On January 1, 2020 this library will no longer support Python 2 on the latest released version. Previously released library versions will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Cloud Data Loss Prevention (DLP) API Client¶

class google.cloud.dlp_v2.types.Action¶

A task to execute on the completion of a job. See https://cloud.google.com/dlp/docs/concepts-actions to learn more.

save_findings¶: Save resulting findings in a provided location.

pub_sub¶: Publish a notification to a pubsub topic.

publish_summary_to_cscc¶: Publish summary to Cloud Security Command Center (Alpha).

publish_findings_to_cloud_data_catalog¶: Publish findings to Cloud Datahub.

job_notification_emails¶: Enable email notification to project owners and editors on job’s completion/failure.

publish_to_stackdriver¶: Enable Stackdriver metric dlp.googleapis.com/finding_count.

class JobNotificationEmails¶: Enable email notification to project owners and editors on jobs’s completion/failure.

class PublishFindingsToCloudDataCatalog¶: Publish findings of a DlpJob to Cloud Data Catalog. Labels summarizing the results of the DlpJob will be applied to the entry for the resource scanned in Cloud Data Catalog. Any labels previously written by another DlpJob will be deleted. InfoType naming patterns are strictly enforced when using this feature. Note that the findings will be persisted in Cloud Data Catalog storage and are governed by Data Catalog service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified and only allowed if all resources being scanned are BigQuery tables. Compatible with: Inspect

class PublishSummaryToCscc¶: Publish the result summary of a DlpJob to the Cloud Security Command Center (CSCC Alpha). This action is only available for projects which are parts of an organization and whitelisted for the alpha Cloud Security Command Center. The action will publish count of finding instances and their info types. The summary of findings will be persisted in CSCC and are governed by CSCC service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified. Compatible with: Inspect

class PublishToPubSub¶

Publish a message into given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName, which is equal to the finished job’s `DlpJob.name </dlp/docs/reference/rest/v2/projects.dlpJobs#DlpJob>`__. Compatible with: Inspect, Risk

topic¶: Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.

topic: Field google.privacy.dlp.v2.Action.PublishToPubSub.topic

class PublishToStackdriver¶: Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as ‘Custom’ under the Stackdriver label ‘info_type’.

class SaveFindings¶

If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk

output_config¶: Field google.privacy.dlp.v2.Action.SaveFindings.output_config

job_notification_emails: Field google.privacy.dlp.v2.Action.job_notification_emails

pub_sub: Field google.privacy.dlp.v2.Action.pub_sub

publish_findings_to_cloud_data_catalog: Field google.privacy.dlp.v2.Action.publish_findings_to_cloud_data_catalog

publish_summary_to_cscc: Field google.privacy.dlp.v2.Action.publish_summary_to_cscc

publish_to_stackdriver: Field google.privacy.dlp.v2.Action.publish_to_stackdriver

save_findings: Field google.privacy.dlp.v2.Action.save_findings

class google.cloud.dlp_v2.types.ActivateJobTriggerRequest¶

Request message for ActivateJobTrigger.

name¶: Required. Resource name of the trigger to activate, for example projects/dlp-test-project/jobTriggers/53234423.

name: Field google.privacy.dlp.v2.ActivateJobTriggerRequest.name

class google.cloud.dlp_v2.types.AnalyzeDataSourceRiskDetails¶

Result of a risk analysis operation request.

requested_privacy_metric¶: Privacy metric to compute.

requested_source_table¶: Input dataset to compute metrics over.

result¶: Values associated with this metric.

class CategoricalStatsResult¶

Result of the categorical stats computation.

value_frequency_histogram_buckets¶: Histogram of value frequencies in the column.

class CategoricalStatsHistogramBucket¶

bucket_size¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket.bucket_size

bucket_value_count¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket.bucket_value_count

bucket_values¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket.bucket_values

value_frequency_lower_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket.value_frequency_lower_bound

value_frequency_upper_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket.value_frequency_upper_bound

value_frequency_histogram_buckets: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.CategoricalStatsResult.value_frequency_histogram_buckets

class DeltaPresenceEstimationResult¶

Result of the δ-presence computation. Note that these results are an estimation, not exact values.

delta_presence_estimation_histogram¶: The intervals [min_probability, max_probability) do not overlap. If a value doesn’t correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4.

class DeltaPresenceEstimationHistogramBucket¶

A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.

min_probability¶: Between 0 and 1.

max_probability¶: Always greater than or equal to min_probability.

bucket_size¶: Number of records within these probability bounds.

bucket_values¶: Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.

bucket_value_count¶: Total number of distinct quasi-identifier tuple values in this bucket.

bucket_size: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket.bucket_size

bucket_value_count: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket.bucket_value_count

bucket_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket.bucket_values

max_probability: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket.max_probability

min_probability: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket.min_probability

class DeltaPresenceEstimationQuasiIdValues¶

A tuple of values for the quasi-identifier columns.

quasi_ids_values¶: The quasi-identifier values.

estimated_probability¶: The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside and outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi- identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15.

estimated_probability: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationQuasiIdValues.estimated_probability

quasi_ids_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationQuasiIdValues.quasi_ids_values

delta_presence_estimation_histogram: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.delta_presence_estimation_histogram

class KAnonymityResult¶

Result of the k-anonymity computation.

equivalence_class_histogram_buckets¶: Histogram of k-anonymity equivalence classes.

class KAnonymityEquivalenceClass¶

The set of columns’ values that share the same ldiversity value

quasi_ids_values¶

Set of values defining the equivalence class. One value per quasi-identifier column in the original KAnonymity metric message. The order is always the same as the original request.

equivalence_class_size¶

Size of the equivalence class, for example number of rows with the above set of values.

equivalence_class_size: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityEquivalenceClass.equivalence_class_size

quasi_ids_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityEquivalenceClass.quasi_ids_values

class KAnonymityHistogramBucket¶

bucket_size¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket.bucket_size

bucket_value_count¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket.bucket_value_count

bucket_values¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket.bucket_values

equivalence_class_size_lower_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket.equivalence_class_size_lower_bound

equivalence_class_size_upper_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket.equivalence_class_size_upper_bound

equivalence_class_histogram_buckets: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KAnonymityResult.equivalence_class_histogram_buckets

class KMapEstimationResult¶

Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.

k_map_estimation_histogram¶: The intervals [min_anonymity, max_anonymity] do not overlap. If a value doesn’t correspond to any such interval, the associated frequency is zero. For example, the following records: {min_anonymity: 1, max_anonymity: 1, frequency: 17} {min_anonymity: 2, max_anonymity: 3, frequency: 42} {min_anonymity: 5, max_anonymity: 10, frequency: 99} mean that there are no record with an estimated anonymity of 4, 5, or larger than 10.

class KMapEstimationHistogramBucket¶

A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records.

min_anonymity¶: Always positive.

max_anonymity¶: Always greater than or equal to min_anonymity.

bucket_size¶: Number of records within these anonymity bounds.

bucket_values¶: Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20.

bucket_value_count¶: Total number of distinct quasi-identifier tuple values in this bucket.

bucket_size: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket.bucket_size

bucket_value_count: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket.bucket_value_count

bucket_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket.bucket_values

max_anonymity: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket.max_anonymity

min_anonymity: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket.min_anonymity

class KMapEstimationQuasiIdValues¶

A tuple of values for the quasi-identifier columns.

quasi_ids_values¶: The quasi-identifier values.

estimated_anonymity¶: The estimated anonymity for these quasi-identifier values.

estimated_anonymity: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationQuasiIdValues.estimated_anonymity

quasi_ids_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationQuasiIdValues.quasi_ids_values

k_map_estimation_histogram: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.KMapEstimationResult.k_map_estimation_histogram

class LDiversityResult¶

Result of the l-diversity computation.

sensitive_value_frequency_histogram_buckets¶: Histogram of l-diversity equivalence class sensitive value frequencies.

class LDiversityEquivalenceClass¶

The set of columns’ values that share the same ldiversity value.

quasi_ids_values¶: Quasi-identifier values defining the k-anonymity equivalence class. The order is always the same as the original request.

equivalence_class_size¶: Size of the k-anonymity equivalence class.

num_distinct_sensitive_values¶: Number of distinct sensitive values in this equivalence class.

top_sensitive_values¶: Estimated frequencies of top sensitive values.

equivalence_class_size: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityEquivalenceClass.equivalence_class_size

num_distinct_sensitive_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityEquivalenceClass.num_distinct_sensitive_values

quasi_ids_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityEquivalenceClass.quasi_ids_values

top_sensitive_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityEquivalenceClass.top_sensitive_values

class LDiversityHistogramBucket¶

bucket_size¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket.bucket_size

bucket_value_count¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket.bucket_value_count

bucket_values¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket.bucket_values

sensitive_value_frequency_lower_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket.sensitive_value_frequency_lower_bound

sensitive_value_frequency_upper_bound¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket.sensitive_value_frequency_upper_bound

sensitive_value_frequency_histogram_buckets: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.LDiversityResult.sensitive_value_frequency_histogram_buckets

class NumericalStatsResult¶

Result of the numerical stats computation.

min_value¶: Minimum value appearing in the column.

max_value¶: Maximum value appearing in the column.

quantile_values¶: List of 99 values that partition the set of field values into 100 equal sized buckets.

max_value: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.NumericalStatsResult.max_value

min_value: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.NumericalStatsResult.min_value

quantile_values: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.NumericalStatsResult.quantile_values

categorical_stats_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.categorical_stats_result

delta_presence_estimation_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.delta_presence_estimation_result

k_anonymity_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.k_anonymity_result

k_map_estimation_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.k_map_estimation_result

l_diversity_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.l_diversity_result

numerical_stats_result¶: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.numerical_stats_result

requested_privacy_metric: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.requested_privacy_metric

requested_source_table: Field google.privacy.dlp.v2.AnalyzeDataSourceRiskDetails.requested_source_table

class google.cloud.dlp_v2.types.Any¶

type_url¶: Field google.protobuf.Any.type_url

value¶: Field google.protobuf.Any.value

class google.cloud.dlp_v2.types.BigQueryField¶

Message defining a field of a BigQuery table.

table¶: Source table of the field.

field¶: Designated field in the BigQuery table.

field: Field google.privacy.dlp.v2.BigQueryField.field

table: Field google.privacy.dlp.v2.BigQueryField.table

class google.cloud.dlp_v2.types.BigQueryKey¶

Row key for identifying a record in BigQuery table.

table_reference¶: Complete BigQuery table reference.

row_number¶: Absolute number of the row from the beginning of the table at the time of scanning.

row_number: Field google.privacy.dlp.v2.BigQueryKey.row_number

table_reference: Field google.privacy.dlp.v2.BigQueryKey.table_reference

class google.cloud.dlp_v2.types.BigQueryOptions¶

Options defining BigQuery table and row identifiers.

table_reference¶: Complete BigQuery table reference.

identifying_fields¶: References to fields uniquely identifying rows within the table. Nested fields in the format, like person.birthdate.year, are allowed.

rows_limit¶: Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.

rows_limit_percent¶: Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.

excluded_fields¶: References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings.

