and inspected_storage.