excluded_fields: Field google.privacy.dlp.v2.BigQueryOptions.excluded_fields

identifying_fields: Field google.privacy.dlp.v2.BigQueryOptions.identifying_fields

rows_limit: Field google.privacy.dlp.v2.BigQueryOptions.rows_limit

rows_limit_percent: Field google.privacy.dlp.v2.BigQueryOptions.rows_limit_percent

sample_method¶: Field google.privacy.dlp.v2.BigQueryOptions.sample_method

table_reference: Field google.privacy.dlp.v2.BigQueryOptions.table_reference

class google.cloud.dlp_v2.types.BigQueryTable¶

Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: <project_id>:<dataset_id>.<table_id> or <project_id>.<dataset_id>.<table_id>.

project_id¶: The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.

dataset_id¶: Dataset ID of the table.

table_id¶: Name of the table.

dataset_id: Field google.privacy.dlp.v2.BigQueryTable.dataset_id

project_id: Field google.privacy.dlp.v2.BigQueryTable.project_id

table_id: Field google.privacy.dlp.v2.BigQueryTable.table_id

class google.cloud.dlp_v2.types.BoundingBox¶

Bounding box encompassing detected text within an image.

top¶: Top coordinate of the bounding box. (0,0) is upper left.

left¶: Left coordinate of the bounding box. (0,0) is upper left.

width¶: Width of the bounding box in pixels.

height¶: Height of the bounding box in pixels.

height: Field google.privacy.dlp.v2.BoundingBox.height

left: Field google.privacy.dlp.v2.BoundingBox.left

top: Field google.privacy.dlp.v2.BoundingBox.top

width: Field google.privacy.dlp.v2.BoundingBox.width

class google.cloud.dlp_v2.types.BucketingConfig¶

Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.

buckets¶: Set of buckets. Ranges must be non-overlapping.

class Bucket¶

Bucket is represented as a range, along with replacement values.

min¶: Lower bound of the range, inclusive. Type should be the same as max if used.

max¶: Upper bound of the range, exclusive; type must match min.

replacement_value¶: Replacement value for this bucket. If not provided the default behavior will be to hyphenate the min-max range.

max: Field google.privacy.dlp.v2.BucketingConfig.Bucket.max

min: Field google.privacy.dlp.v2.BucketingConfig.Bucket.min

replacement_value: Field google.privacy.dlp.v2.BucketingConfig.Bucket.replacement_value

buckets: Field google.privacy.dlp.v2.BucketingConfig.buckets

class google.cloud.dlp_v2.types.ByteContentItem¶

Container for bytes to inspect or redact.

type¶: The type of data stored in the bytes string. Default will be TEXT_UTF8.

data¶: Content data to inspect or redact.

data: Field google.privacy.dlp.v2.ByteContentItem.data

type: Field google.privacy.dlp.v2.ByteContentItem.type

class google.cloud.dlp_v2.types.CancelDlpJobRequest¶

The request message for canceling a DLP job.

name¶: Required. The name of the DlpJob resource to be cancelled.

name: Field google.privacy.dlp.v2.CancelDlpJobRequest.name

class google.cloud.dlp_v2.types.CharacterMaskConfig¶

Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we’ll attempt to preserve the original data’s type. (This allows you to take a long like 123 and modify it to a string like **3.

masking_character¶: Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for strings, and 0 for digits.

number_to_mask¶: Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.

reverse_order¶: Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the input string 1234-5678-9012-3456 is masked as 00000000000000-3456. If masking_character is *, number_to_mask is 3, and reverse_order is true, then the string 12345 is masked as 12***.

characters_to_ignore¶: When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is 555-555-5555 and you instruct Cloud DLP to skip - and mask 5 characters with *, Cloud DLP returns ***-**5-5555.

characters_to_ignore: Field google.privacy.dlp.v2.CharacterMaskConfig.characters_to_ignore

masking_character: Field google.privacy.dlp.v2.CharacterMaskConfig.masking_character

number_to_mask: Field google.privacy.dlp.v2.CharacterMaskConfig.number_to_mask

reverse_order: Field google.privacy.dlp.v2.CharacterMaskConfig.reverse_order

class google.cloud.dlp_v2.types.CharsToIgnore¶

Characters to skip when doing deidentification of a value. These will be left alone and skipped.

characters_to_skip¶: Field google.privacy.dlp.v2.CharsToIgnore.characters_to_skip

common_characters_to_ignore¶: Field google.privacy.dlp.v2.CharsToIgnore.common_characters_to_ignore

class google.cloud.dlp_v2.types.CloudStorageFileSet¶

Message representing a set of files in Cloud Storage.

url¶: The url, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed.

url: Field google.privacy.dlp.v2.CloudStorageFileSet.url

class google.cloud.dlp_v2.types.CloudStorageOptions¶

Options defining a file or a set of files within a Google Cloud Storage bucket.

file_set¶: The set of one or more files to scan.

bytes_limit_per_file¶: Max number of bytes to scan from a file. If a scanned file’s size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.

bytes_limit_per_file_percent¶: Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified.

file_types¶: List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well.

files_limit_percent¶: Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0.

class FileSet¶

Set of files to scan.

url¶: The Cloud Storage url of the file(s) to scan, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non- recursively (content in sub-directories will not be scanned). This means that gs://mybucket/ is equivalent to gs://mybucket/*, and gs://mybucket/directory/ is equivalent to gs://mybucket/directory/*. Exactly one of url or regex_file_set must be set.

regex_file_set¶: The regex-filtered set of files to scan. Exactly one of url or regex_file_set must be set.

regex_file_set: Field google.privacy.dlp.v2.CloudStorageOptions.FileSet.regex_file_set

url: Field google.privacy.dlp.v2.CloudStorageOptions.FileSet.url

bytes_limit_per_file: Field google.privacy.dlp.v2.CloudStorageOptions.bytes_limit_per_file

bytes_limit_per_file_percent: Field google.privacy.dlp.v2.CloudStorageOptions.bytes_limit_per_file_percent

file_set: Field google.privacy.dlp.v2.CloudStorageOptions.file_set

file_types: Field google.privacy.dlp.v2.CloudStorageOptions.file_types

files_limit_percent: Field google.privacy.dlp.v2.CloudStorageOptions.files_limit_percent

sample_method¶: Field google.privacy.dlp.v2.CloudStorageOptions.sample_method

class google.cloud.dlp_v2.types.CloudStoragePath¶

Message representing a single file or path in Cloud Storage.

path¶: A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

path: Field google.privacy.dlp.v2.CloudStoragePath.path

class google.cloud.dlp_v2.types.CloudStorageRegexFileSet¶

Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include.

Included files are those that match at least one item in include_regex and do not match any items in exclude_regex. Note that a file that matches items from both lists will not be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression.

For example, given the input {bucket_name: "mybucket", include_regex: ["directory1/.*"], exclude_regex: ["directory1/excluded.*"]}:

gs://mybucket/directory1/myfile will be included
gs://mybucket/directory1/directory2/myfile will be included (.* matches across /)
gs://mybucket/directory0/directory1/myfile will not be included (the full path doesn’t match any items in include_regex)
gs://mybucket/directory1/excludedfile will not be included (the path matches an item in exclude_regex)

If include_regex is left empty, it will match all files by default (this is equivalent to setting include_regex: [".*"]).

Some other common use cases:

{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]} will include all files in mybucket except for .pdf files
{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]} will include all files directly under gs://mybucket/directory/, without matching across /

bucket_name¶: The name of a Cloud Storage bucket. Required.

include_regex¶: A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in exclude_regex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list). Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

exclude_regex¶: A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

bucket_name: Field google.privacy.dlp.v2.CloudStorageRegexFileSet.bucket_name

exclude_regex: Field google.privacy.dlp.v2.CloudStorageRegexFileSet.exclude_regex

include_regex: Field google.privacy.dlp.v2.CloudStorageRegexFileSet.include_regex

class google.cloud.dlp_v2.types.Color¶

Represents a color in the RGB color space.

red¶: The amount of red in the color as a value in the interval [0, 1].

green¶: The amount of green in the color as a value in the interval [0, 1].

blue¶: The amount of blue in the color as a value in the interval [0, 1].

blue: Field google.privacy.dlp.v2.Color.blue

green: Field google.privacy.dlp.v2.Color.green

red: Field google.privacy.dlp.v2.Color.red

class google.cloud.dlp_v2.types.ContentItem¶

Container structure for the content to inspect.

data_item¶: Data of the item either in the byte array or UTF-8 string form, or table.

value¶: String data to inspect or redact.

table¶: Structured content for inspection. See https://cloud.google.com/dlp/docs/inspecting- text#inspecting_a_table to learn more.

byte_item¶: Content data to inspect or redact. Replaces type and data.

byte_item: Field google.privacy.dlp.v2.ContentItem.byte_item

table: Field google.privacy.dlp.v2.ContentItem.table

value: Field google.privacy.dlp.v2.ContentItem.value

class google.cloud.dlp_v2.types.ContentLocation¶

Findings container location data.

container_name¶: Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows: - BigQuery tables: <project_id>:<dataset_id>.<table_id> - Cloud Storage files: gs://<bucket>/<path> - Datastore namespace: Nested names could be absent if the embedded object has no string identifier (for an example an image contained within a document).

location¶: Type of the container within the file with location of the finding.

record_location¶: Location within a row or record of a database table.

image_location¶: Location within an image’s pixels.

document_location¶: Location data for document files.

container_timestamp¶: Findings container modification timestamp, if applicable. For Google Cloud Storage contains last file modification timestamp. For BigQuery table contains last_modified_time property. For Datastore - not populated.

container_version¶: Findings container version, if available (“generation” for Google Cloud Storage).

container_name: Field google.privacy.dlp.v2.ContentLocation.container_name

container_timestamp: Field google.privacy.dlp.v2.ContentLocation.container_timestamp

container_version: Field google.privacy.dlp.v2.ContentLocation.container_version

document_location: Field google.privacy.dlp.v2.ContentLocation.document_location

image_location: Field google.privacy.dlp.v2.ContentLocation.image_location

record_location: Field google.privacy.dlp.v2.ContentLocation.record_location

class google.cloud.dlp_v2.types.CreateDeidentifyTemplateRequest¶

Request message for CreateDeidentifyTemplate.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

deidentify_template¶: The DeidentifyTemplate to create.

template_id¶: The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

location_id¶: The geographic location to store the deidentification template. Reserved for future extensions.

deidentify_template: Field google.privacy.dlp.v2.CreateDeidentifyTemplateRequest.deidentify_template

location_id: Field google.privacy.dlp.v2.CreateDeidentifyTemplateRequest.location_id

parent: Field google.privacy.dlp.v2.CreateDeidentifyTemplateRequest.parent

template_id: Field google.privacy.dlp.v2.CreateDeidentifyTemplateRequest.template_id

class google.cloud.dlp_v2.types.CreateDlpJobRequest¶

Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage.

parent¶: Required. The parent resource name, for example projects/my- project-id.

job¶: The configuration details for the specific type of job to run.

job_id¶: The job id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

location_id¶: The geographic location to store and process the job. Reserved for future extensions.

inspect_job¶: Field google.privacy.dlp.v2.CreateDlpJobRequest.inspect_job

job_id: Field google.privacy.dlp.v2.CreateDlpJobRequest.job_id

location_id: Field google.privacy.dlp.v2.CreateDlpJobRequest.location_id

parent: Field google.privacy.dlp.v2.CreateDlpJobRequest.parent

risk_job¶: Field google.privacy.dlp.v2.CreateDlpJobRequest.risk_job

class google.cloud.dlp_v2.types.CreateInspectTemplateRequest¶

Request message for CreateInspectTemplate.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

inspect_template¶: The InspectTemplate to create.

template_id¶: The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

location_id¶: The geographic location to store the inspection template. Reserved for future extensions.

inspect_template: Field google.privacy.dlp.v2.CreateInspectTemplateRequest.inspect_template

location_id: Field google.privacy.dlp.v2.CreateInspectTemplateRequest.location_id

parent: Field google.privacy.dlp.v2.CreateInspectTemplateRequest.parent

template_id: Field google.privacy.dlp.v2.CreateInspectTemplateRequest.template_id

class google.cloud.dlp_v2.types.CreateJobTriggerRequest¶

Request message for CreateJobTrigger.

parent¶: Required. The parent resource name, for example projects/my- project-id.

job_trigger¶: The JobTrigger to create.

trigger_id¶: The trigger id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

location_id¶: The geographic location to store the job trigger. Reserved for future extensions.

job_trigger: Field google.privacy.dlp.v2.CreateJobTriggerRequest.job_trigger

location_id: Field google.privacy.dlp.v2.CreateJobTriggerRequest.location_id

parent: Field google.privacy.dlp.v2.CreateJobTriggerRequest.parent

trigger_id: Field google.privacy.dlp.v2.CreateJobTriggerRequest.trigger_id

class google.cloud.dlp_v2.types.CreateStoredInfoTypeRequest¶

Request message for CreateStoredInfoType.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

config¶: Configuration of the storedInfoType to create.

stored_info_type_id¶: The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

location_id¶: The geographic location to store the stored infoType. Reserved for future extensions.

config: Field google.privacy.dlp.v2.CreateStoredInfoTypeRequest.config

location_id: Field google.privacy.dlp.v2.CreateStoredInfoTypeRequest.location_id

parent: Field google.privacy.dlp.v2.CreateStoredInfoTypeRequest.parent

stored_info_type_id: Field google.privacy.dlp.v2.CreateStoredInfoTypeRequest.stored_info_type_id

class google.cloud.dlp_v2.types.CryptoDeterministicConfig¶

Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.

crypto_key¶: The key used by the encryption function.

surrogate_info_type¶: The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: (): For example, if the name of custom info type is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom info type ‘Surrogate’. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are optional to use. Surrogates are used to denote the location of the token and are necessary for re- identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE.

context¶: Optional. A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and non-structured ContentItems.

context: Field google.privacy.dlp.v2.CryptoDeterministicConfig.context

crypto_key: Field google.privacy.dlp.v2.CryptoDeterministicConfig.crypto_key

surrogate_info_type: Field google.privacy.dlp.v2.CryptoDeterministicConfig.surrogate_info_type

class google.cloud.dlp_v2.types.CryptoHashConfig¶

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more.

crypto_key¶: The key used by the hash function.

crypto_key: Field google.privacy.dlp.v2.CryptoHashConfig.crypto_key

class google.cloud.dlp_v2.types.CryptoKey¶

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key.

kms_wrapped¶: Field google.privacy.dlp.v2.CryptoKey.kms_wrapped

transient¶: Field google.privacy.dlp.v2.CryptoKey.transient

unwrapped¶: Field google.privacy.dlp.v2.CryptoKey.unwrapped

class google.cloud.dlp_v2.types.CryptoReplaceFfxFpeConfig¶

Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the ReidentifyContent API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more.

Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.

crypto_key¶: The key used by the encryption algorithm. [required]

context¶: The ‘tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and non-structured ContentItems. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2

custom_alphabet¶: This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter.

radix¶: The native way to select the alphabet. Must be in the range [2, 95].

surrogate_info_type¶: The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’ This annotation identifies the surrogate when inspecting content using the custom infoType `SurrogateType </dlp/docs/reference/rest/v2/InspectConfig#surrogatetype>`__. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

common_alphabet¶: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.common_alphabet

context: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.context

crypto_key: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.crypto_key

custom_alphabet: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.custom_alphabet

radix: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.radix

surrogate_info_type: Field google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.surrogate_info_type

class google.cloud.dlp_v2.types.CustomInfoType¶

Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question.

info_type¶: CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in InspectContent.info_types field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in InspectContent.info_types list then the name is treated as a custom info type.

likelihood¶: Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to VERY_LIKELY if not specified.

dictionary¶: A list of phrases to detect as a CustomInfoType.

regex¶: Regular expression based CustomInfoType.

surrogate_type¶: Message for detecting output from deidentification transformations that support reversing.

stored_type¶: Load an existing StoredInfoType resource for use in InspectDataSource. Not currently supported in InspectContent.

detection_rules¶: Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the surrogate_type CustomInfoType.

exclusion_type¶: If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching.

class DetectionRule¶

Deprecated; use InspectionRuleSet instead. Rule for modifying a CustomInfoType to alter behavior under certain circumstances, depending on the specific details of the rule. Not supported for the surrogate_type custom infoType.

hotword_rule¶: Hotword-based detection rule.

class HotwordRule¶

The rule that adjusts the likelihood of findings within a certain proximity of hotwords.

hotword_regex¶: Regular expression pattern defining what qualifies as a hotword.

proximity¶: Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex “(d{3}) d{3}-d{4} ” could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex “(xxx)”, where “xxx” is the area code in question.

likelihood_adjustment¶: Likelihood adjustment to apply to all matching findings.

hotword_regex: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule.hotword_regex

likelihood_adjustment: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule.likelihood_adjustment

proximity: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule.proximity

class LikelihoodAdjustment¶

Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.

fixed_likelihood¶: Set the likelihood of a finding to a fixed value.

relative_likelihood¶: Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY.

fixed_likelihood: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.LikelihoodAdjustment.fixed_likelihood

relative_likelihood: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.LikelihoodAdjustment.relative_likelihood

class Proximity¶

Message for specifying a window around a finding to apply a detection rule.

window_before¶: Number of characters before the finding to consider.

window_after¶: Number of characters after the finding to consider.

window_after: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.Proximity.window_after

window_before: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.Proximity.window_before

hotword_rule: Field google.privacy.dlp.v2.CustomInfoType.DetectionRule.hotword_rule

class Dictionary¶

Custom information type based on a dictionary of words or phrases. This can be used to match sensitive information specific to the data, such as a list of employee IDs or job titles.

Dictionary words are case-insensitive and all characters other than letters and digits in the unicode Basic Multilingual Plane will be replaced with whitespace when scanning for matches, so the dictionary phrase “Sam Johnson” will match all three phrases “sam johnson”, “Sam, Johnson”, and “Sam (Johnson)”. Additionally, the characters surrounding any match must be of a different type than the adjacent characters within the word, so letters must be next to non-letters and digits next to non-digits. For example, the dictionary word “jen” will match the first three letters of the text “jen123” but will return no matches for “jennifer”.

Dictionary words containing a large number of characters that are not letters or digits may result in unexpected findings because such characters are treated as whitespace. The limits page contains details about the size limits of dictionaries. For dictionaries that do not fit within these constraints, consider using LargeCustomDictionaryConfig in the StoredInfoType API.

word_list¶: List of words or phrases to search for.

cloud_storage_path¶: Newline-delimited file of words in Cloud Storage. Only a single file is accepted.

class WordList¶

Message defining a list of words or phrases to search for in the data.

words¶: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]

words: Field google.privacy.dlp.v2.CustomInfoType.Dictionary.WordList.words

cloud_storage_path: Field google.privacy.dlp.v2.CustomInfoType.Dictionary.cloud_storage_path

word_list: Field google.privacy.dlp.v2.CustomInfoType.Dictionary.word_list

class Regex¶

Message defining a custom regular expression.

pattern¶: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

group_indexes¶: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

group_indexes: Field google.privacy.dlp.v2.CustomInfoType.Regex.group_indexes

pattern: Field google.privacy.dlp.v2.CustomInfoType.Regex.pattern

class SurrogateType¶: Message for detecting output from deidentification transformations such as `CryptoReplaceFfxFpeConfig </dlp/docs/reference/rest/v2/organizations.deidentifyTemplates#cryptoreplaceffxfpeconfig>`__. These types of transformations are those that perform pseudonymization, thereby producing a “surrogate” as output. This should be used in conjunction with a field on the transformation such as surrogate_info_type. This CustomInfoType does not support the use of detection_rules.

detection_rules: Field google.privacy.dlp.v2.CustomInfoType.detection_rules

dictionary: Field google.privacy.dlp.v2.CustomInfoType.dictionary

exclusion_type: Field google.privacy.dlp.v2.CustomInfoType.exclusion_type

info_type: Field google.privacy.dlp.v2.CustomInfoType.info_type

likelihood: Field google.privacy.dlp.v2.CustomInfoType.likelihood

regex: Field google.privacy.dlp.v2.CustomInfoType.regex

stored_type: Field google.privacy.dlp.v2.CustomInfoType.stored_type

surrogate_type: Field google.privacy.dlp.v2.CustomInfoType.surrogate_type

class google.cloud.dlp_v2.types.DatastoreKey¶

Record key for a finding in Cloud Datastore.

entity_key¶: Datastore entity key.

entity_key: Field google.privacy.dlp.v2.DatastoreKey.entity_key

class google.cloud.dlp_v2.types.DatastoreOptions¶

Options defining a data set within Google Cloud Datastore.

partition_id¶: A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.

kind¶: The kind to process.

kind: Field google.privacy.dlp.v2.DatastoreOptions.kind

partition_id: Field google.privacy.dlp.v2.DatastoreOptions.partition_id

class google.cloud.dlp_v2.types.Date¶

day¶: Field google.type.Date.day

month¶: Field google.type.Date.month

year¶: Field google.type.Date.year

class google.cloud.dlp_v2.types.DateShiftConfig¶

Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.

upper_bound_days¶: Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. [Required]

lower_bound_days¶: For example, -5 means shift date to at most 5 days back in the past. [Required]

context¶: Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.

method¶: Method for calculating shift that takes context into consideration. If set, must also set context. Can only be applied to table items.

crypto_key¶: Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.

context: Field google.privacy.dlp.v2.DateShiftConfig.context

crypto_key: Field google.privacy.dlp.v2.DateShiftConfig.crypto_key

lower_bound_days: Field google.privacy.dlp.v2.DateShiftConfig.lower_bound_days

upper_bound_days: Field google.privacy.dlp.v2.DateShiftConfig.upper_bound_days

class google.cloud.dlp_v2.types.DateTime¶

Message for a date time object. e.g. 2018-01-01, 5th August.

date¶: One or more of the following must be set. All fields are optional, but when set must be valid date or time values.

class TimeZone¶

offset_minutes¶: Field google.privacy.dlp.v2.DateTime.TimeZone.offset_minutes

date: Field google.privacy.dlp.v2.DateTime.date

day_of_week¶: Field google.privacy.dlp.v2.DateTime.day_of_week

time¶: Field google.privacy.dlp.v2.DateTime.time

time_zone¶: Field google.privacy.dlp.v2.DateTime.time_zone

class google.cloud.dlp_v2.types.DeidentifyConfig¶

The configuration that controls how the data will change.

info_type_transformations¶: Treat the dataset as free-form text and apply the same free text transformation everywhere.

record_transformations¶: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.

info_type_transformations: Field google.privacy.dlp.v2.DeidentifyConfig.info_type_transformations

record_transformations: Field google.privacy.dlp.v2.DeidentifyConfig.record_transformations

class google.cloud.dlp_v2.types.DeidentifyContentRequest¶

Request to de-identify a list of items.

parent¶: The parent resource name, for example projects/my-project-id.

deidentify_config¶: Configuration for the de-identification of the content item. Items specified here will override the template referenced by the deidentify_template_name argument.

inspect_config¶: Configuration for the inspector. Items specified here will override the template referenced by the inspect_template_name argument.

item¶: The item to de-identify. Will be treated as text.

inspect_template_name¶: Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

deidentify_template_name¶: Optional template to use. Any configuration directly specified in deidentify_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

location_id¶: The geographic location to process de-identification. Reserved for future extensions.

deidentify_config: Field google.privacy.dlp.v2.DeidentifyContentRequest.deidentify_config

deidentify_template_name: Field google.privacy.dlp.v2.DeidentifyContentRequest.deidentify_template_name

inspect_config: Field google.privacy.dlp.v2.DeidentifyContentRequest.inspect_config

inspect_template_name: Field google.privacy.dlp.v2.DeidentifyContentRequest.inspect_template_name

item: Field google.privacy.dlp.v2.DeidentifyContentRequest.item

location_id: Field google.privacy.dlp.v2.DeidentifyContentRequest.location_id

parent: Field google.privacy.dlp.v2.DeidentifyContentRequest.parent

class google.cloud.dlp_v2.types.DeidentifyContentResponse¶

Results of de-identifying a ContentItem.

item¶: The de-identified item.

overview¶: An overview of the changes that were made on the item.

item: Field google.privacy.dlp.v2.DeidentifyContentResponse.item

overview: Field google.privacy.dlp.v2.DeidentifyContentResponse.overview

class google.cloud.dlp_v2.types.DeidentifyTemplate¶

DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

name¶: The template name. Output only. The template will have one of the following formats: projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID OR o rganizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID

display_name¶: Display name (max 256 chars).

description¶: Short description (max 256 chars).

create_time¶: The creation timestamp of an inspectTemplate, output only field.

update_time¶: The last update timestamp of an inspectTemplate, output only field.

deidentify_config¶: ///////////// // The core content of the template // ///////////////

create_time: Field google.privacy.dlp.v2.DeidentifyTemplate.create_time

deidentify_config: Field google.privacy.dlp.v2.DeidentifyTemplate.deidentify_config

description: Field google.privacy.dlp.v2.DeidentifyTemplate.description

display_name: Field google.privacy.dlp.v2.DeidentifyTemplate.display_name

name: Field google.privacy.dlp.v2.DeidentifyTemplate.name

update_time: Field google.privacy.dlp.v2.DeidentifyTemplate.update_time

class google.cloud.dlp_v2.types.DeleteDeidentifyTemplateRequest¶

Request message for DeleteDeidentifyTemplate.

name¶: Required. Resource name of the organization and deidentify template to be deleted, for example organizations/433245324/deidentifyTemplates/432452342 or projects/project-id/deidentifyTemplates/432452342.

name: Field google.privacy.dlp.v2.DeleteDeidentifyTemplateRequest.name

class google.cloud.dlp_v2.types.DeleteDlpJobRequest¶

The request message for deleting a DLP job.

name¶: Required. The name of the DlpJob resource to be deleted.

name: Field google.privacy.dlp.v2.DeleteDlpJobRequest.name

class google.cloud.dlp_v2.types.DeleteInspectTemplateRequest¶

Request message for DeleteInspectTemplate.

name¶: Required. Resource name of the organization and inspectTemplate to be deleted, for example organizations/433245324/inspectTemplates/432452342 or projects/project-id/inspectTemplates/432452342.

name: Field google.privacy.dlp.v2.DeleteInspectTemplateRequest.name

class google.cloud.dlp_v2.types.DeleteJobTriggerRequest¶

Request message for DeleteJobTrigger.

name¶: Required. Resource name of the project and the triggeredJob, for example projects/dlp-test- project/jobTriggers/53234423.

name: Field google.privacy.dlp.v2.DeleteJobTriggerRequest.name

class google.cloud.dlp_v2.types.DeleteStoredInfoTypeRequest¶

Request message for DeleteStoredInfoType.

name¶: Required. Resource name of the organization and storedInfoType to be deleted, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

name: Field google.privacy.dlp.v2.DeleteStoredInfoTypeRequest.name

class google.cloud.dlp_v2.types.DlpJob¶

Combines all of the information about a DLP job.

name¶: The server-assigned name.

type¶: The type of job.

state¶: State of a job.

risk_details¶: Results from analyzing risk of a data source.

inspect_details¶: Results from inspecting a data source.

create_time¶: Time when the job was created.

start_time¶: Time when the job started.

end_time¶: Time when the job finished.

job_trigger_name¶: If created by a job trigger, the resource name of the trigger that instantiated the job.

errors¶: A stream of errors encountered running the job.

create_time: Field google.privacy.dlp.v2.DlpJob.create_time

end_time: Field google.privacy.dlp.v2.DlpJob.end_time

errors: Field google.privacy.dlp.v2.DlpJob.errors

inspect_details: Field google.privacy.dlp.v2.DlpJob.inspect_details

job_trigger_name: Field google.privacy.dlp.v2.DlpJob.job_trigger_name

name: Field google.privacy.dlp.v2.DlpJob.name

risk_details: Field google.privacy.dlp.v2.DlpJob.risk_details

start_time: Field google.privacy.dlp.v2.DlpJob.start_time

state: Field google.privacy.dlp.v2.DlpJob.state

type: Field google.privacy.dlp.v2.DlpJob.type

class google.cloud.dlp_v2.types.DocumentLocation¶

Location of a finding within a document.

file_offset¶: Offset of the line, from the beginning of the file, where the finding is located.

file_offset: Field google.privacy.dlp.v2.DocumentLocation.file_offset

class google.cloud.dlp_v2.types.Duration¶

nanos¶: Field google.protobuf.Duration.nanos

seconds¶: Field google.protobuf.Duration.seconds

class google.cloud.dlp_v2.types.Empty¶

class google.cloud.dlp_v2.types.EntityId¶

An entity in a dataset is a field or set of fields that correspond to a single person. For example, in medical records the EntityId might be a patient identifier, or for financial records it might be an account identifier. This message is used when generalizations or analysis must take into account that multiple rows correspond to the same entity.

field¶: Composite key indicating which field contains the entity identifier.

field: Field google.privacy.dlp.v2.EntityId.field

class google.cloud.dlp_v2.types.Error¶

Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger. Output only field.

timestamps¶: The times the error occurred.

details¶: Field google.privacy.dlp.v2.Error.details

timestamps: Field google.privacy.dlp.v2.Error.timestamps

class google.cloud.dlp_v2.types.ExcludeInfoTypes¶

List of exclude infoTypes.

info_types¶: InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for InspectionRuleSet.info_types containing “PHONE_NUMBER”andexclusion_rulecontaining exclude_info_types.info_types` with “EMAIL_ADDRESS” the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to “555-222-2222@example.org” to generate only a single finding, namely email address.

info_types: Field google.privacy.dlp.v2.ExcludeInfoTypes.info_types

class google.cloud.dlp_v2.types.ExclusionRule¶

The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.

dictionary¶: Dictionary which defines the rule.

regex¶: Regular expression which defines the rule.

exclude_info_types¶: Set of infoTypes for which findings would affect this rule.

matching_type¶: How the rule is applied, see MatchingType documentation for details.

dictionary: Field google.privacy.dlp.v2.ExclusionRule.dictionary

exclude_info_types: Field google.privacy.dlp.v2.ExclusionRule.exclude_info_types

matching_type: Field google.privacy.dlp.v2.ExclusionRule.matching_type

regex: Field google.privacy.dlp.v2.ExclusionRule.regex

class google.cloud.dlp_v2.types.FieldId¶

General identifier of a data field in a storage service.

name¶: Name describing the field.

name: Field google.privacy.dlp.v2.FieldId.name

class google.cloud.dlp_v2.types.FieldMask¶

paths¶: Field google.protobuf.FieldMask.paths

class google.cloud.dlp_v2.types.FieldTransformation¶

The transformation to apply to the field.

fields¶: Input field(s) to apply the transformation to. [required]

condition¶: Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. [optional] Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.

transformation¶: Transformation to apply. [required]

primitive_transformation¶: Apply the transformation to the entire field.

info_type_transformations¶: Treat the contents of the field as free text, and selectively transform content that matches an InfoType.

condition: Field google.privacy.dlp.v2.FieldTransformation.condition

fields: Field google.privacy.dlp.v2.FieldTransformation.fields

info_type_transformations: Field google.privacy.dlp.v2.FieldTransformation.info_type_transformations

primitive_transformation: Field google.privacy.dlp.v2.FieldTransformation.primitive_transformation

class google.cloud.dlp_v2.types.Finding¶

Represents a piece of potentially sensitive content.

quote¶: The content that was found. Even if the content is not textual, it may be converted to a textual representation here. Provided if include_quote is true and the finding is less than or equal to 4096 bytes long. If the finding exceeds 4096 bytes in length, the quote may be omitted.

info_type¶: The type of content that might have been found. Provided if excluded_types is false.

likelihood¶: Confidence of how likely it is that the info_type is correct.

location¶: Where the content was found.

create_time¶: Timestamp when finding was detected.

quote_info¶: Contains data parsed from quotes. Only populated if include_quote was set to true and a supported infoType was requested. Currently supported infoTypes: DATE, DATE_OF_BIRTH and TIME.

create_time: Field google.privacy.dlp.v2.Finding.create_time

info_type: Field google.privacy.dlp.v2.Finding.info_type

likelihood: Field google.privacy.dlp.v2.Finding.likelihood

location: Field google.privacy.dlp.v2.Finding.location

quote: Field google.privacy.dlp.v2.Finding.quote

quote_info: Field google.privacy.dlp.v2.Finding.quote_info

class google.cloud.dlp_v2.types.FixedSizeBucketingConfig¶

Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.

The transformed value will be a hyphenated string of -, i.e if lower_bound = 10 and upper_bound = 20 all values that are within this bucket will be replaced with “10-20”.

This can be used on data of type: double, long.

If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.

See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.

lower_bound¶: Lower bound value of buckets. All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value “-10”. [Required].

upper_bound¶: Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value “89+”. [Required].

bucket_size¶: Size of each bucket (except for minimum and maximum buckets). So if lower_bound = 10, upper_bound = 89, and bucket_size = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works. [Required].

bucket_size: Field google.privacy.dlp.v2.FixedSizeBucketingConfig.bucket_size

lower_bound: Field google.privacy.dlp.v2.FixedSizeBucketingConfig.lower_bound

upper_bound: Field google.privacy.dlp.v2.FixedSizeBucketingConfig.upper_bound

class google.cloud.dlp_v2.types.GetDeidentifyTemplateRequest¶

Request message for GetDeidentifyTemplate.

name¶: Required. Resource name of the organization and deidentify template to be read, for example organizations/433245324/deidentifyTemplates/432452342 or projects/project-id/deidentifyTemplates/432452342.

name: Field google.privacy.dlp.v2.GetDeidentifyTemplateRequest.name

class google.cloud.dlp_v2.types.GetDlpJobRequest¶

The request message for [DlpJobs.GetDlpJob][].

name¶: Required. The name of the DlpJob resource.

name: Field google.privacy.dlp.v2.GetDlpJobRequest.name

class google.cloud.dlp_v2.types.GetInspectTemplateRequest¶

Request message for GetInspectTemplate.

name¶: Required. Resource name of the organization and inspectTemplate to be read, for example organizations/433245324/inspectTemplates/432452342 or projects/project-id/inspectTemplates/432452342.

name: Field google.privacy.dlp.v2.GetInspectTemplateRequest.name

class google.cloud.dlp_v2.types.GetJobTriggerRequest¶

Request message for GetJobTrigger.

name¶: Required. Resource name of the project and the triggeredJob, for example projects/dlp-test- project/jobTriggers/53234423.

name: Field google.privacy.dlp.v2.GetJobTriggerRequest.name

class google.cloud.dlp_v2.types.GetStoredInfoTypeRequest¶

Request message for GetStoredInfoType.

name¶: Required. Resource name of the organization and storedInfoType to be read, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

name: Field google.privacy.dlp.v2.GetStoredInfoTypeRequest.name

class google.cloud.dlp_v2.types.ImageLocation¶

Location of the finding within an image.

bounding_boxes¶: Bounding boxes locating the pixels within the image containing the finding.

bounding_boxes: Field google.privacy.dlp.v2.ImageLocation.bounding_boxes

class google.cloud.dlp_v2.types.InfoType¶

Type of information detected by the API.

name¶: Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. InfoType names should conform to the pattern [a-zA-Z0-9_]{1,64}.

name: Field google.privacy.dlp.v2.InfoType.name

class google.cloud.dlp_v2.types.InfoTypeDescription¶

InfoType description.

name¶: Internal name of the infoType.

display_name¶: Human readable form of the infoType name.

supported_by¶: Which parts of the API supports this InfoType.

description¶: Description of the infotype. Translated when language is provided in the request.

description: Field google.privacy.dlp.v2.InfoTypeDescription.description

display_name: Field google.privacy.dlp.v2.InfoTypeDescription.display_name

name: Field google.privacy.dlp.v2.InfoTypeDescription.name

supported_by: Field google.privacy.dlp.v2.InfoTypeDescription.supported_by

class google.cloud.dlp_v2.types.InfoTypeStats¶

Statistics regarding a specific InfoType.

info_type¶: The type of finding this stat is for.

count¶: Number of findings for this infoType.

count: Field google.privacy.dlp.v2.InfoTypeStats.count

info_type: Field google.privacy.dlp.v2.InfoTypeStats.info_type

class google.cloud.dlp_v2.types.InfoTypeTransformations¶

A type of transformation that will scan unstructured text and apply various PrimitiveTransformations to each finding, where the transformation is applied to only values that were identified as a specific info_type.

transformations¶: Transformation for each infoType. Cannot specify more than one for a given infoType. [required]

class InfoTypeTransformation¶

A transformation to apply to text that is identified as a specific info_type.

info_types¶: InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in InspectConfig.

primitive_transformation¶: Primitive transformation to apply to the infoType. [required]

info_types: Field google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation.info_types

primitive_transformation: Field google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation.primitive_transformation

transformations: Field google.privacy.dlp.v2.InfoTypeTransformations.transformations

class google.cloud.dlp_v2.types.InspectConfig¶

Configuration description of the scanning process. When used with redactContent only info_types and min_likelihood are currently used.

info_types¶: Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes- reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.

min_likelihood¶: Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more.

include_quote¶: When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote.

exclude_info_types¶: When true, excludes type information of the findings.

custom_info_types¶: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.

content_options¶: List of options defining data content to scan. If empty, text, images, and other content will be included.

rule_set¶: Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.

class FindingLimits¶

class InfoTypeLimit¶

Max findings configuration per infoType, per content item or long running DlpJob.

info_type¶: Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.

max_findings¶: Max findings limit for the given infoType.

info_type: Field google.privacy.dlp.v2.InspectConfig.FindingLimits.InfoTypeLimit.info_type

max_findings: Field google.privacy.dlp.v2.InspectConfig.FindingLimits.InfoTypeLimit.max_findings

max_findings_per_info_type¶: Field google.privacy.dlp.v2.InspectConfig.FindingLimits.max_findings_per_info_type

max_findings_per_item¶: Field google.privacy.dlp.v2.InspectConfig.FindingLimits.max_findings_per_item

max_findings_per_request¶: Field google.privacy.dlp.v2.InspectConfig.FindingLimits.max_findings_per_request

content_options: Field google.privacy.dlp.v2.InspectConfig.content_options

custom_info_types: Field google.privacy.dlp.v2.InspectConfig.custom_info_types

exclude_info_types: Field google.privacy.dlp.v2.InspectConfig.exclude_info_types

include_quote: Field google.privacy.dlp.v2.InspectConfig.include_quote

info_types: Field google.privacy.dlp.v2.InspectConfig.info_types

limits¶: Field google.privacy.dlp.v2.InspectConfig.limits

min_likelihood: Field google.privacy.dlp.v2.InspectConfig.min_likelihood

rule_set: Field google.privacy.dlp.v2.InspectConfig.rule_set

class google.cloud.dlp_v2.types.InspectContentRequest¶

Request to search for potentially sensitive info in a ContentItem.

parent¶: The parent resource name, for example projects/my-project-id.

inspect_config¶: Configuration for the inspector. What specified here will override the template referenced by the inspect_template_name argument.

item¶: The item to inspect.

inspect_template_name¶: Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

location_id¶: The geographic location to process content inspection. Reserved for future extensions.

inspect_config: Field google.privacy.dlp.v2.InspectContentRequest.inspect_config

inspect_template_name: Field google.privacy.dlp.v2.InspectContentRequest.inspect_template_name

item: Field google.privacy.dlp.v2.InspectContentRequest.item

location_id: Field google.privacy.dlp.v2.InspectContentRequest.location_id

parent: Field google.privacy.dlp.v2.InspectContentRequest.parent

class google.cloud.dlp_v2.types.InspectContentResponse¶

Results of inspecting an item.

result¶: The findings.

result: Field google.privacy.dlp.v2.InspectContentResponse.result

class google.cloud.dlp_v2.types.InspectDataSourceDetails¶

The results of an inspect DataSource job.

requested_options¶: The configuration used for this job.

result¶: A summary of the outcome of this inspect job.

class RequestedOptions¶

job_config¶: Field google.privacy.dlp.v2.InspectDataSourceDetails.RequestedOptions.job_config

snapshot_inspect_template¶: Field google.privacy.dlp.v2.InspectDataSourceDetails.RequestedOptions.snapshot_inspect_template

class Result¶

All result fields mentioned below are updated while the job is processing.

processed_bytes¶: Total size in bytes that were processed.

total_estimated_bytes¶: Estimate of the number of bytes to process.

info_type_stats¶: Statistics of how many instances of each info type were found during inspect job.

info_type_stats: Field google.privacy.dlp.v2.InspectDataSourceDetails.Result.info_type_stats

processed_bytes: Field google.privacy.dlp.v2.InspectDataSourceDetails.Result.processed_bytes

total_estimated_bytes: Field google.privacy.dlp.v2.InspectDataSourceDetails.Result.total_estimated_bytes

requested_options: Field google.privacy.dlp.v2.InspectDataSourceDetails.requested_options

result: Field google.privacy.dlp.v2.InspectDataSourceDetails.result

class google.cloud.dlp_v2.types.InspectJobConfig¶

actions¶: Field google.privacy.dlp.v2.InspectJobConfig.actions

inspect_config¶: Field google.privacy.dlp.v2.InspectJobConfig.inspect_config

inspect_template_name¶: Field google.privacy.dlp.v2.InspectJobConfig.inspect_template_name

storage_config¶: Field google.privacy.dlp.v2.InspectJobConfig.storage_config

class google.cloud.dlp_v2.types.InspectResult¶

All the findings for a single scanned item.

findings¶: List of findings for an item.

findings_truncated¶: If true, then this item might have more findings than were returned, and the findings returned are an arbitrary subset of all findings. The findings list might be truncated because the input items were too large, or because the server reached the maximum amount of resources allowed for a single API call. For best results, divide the input into smaller batches.

findings: Field google.privacy.dlp.v2.InspectResult.findings

findings_truncated: Field google.privacy.dlp.v2.InspectResult.findings_truncated

class google.cloud.dlp_v2.types.InspectTemplate¶

The inspectTemplate contains a configuration (set of types of sensitive data to be detected) to be used anywhere you otherwise would normally specify InspectConfig. See https://cloud.google.com/dlp/docs/concepts-templates to learn more.

name¶: The template name. Output only. The template will have one of the following formats: projects/PROJECT_ID/inspectTemplates/TEMPLATE_ID OR organizations/ORGANIZATION_ID/inspectTemplates/TEMPLATE_ID

display_name¶: Display name (max 256 chars).

description¶: Short description (max 256 chars).

create_time¶: The creation timestamp of an inspectTemplate, output only field.

update_time¶: The last update timestamp of an inspectTemplate, output only field.

inspect_config¶: The core content of the template. Configuration of the scanning process.

create_time: Field google.privacy.dlp.v2.InspectTemplate.create_time

description: Field google.privacy.dlp.v2.InspectTemplate.description

display_name: Field google.privacy.dlp.v2.InspectTemplate.display_name

inspect_config: Field google.privacy.dlp.v2.InspectTemplate.inspect_config

name: Field google.privacy.dlp.v2.InspectTemplate.name

update_time: Field google.privacy.dlp.v2.InspectTemplate.update_time

class google.cloud.dlp_v2.types.InspectionRule¶

A single inspection rule to be applied to infoTypes, specified in InspectionRuleSet.

hotword_rule¶: Hotword-based detection rule.

exclusion_rule¶: Exclusion rule.

exclusion_rule: Field google.privacy.dlp.v2.InspectionRule.exclusion_rule

hotword_rule: Field google.privacy.dlp.v2.InspectionRule.hotword_rule

class google.cloud.dlp_v2.types.InspectionRuleSet¶

Rule set for modifying a set of infoTypes to alter behavior under certain circumstances, depending on the specific details of the rules within the set.

info_types¶: List of infoTypes this rule set is applied to.

rules¶: Set of rules to be applied to infoTypes. The rules are applied in order.

info_types: Field google.privacy.dlp.v2.InspectionRuleSet.info_types

rules: Field google.privacy.dlp.v2.InspectionRuleSet.rules

class google.cloud.dlp_v2.types.JobTrigger¶

What event needs to occur for a new job to be started.

schedule¶: Create a job on a repeating basis based on the elapse of time.

name¶: Unique resource name for the triggeredJob, assigned by the service when the triggeredJob is created, for example projects/dlp-test-project/jobTriggers/53234423.

display_name¶: Display name (max 100 chars)

description¶: User provided description (max 256 chars)

job¶: The configuration details for the specific type of job to run.

triggers¶: A list of triggers which will be OR’ed together. Only one in the list needs to trigger for a job to be started. The list may contain only a single Schedule trigger and must have at least one object.

errors¶: A stream of errors encountered when the trigger was activated. Repeated errors may result in the JobTrigger automatically being paused. Will return the last 100 errors. Whenever the JobTrigger is modified this list will be cleared. Output only field.

create_time¶: The creation timestamp of a triggeredJob, output only field.

update_time¶: The last update timestamp of a triggeredJob, output only field.

last_run_time¶: The timestamp of the last time this trigger executed, output only field.

status¶: A status for this trigger. [required]

class Trigger¶

schedule¶: Field google.privacy.dlp.v2.JobTrigger.Trigger.schedule

create_time: Field google.privacy.dlp.v2.JobTrigger.create_time

description: Field google.privacy.dlp.v2.JobTrigger.description

display_name: Field google.privacy.dlp.v2.JobTrigger.display_name

errors: Field google.privacy.dlp.v2.JobTrigger.errors

inspect_job¶: Field google.privacy.dlp.v2.JobTrigger.inspect_job

last_run_time: Field google.privacy.dlp.v2.JobTrigger.last_run_time

name: Field google.privacy.dlp.v2.JobTrigger.name

status: Field google.privacy.dlp.v2.JobTrigger.status

triggers: Field google.privacy.dlp.v2.JobTrigger.triggers

update_time: Field google.privacy.dlp.v2.JobTrigger.update_time

class google.cloud.dlp_v2.types.Key¶

A unique identifier for a Datastore entity. If a key’s partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts.

partition_id¶: Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.

path¶: The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a root entity, the second element identifies a child of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element’s ancestors. A path can never be empty, and a path can have at most 100 elements.

class PathElement¶

A (kind, ID/name) pair used to construct a key path.

If either name or ID is set, the element is complete. If neither is set, the element is incomplete.

kind¶: The kind of the entity. A kind matching regex __.*__ is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be "".

id_type¶: The type of ID.

id¶: The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.

name¶: The name of the entity. A name matching regex __.*__ is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be "".

id: Field google.privacy.dlp.v2.Key.PathElement.id

kind: Field google.privacy.dlp.v2.Key.PathElement.kind

name: Field google.privacy.dlp.v2.Key.PathElement.name

partition_id: Field google.privacy.dlp.v2.Key.partition_id

path: Field google.privacy.dlp.v2.Key.path

class google.cloud.dlp_v2.types.KindExpression¶

A representation of a Datastore kind.

name¶: The name of the kind.

name: Field google.privacy.dlp.v2.KindExpression.name

class google.cloud.dlp_v2.types.KmsWrappedCryptoKey¶

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt

wrapped_key¶: The wrapped data crypto key. [required]

crypto_key_name¶: The resource name of the KMS CryptoKey to use for unwrapping. [required]

crypto_key_name: Field google.privacy.dlp.v2.KmsWrappedCryptoKey.crypto_key_name

wrapped_key: Field google.privacy.dlp.v2.KmsWrappedCryptoKey.wrapped_key

class google.cloud.dlp_v2.types.LargeCustomDictionaryConfig¶

Configuration for a custom dictionary created from a data source of any size up to the maximum size defined in the limits page. The artifacts of dictionary creation are stored in the specified Google Cloud Storage location. Consider using CustomInfoType.Dictionary for smaller dictionaries that satisfy the size requirements.

output_path¶: Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.

cloud_storage_file_set¶: Set of files containing newline-delimited lists of dictionary phrases.

big_query_field¶: Field in a BigQuery table where each cell represents a dictionary phrase.

big_query_field: Field google.privacy.dlp.v2.LargeCustomDictionaryConfig.big_query_field

cloud_storage_file_set: Field google.privacy.dlp.v2.LargeCustomDictionaryConfig.cloud_storage_file_set

output_path: Field google.privacy.dlp.v2.LargeCustomDictionaryConfig.output_path

class google.cloud.dlp_v2.types.LargeCustomDictionaryStats¶

Summary statistics of a custom dictionary.

approx_num_phrases¶: Approximate number of distinct phrases in the dictionary.

approx_num_phrases: Field google.privacy.dlp.v2.LargeCustomDictionaryStats.approx_num_phrases

class google.cloud.dlp_v2.types.ListDeidentifyTemplatesRequest¶

Request message for ListDeidentifyTemplates.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

page_token¶: Optional page token to continue retrieval. Comes from previous call to ListDeidentifyTemplates.

page_size¶: Optional size of the page, can be limited by server. If zero server returns a page of max size 100.

order_by¶: Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: name asc,update_time, create_time desc Supported fields are: - create_time: corresponds to time the template was created. - update_time: corresponds to time the template was last updated. - name: corresponds to template’s name. - display_name: corresponds to template’s display name.

location_id¶: The geographic location where deidentifications templates will be retrieved from. Use - for all locations. Reserved for future extensions.

location_id: Field google.privacy.dlp.v2.ListDeidentifyTemplatesRequest.location_id

order_by: Field google.privacy.dlp.v2.ListDeidentifyTemplatesRequest.order_by

page_size: Field google.privacy.dlp.v2.ListDeidentifyTemplatesRequest.page_size

page_token: Field google.privacy.dlp.v2.ListDeidentifyTemplatesRequest.page_token

parent: Field google.privacy.dlp.v2.ListDeidentifyTemplatesRequest.parent

class google.cloud.dlp_v2.types.ListDeidentifyTemplatesResponse¶

Response message for ListDeidentifyTemplates.

deidentify_templates¶: List of deidentify templates, up to page_size in ListDeidentifyTemplatesRequest.

next_page_token¶: If the next page is available then the next page token to be used in following ListDeidentifyTemplates request.

deidentify_templates: Field google.privacy.dlp.v2.ListDeidentifyTemplatesResponse.deidentify_templates

next_page_token: Field google.privacy.dlp.v2.ListDeidentifyTemplatesResponse.next_page_token

class google.cloud.dlp_v2.types.ListDlpJobsRequest¶

The request message for listing DLP jobs.

parent¶: Required. The parent resource name, for example projects/my- project-id.

filter¶: Optional. Allows filtering. Supported syntax: - Filter expressions are made up of one or more restrictions. - Restrictions can be combined by AND or OR logical operators. A sequence of restrictions implicitly uses AND. - A restriction has the form of <field> <operator> <value>. - Supported fields/values for inspect jobs: - state - PENDING|RUNNING|CANCELED|FINISHED|FAILED - inspected_storage - DATASTORE|CLOUD_STORAGE|BIGQUERY - trigger_name - The resource name of the trigger that created job. - ‘end_time` - Corresponds to time the job finished. - ‘start_time` - Corresponds to time the job finished. - Supported fields for risk analysis jobs: - state - RUNNING|CANCELED|FINISHED|FAILED - ‘end_time` - Corresponds to time the job finished. - ‘start_time` - Corresponds to time the job finished. - The operator must be = or !=. Examples: - inspected_storage = cloud_storage AND state = done - inspected_storage = cloud_storage OR inspected_storage = bigquery - inspected_storage = cloud_storage AND (state = done OR state = canceled) - end_time > “2017-12-12T00:00:00+00:00” The length of this field should be no more than 500 characters.

page_size¶: The standard list page size.

page_token¶: The standard list page token.

type¶: The type of job. Defaults to DlpJobType.INSPECT

order_by¶: Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: name asc, end_time asc, create_time desc Supported fields are: - create_time: corresponds to time the job was created. - end_time: corresponds to time the job ended. - name: corresponds to job’s name. - state: corresponds to state

location_id¶: The geographic location where jobs will be retrieved from. Use - for all locations. Reserved for future extensions.

filter: Field google.privacy.dlp.v2.ListDlpJobsRequest.filter

location_id: Field google.privacy.dlp.v2.ListDlpJobsRequest.location_id

order_by: Field google.privacy.dlp.v2.ListDlpJobsRequest.order_by

page_size: Field google.privacy.dlp.v2.ListDlpJobsRequest.page_size

page_token: Field google.privacy.dlp.v2.ListDlpJobsRequest.page_token

parent: Field google.privacy.dlp.v2.ListDlpJobsRequest.parent

type: Field google.privacy.dlp.v2.ListDlpJobsRequest.type

class google.cloud.dlp_v2.types.ListDlpJobsResponse¶

The response message for listing DLP jobs.

jobs¶: A list of DlpJobs that matches the specified filter in the request.

next_page_token¶: The standard List next-page token.

jobs: Field google.privacy.dlp.v2.ListDlpJobsResponse.jobs

next_page_token: Field google.privacy.dlp.v2.ListDlpJobsResponse.next_page_token

class google.cloud.dlp_v2.types.ListInfoTypesRequest¶

Request for the list of infoTypes.

language_code¶: Optional BCP-47 language code for localized infoType friendly names. If omitted, or if localized strings are not available, en-US strings will be returned.

filter¶: Optional filter to only return infoTypes supported by certain parts of the API. Defaults to supported_by=INSPECT.

location_id¶: The geographic location to list info types. Reserved for future extensions.

filter: Field google.privacy.dlp.v2.ListInfoTypesRequest.filter

language_code: Field google.privacy.dlp.v2.ListInfoTypesRequest.language_code

location_id: Field google.privacy.dlp.v2.ListInfoTypesRequest.location_id

class google.cloud.dlp_v2.types.ListInfoTypesResponse¶

Response to the ListInfoTypes request.

info_types¶: Set of sensitive infoTypes.

info_types: Field google.privacy.dlp.v2.ListInfoTypesResponse.info_types

class google.cloud.dlp_v2.types.ListInspectTemplatesRequest¶

Request message for ListInspectTemplates.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

page_token¶: Optional page token to continue retrieval. Comes from previous call to ListInspectTemplates.

page_size¶: Optional size of the page, can be limited by server. If zero server returns a page of max size 100.

order_by¶: Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: name asc,update_time, create_time desc Supported fields are: - create_time: corresponds to time the template was created. - update_time: corresponds to time the template was last updated. - name: corresponds to template’s name. - display_name: corresponds to template’s display name.

location_id¶: The geographic location where inspection templates will be retrieved from. Use - for all locations. Reserved for future extensions.

location_id: Field google.privacy.dlp.v2.ListInspectTemplatesRequest.location_id

order_by: Field google.privacy.dlp.v2.ListInspectTemplatesRequest.order_by

page_size: Field google.privacy.dlp.v2.ListInspectTemplatesRequest.page_size

page_token: Field google.privacy.dlp.v2.ListInspectTemplatesRequest.page_token

parent: Field google.privacy.dlp.v2.ListInspectTemplatesRequest.parent

class google.cloud.dlp_v2.types.ListInspectTemplatesResponse¶

Response message for ListInspectTemplates.

inspect_templates¶: List of inspectTemplates, up to page_size in ListInspectTemplatesRequest.

next_page_token¶: If the next page is available then the next page token to be used in following ListInspectTemplates request.

inspect_templates: Field google.privacy.dlp.v2.ListInspectTemplatesResponse.inspect_templates

next_page_token: Field google.privacy.dlp.v2.ListInspectTemplatesResponse.next_page_token

class google.cloud.dlp_v2.types.ListJobTriggersRequest¶

Request message for ListJobTriggers.

parent¶: Required. The parent resource name, for example projects/my- project-id.

page_token¶: Optional page token to continue retrieval. Comes from previous call to ListJobTriggers. order_by field must not change for subsequent calls.

page_size¶: Optional size of the page, can be limited by a server.

order_by¶: Optional comma separated list of triggeredJob fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: name asc,update_time, create_time desc Supported fields are: - create_time: corresponds to time the JobTrigger was created. - update_time: corresponds to time the JobTrigger was last updated. - last_run_time: corresponds to the last time the JobTrigger ran. - name: corresponds to JobTrigger’s name. - display_name: corresponds to JobTrigger’s display name. - status: corresponds to JobTrigger’s status.

filter¶: Optional. Allows filtering. Supported syntax: - Filter expressions are made up of one or more restrictions. - Restrictions can be combined by AND or OR logical operators. A sequence of restrictions implicitly uses AND. - A restriction has the form of <field> <operator> <value>. - Supported fields/values for inspect jobs: - status - HEALTHY|PAUSED|CANCELLED - inspected_storage - DATASTORE|CLOUD_STORAGE|BIGQUERY - ‘last_run_time` - RFC 3339 formatted timestamp, surrounded by quotation marks. Nanoseconds are ignored. - ‘error_count’ - Number of errors that have occurred while running. - The operator must be = or != for status and inspected_storage. Examples: - inspected_storage = cloud_storage AND status = HEALTHY - inspected_storage = cloud_storage OR inspected_storage = bigquery - inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY) - last_run_time > “2017-12-12T00:00:00+00:00” The length of this field should be no more than 500 characters.

location_id¶: The geographic location where job triggers will be retrieved from. Use - for all locations. Reserved for future extensions.

filter: Field google.privacy.dlp.v2.ListJobTriggersRequest.filter

location_id: Field google.privacy.dlp.v2.ListJobTriggersRequest.location_id

order_by: Field google.privacy.dlp.v2.ListJobTriggersRequest.order_by

page_size: Field google.privacy.dlp.v2.ListJobTriggersRequest.page_size

page_token: Field google.privacy.dlp.v2.ListJobTriggersRequest.page_token

parent: Field google.privacy.dlp.v2.ListJobTriggersRequest.parent

class google.cloud.dlp_v2.types.ListJobTriggersResponse¶

Response message for ListJobTriggers.

job_triggers¶: List of triggeredJobs, up to page_size in ListJobTriggersRequest.

next_page_token¶: If the next page is available then the next page token to be used in following ListJobTriggers request.

job_triggers: Field google.privacy.dlp.v2.ListJobTriggersResponse.job_triggers

next_page_token: Field google.privacy.dlp.v2.ListJobTriggersResponse.next_page_token

class google.cloud.dlp_v2.types.ListStoredInfoTypesRequest¶

Request message for ListStoredInfoTypes.

parent¶: Required. The parent resource name, for example projects/my- project-id or organizations/my-org-id.

page_token¶: Optional page token to continue retrieval. Comes from previous call to ListStoredInfoTypes.

page_size¶: Optional size of the page, can be limited by server. If zero server returns a page of max size 100.

order_by¶: Optional comma separated list of fields to order by, followed by asc or desc postfix. This list is case-insensitive, default sorting order is ascending, redundant space characters are insignificant. Example: name asc, display_name, create_time desc Supported fields are: - create_time: corresponds to time the most recent version of the resource was created. - state: corresponds to the state of the resource. - name: corresponds to resource name. - display_name: corresponds to info type’s display name.

location_id¶: The geographic location where stored infoTypes will be retrieved from. Use - for all locations. Reserved for future extensions.

location_id: Field google.privacy.dlp.v2.ListStoredInfoTypesRequest.location_id

order_by: Field google.privacy.dlp.v2.ListStoredInfoTypesRequest.order_by

page_size: Field google.privacy.dlp.v2.ListStoredInfoTypesRequest.page_size

page_token: Field google.privacy.dlp.v2.ListStoredInfoTypesRequest.page_token

parent: Field google.privacy.dlp.v2.ListStoredInfoTypesRequest.parent

class google.cloud.dlp_v2.types.ListStoredInfoTypesResponse¶

Response message for ListStoredInfoTypes.

stored_info_types¶: List of storedInfoTypes, up to page_size in ListStoredInfoTypesRequest.

next_page_token¶: If the next page is available then the next page token to be used in following ListStoredInfoTypes request.

next_page_token: Field google.privacy.dlp.v2.ListStoredInfoTypesResponse.next_page_token

stored_info_types: Field google.privacy.dlp.v2.ListStoredInfoTypesResponse.stored_info_types

class google.cloud.dlp_v2.types.Location¶

Specifies the location of the finding.

byte_range¶: Zero-based byte offsets delimiting the finding. These are relative to the finding’s containing element. Note that when the content is not textual, this references the UTF-8 encoded textual representation of the content. Omitted if content is an image.

codepoint_range¶: Unicode character offsets delimiting the finding. These are relative to the finding’s containing element. Provided when the content is text.

content_locations¶: List of nested objects pointing to the precise location of the finding within the file or record.

byte_range: Field google.privacy.dlp.v2.Location.byte_range

codepoint_range: Field google.privacy.dlp.v2.Location.codepoint_range

content_locations: Field google.privacy.dlp.v2.Location.content_locations

class google.cloud.dlp_v2.types.OutputStorageConfig¶

Cloud repository for storing output.

table¶: Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the Finding object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.

output_schema¶: Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema.

output_schema: Field google.privacy.dlp.v2.OutputStorageConfig.output_schema

table: Field google.privacy.dlp.v2.OutputStorageConfig.table

class google.cloud.dlp_v2.types.PartitionId¶

Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.

A partition ID contains several dimensions: project ID and namespace ID.

project_id¶: The ID of the project to which the entities belong.

namespace_id¶: If not empty, the ID of the namespace to which the entities belong.

namespace_id: Field google.privacy.dlp.v2.PartitionId.namespace_id

project_id: Field google.privacy.dlp.v2.PartitionId.project_id

class google.cloud.dlp_v2.types.PrimitiveTransformation¶

A rule for transforming a value.

bucketing_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.bucketing_config

character_mask_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.character_mask_config

crypto_deterministic_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.crypto_deterministic_config

crypto_hash_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.crypto_hash_config

crypto_replace_ffx_fpe_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.crypto_replace_ffx_fpe_config

date_shift_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.date_shift_config

fixed_size_bucketing_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.fixed_size_bucketing_config

redact_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.redact_config

replace_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.replace_config

replace_with_info_type_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.replace_with_info_type_config

time_part_config¶: Field google.privacy.dlp.v2.PrimitiveTransformation.time_part_config

class google.cloud.dlp_v2.types.PrivacyMetric¶

Privacy metric to compute for reidentification risk analysis.

class CategoricalStatsConfig¶

Compute numerical stats over an individual column, including number of distinct values and value count distribution.

field¶: Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data.

field: Field google.privacy.dlp.v2.PrivacyMetric.CategoricalStatsConfig.field

class DeltaPresenceEstimationConfig¶

δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead.

quasi_ids¶: Fields considered to be quasi-identifiers. No two fields can have the same tag. [required]

region_code¶: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Required if no column is tagged with a region- specific InfoType (like US_ZIP_5) or a region code.

auxiliary_tables¶: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table.

auxiliary_tables: Field google.privacy.dlp.v2.PrivacyMetric.DeltaPresenceEstimationConfig.auxiliary_tables

quasi_ids: Field google.privacy.dlp.v2.PrivacyMetric.DeltaPresenceEstimationConfig.quasi_ids

region_code: Field google.privacy.dlp.v2.PrivacyMetric.DeltaPresenceEstimationConfig.region_code

class KAnonymityConfig¶

k-anonymity metric, used for analysis of reidentification risk.

quasi_ids¶: Set of fields to compute k-anonymity over. When multiple fields are specified, they are considered a single composite key. Structs and repeated data types are not supported; however, nested fields are supported so long as they are not structs themselves or nested within a repeated field.

entity_id¶: Optional message indicating that multiple rows might be associated to a single individual. If the same entity_id is associated to multiple quasi-identifier tuples over distinct rows, we consider the entire collection of tuples as the composite quasi-identifier. This collection is a multiset: the order in which the different tuples appear in the dataset is ignored, but their frequency is taken into account. Important note: a maximum of 1000 rows can be associated to a single entity ID. If more rows are associated with the same entity ID, some might be ignored.

entity_id: Field google.privacy.dlp.v2.PrivacyMetric.KAnonymityConfig.entity_id

quasi_ids: Field google.privacy.dlp.v2.PrivacyMetric.KAnonymityConfig.quasi_ids

class KMapEstimationConfig¶

Reidentifiability metric. This corresponds to a risk model similar to what is called “journalist risk” in the literature, except the attack dataset is statistically modeled instead of being perfectly known. This can be done using publicly available data (like the US Census), or using a custom statistical model (indicated as one or several BigQuery tables), or by extrapolating from the distribution of values in the input dataset. A column with a semantic tag attached.

quasi_ids¶: Fields considered to be quasi-identifiers. No two columns can have the same tag. [required]

region_code¶: ISO 3166-1 alpha-2 region code to use in the statistical modeling. Required if no column is tagged with a region- specific InfoType (like US_ZIP_5) or a region code.

auxiliary_tables¶: Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers column must appear in exactly one column of one auxiliary table.

class AuxiliaryTable¶

An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).

table¶: Auxiliary table location. [required]

quasi_ids¶: Quasi-identifier columns. [required]

relative_frequency¶: The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero. [required]

class QuasiIdField¶

A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.

custom_tag¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.QuasiIdField.custom_tag

field¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.QuasiIdField.field

quasi_ids: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.quasi_ids

relative_frequency: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.relative_frequency

table: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.table

class TaggedField¶

custom_tag¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.TaggedField.custom_tag

field¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.TaggedField.field

inferred¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.TaggedField.inferred

info_type¶: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.TaggedField.info_type

auxiliary_tables: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.auxiliary_tables

quasi_ids: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.quasi_ids

region_code: Field google.privacy.dlp.v2.PrivacyMetric.KMapEstimationConfig.region_code

class LDiversityConfig¶

l-diversity metric, used for analysis of reidentification risk.

quasi_ids¶: Set of quasi-identifiers indicating how equivalence classes are defined for the l-diversity computation. When multiple fields are specified, they are considered a single composite key.

sensitive_attribute¶: Sensitive field for computing the l-value.

quasi_ids: Field google.privacy.dlp.v2.PrivacyMetric.LDiversityConfig.quasi_ids

sensitive_attribute: Field google.privacy.dlp.v2.PrivacyMetric.LDiversityConfig.sensitive_attribute

class NumericalStatsConfig¶

Compute numerical stats over an individual column, including min, max, and quantiles.

field¶: Field to compute numerical stats on. Supported types are integer, float, date, datetime, timestamp, time.

field: Field google.privacy.dlp.v2.PrivacyMetric.NumericalStatsConfig.field

categorical_stats_config¶: Field google.privacy.dlp.v2.PrivacyMetric.categorical_stats_config

delta_presence_estimation_config¶: Field google.privacy.dlp.v2.PrivacyMetric.delta_presence_estimation_config

k_anonymity_config¶: Field google.privacy.dlp.v2.PrivacyMetric.k_anonymity_config

k_map_estimation_config¶: Field google.privacy.dlp.v2.PrivacyMetric.k_map_estimation_config

l_diversity_config¶: Field google.privacy.dlp.v2.PrivacyMetric.l_diversity_config

numerical_stats_config¶: Field google.privacy.dlp.v2.PrivacyMetric.numerical_stats_config

class google.cloud.dlp_v2.types.QuasiId¶

A column with a semantic tag attached.

field¶: Identifies the column. [required]

tag¶: Semantic tag that identifies what a column contains, to determine which statistical model to use to estimate the reidentifiability of each value. [required]

info_type¶: A column can be tagged with a InfoType to use the relevant public dataset as a statistical model of population, if available. We currently support US ZIP codes, region codes, ages and genders. To programmatically obtain the list of supported InfoTypes, use ListInfoTypes with the supported_by=RISK_ANALYSIS filter.

custom_tag¶: A column can be tagged with a custom tag. In this case, the user must indicate an auxiliary table that contains statistical information on the possible values of this column (below).

inferred¶: If no semantic tag is indicated, we infer the statistical model from the distribution of values in the input data

custom_tag: Field google.privacy.dlp.v2.QuasiId.custom_tag

field: Field google.privacy.dlp.v2.QuasiId.field

inferred: Field google.privacy.dlp.v2.QuasiId.inferred

info_type: Field google.privacy.dlp.v2.QuasiId.info_type

class google.cloud.dlp_v2.types.QuoteInfo¶

Message for infoType-dependent details parsed from quote.

parsed_quote¶: Object representation of the quote.

date_time¶: The date time indicated by the quote.

date_time: Field google.privacy.dlp.v2.QuoteInfo.date_time

class google.cloud.dlp_v2.types.Range¶

Generic half-open interval [start, end)

start¶: Index of the first character of the range (inclusive).

end¶: Index of the last character of the range (exclusive).

end: Field google.privacy.dlp.v2.Range.end

start: Field google.privacy.dlp.v2.Range.start

class google.cloud.dlp_v2.types.RecordCondition¶

The field type of value and field do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A value of type:

string can be compared against all other types
boolean can only be compared against other booleans
integer can be compared against doubles or a string if the string value can be parsed as an integer.
double can be compared against integers or a string if the string can be parsed as a double.
Timestamp can be compared against strings in RFC 3339 date string format.
TimeOfDay can be compared against timestamps and strings in the format of ‘HH:mm:ss’.

If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

field¶: Field within the record this condition is evaluated against. [required]

operator¶: Operator used to compare the field or infoType to the value. [required]

value¶: Value to compare against. [Required, except for EXISTS tests.]

expressions¶: An expression.

class Condition¶

field¶: Field google.privacy.dlp.v2.RecordCondition.Condition.field

operator¶: Field google.privacy.dlp.v2.RecordCondition.Condition.operator

value¶: Field google.privacy.dlp.v2.RecordCondition.Condition.value

class Conditions¶

A collection of conditions.

conditions¶: Field google.privacy.dlp.v2.RecordCondition.Conditions.conditions

class Expressions¶

An expression, consisting or an operator and conditions.

logical_operator¶: The operator to apply to the result of conditions. Default and currently only supported value is AND.

conditions¶: Field google.privacy.dlp.v2.RecordCondition.Expressions.conditions

logical_operator: Field google.privacy.dlp.v2.RecordCondition.Expressions.logical_operator

expressions: Field google.privacy.dlp.v2.RecordCondition.expressions

class google.cloud.dlp_v2.types.RecordKey¶

Message for a unique key indicating a record that contains a finding.

id_values¶: Values of identifying columns in the given row. Order of values matches the order of field identifiers specified in the scanning request.

big_query_key¶: Field google.privacy.dlp.v2.RecordKey.big_query_key

datastore_key¶: Field google.privacy.dlp.v2.RecordKey.datastore_key

id_values: Field google.privacy.dlp.v2.RecordKey.id_values

class google.cloud.dlp_v2.types.RecordLocation¶

Location of a finding within a row or record.

record_key¶: Key of the finding.

field_id¶: Field id of the field containing the finding.

table_location¶: Location within a ContentItem.Table.

field_id: Field google.privacy.dlp.v2.RecordLocation.field_id

record_key: Field google.privacy.dlp.v2.RecordLocation.record_key

table_location: Field google.privacy.dlp.v2.RecordLocation.table_location

class google.cloud.dlp_v2.types.RecordSuppression¶

Configuration to suppress records whose suppression conditions evaluate to true.

condition¶: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.

condition: Field google.privacy.dlp.v2.RecordSuppression.condition

class google.cloud.dlp_v2.types.RecordTransformations¶

A type of transformation that is applied over structured data such as a table.

field_transformations¶: Transform the record by applying various field transformations.

record_suppressions¶: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output [optional].

field_transformations: Field google.privacy.dlp.v2.RecordTransformations.field_transformations

record_suppressions: Field google.privacy.dlp.v2.RecordTransformations.record_suppressions

class google.cloud.dlp_v2.types.RedactConfig¶: Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input ‘My phone number is 206-555-0123’, the output would be ‘My phone number is ‘.

class google.cloud.dlp_v2.types.RedactImageRequest¶

Request to search for potentially sensitive info in an image and redact it by covering it with a colored rectangle.

parent¶: The parent resource name, for example projects/my-project-id.

location_id¶: The geographic location to process the request. Reserved for future extensions.

inspect_config¶: Configuration for the inspector.

image_redaction_configs¶: The configuration for specifying what content to redact from images.

include_findings¶: Whether the response should include findings along with the redacted image.

byte_item¶: The content must be PNG, JPEG, SVG or BMP.

class ImageRedactionConfig¶

Configuration for determining how redaction of images should occur.

target¶: Type of information to redact from images.

info_type¶: Only one per info_type should be provided per request. If not specified, and redact_all_text is false, the DLP API will redact all text that it matches against all info_types that are found, but not specified in another ImageRedactionConfig.

redact_all_text¶: If true, all text found in the image, regardless whether it matches an info_type, is redacted. Only one should be provided.

redaction_color¶: The color to use when redacting content from an image. If not specified, the default is black.

info_type: Field google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig.info_type

redact_all_text: Field google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig.redact_all_text

redaction_color: Field google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig.redaction_color

byte_item: Field google.privacy.dlp.v2.RedactImageRequest.byte_item

image_redaction_configs: Field google.privacy.dlp.v2.RedactImageRequest.image_redaction_configs

include_findings: Field google.privacy.dlp.v2.RedactImageRequest.include_findings

inspect_config: Field google.privacy.dlp.v2.RedactImageRequest.inspect_config

location_id: Field google.privacy.dlp.v2.RedactImageRequest.location_id

parent: Field google.privacy.dlp.v2.RedactImageRequest.parent

class google.cloud.dlp_v2.types.RedactImageResponse¶

Results of redacting an image.

redacted_image¶: The redacted image. The type will be the same as the original image.

extracted_text¶: If an image was being inspected and the InspectConfig’s include_quote was set to true, then this field will include all text, if any, that was found in the image.

inspect_result¶: The findings. Populated when include_findings in the request is true.

extracted_text: Field google.privacy.dlp.v2.RedactImageResponse.extracted_text

inspect_result: Field google.privacy.dlp.v2.RedactImageResponse.inspect_result

redacted_image: Field google.privacy.dlp.v2.RedactImageResponse.redacted_image

class google.cloud.dlp_v2.types.ReidentifyContentRequest¶

Request to re-identify an item.

parent¶: Required. The parent resource name.

reidentify_config¶: Configuration for the re-identification of the content item. This field shares the same proto message type that is used for de-identification, however its usage here is for the reversal of the previous de-identification. Re-identification is performed by examining the transformations used to de-identify the items and executing the reverse. This requires that only reversible transformations be provided here. The reversible transformations are: - CryptoDeterministicConfig - CryptoReplaceFfxFpeConfig

inspect_config¶: Configuration for the inspector.

item¶: The item to re-identify. Will be treated as text.

inspect_template_name¶: Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

reidentify_template_name¶: Optional template to use. References an instance of DeidentifyTemplate. Any configuration directly specified in reidentify_config or inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged.

location_id¶: The geographic location to process content reidentification. Reserved for future extensions.

inspect_config: Field google.privacy.dlp.v2.ReidentifyContentRequest.inspect_config

inspect_template_name: Field google.privacy.dlp.v2.ReidentifyContentRequest.inspect_template_name

item: Field google.privacy.dlp.v2.ReidentifyContentRequest.item

location_id: Field google.privacy.dlp.v2.ReidentifyContentRequest.location_id

parent: Field google.privacy.dlp.v2.ReidentifyContentRequest.parent

reidentify_config: Field google.privacy.dlp.v2.ReidentifyContentRequest.reidentify_config

reidentify_template_name: Field google.privacy.dlp.v2.ReidentifyContentRequest.reidentify_template_name

class google.cloud.dlp_v2.types.ReidentifyContentResponse¶

Results of re-identifying a item.

item¶: The re-identified item.

overview¶: An overview of the changes that were made to the item.

item: Field google.privacy.dlp.v2.ReidentifyContentResponse.item

overview: Field google.privacy.dlp.v2.ReidentifyContentResponse.overview

class google.cloud.dlp_v2.types.ReplaceValueConfig¶

Replace each input value with a given Value.

new_value¶: Value to replace it with.

new_value: Field google.privacy.dlp.v2.ReplaceValueConfig.new_value

class google.cloud.dlp_v2.types.ReplaceWithInfoTypeConfig¶: Replace each matching finding with the name of the info_type.

class google.cloud.dlp_v2.types.RiskAnalysisJobConfig¶

Configuration for a risk analysis job. See https://cloud.google.com/dlp/docs/concepts-risk-analysis to learn more.

privacy_metric¶: Privacy metric to compute.

source_table¶: Input dataset to compute metrics over.

actions¶: Actions to execute at the completion of the job. Are executed in the order provided.

actions: Field google.privacy.dlp.v2.RiskAnalysisJobConfig.actions

privacy_metric: Field google.privacy.dlp.v2.RiskAnalysisJobConfig.privacy_metric

source_table: Field google.privacy.dlp.v2.RiskAnalysisJobConfig.source_table

class google.cloud.dlp_v2.types.Schedule¶

Schedule for triggeredJobs.

recurrence_period_duration¶: With this option a job is started a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.

recurrence_period_duration: Field google.privacy.dlp.v2.Schedule.recurrence_period_duration

class google.cloud.dlp_v2.types.StatisticalTable¶

An auxiliary table containing statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).

table¶: Auxiliary table location. [required]

quasi_ids¶: Quasi-identifier columns. [required]

relative_frequency¶: The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero. [required]

class QuasiIdentifierField¶

A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.

custom_tag¶: Field google.privacy.dlp.v2.StatisticalTable.QuasiIdentifierField.custom_tag

field¶: Field google.privacy.dlp.v2.StatisticalTable.QuasiIdentifierField.field

quasi_ids: Field google.privacy.dlp.v2.StatisticalTable.quasi_ids

relative_frequency: Field google.privacy.dlp.v2.StatisticalTable.relative_frequency

table: Field google.privacy.dlp.v2.StatisticalTable.table

class google.cloud.dlp_v2.types.Status¶

code¶: Field google.rpc.Status.code

details¶: Field google.rpc.Status.details

message¶: Field google.rpc.Status.message

class google.cloud.dlp_v2.types.StorageConfig¶

Shared message indicating Cloud storage type.

datastore_options¶: Google Cloud Datastore options specification.

cloud_storage_options¶: Google Cloud Storage options specification.

big_query_options¶: BigQuery options specification.

class TimespanConfig¶

Configuration of the timespan of the items to include in scanning. Currently only supported when inspecting Google Cloud Storage and BigQuery.

start_time¶: Exclude files or rows older than this value.

end_time¶: Exclude files or rows newer than this value. If set to zero, no upper time limit is applied.

timestamp_field¶: Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was modified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp field are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column. For Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the timestamp property does not exist or its value is empty or invalid.

enable_auto_population_of_timespan_config¶: When the job is started by a JobTrigger we will automatically figure out a valid start_time to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger.

enable_auto_population_of_timespan_config: Field google.privacy.dlp.v2.StorageConfig.TimespanConfig.enable_auto_population_of_timespan_config

end_time: Field google.privacy.dlp.v2.StorageConfig.TimespanConfig.end_time

start_time: Field google.privacy.dlp.v2.StorageConfig.TimespanConfig.start_time

timestamp_field: Field google.privacy.dlp.v2.StorageConfig.TimespanConfig.timestamp_field

big_query_options: Field google.privacy.dlp.v2.StorageConfig.big_query_options

cloud_storage_options: Field google.privacy.dlp.v2.StorageConfig.cloud_storage_options

datastore_options: Field google.privacy.dlp.v2.StorageConfig.datastore_options

timespan_config¶: Field google.privacy.dlp.v2.StorageConfig.timespan_config

class google.cloud.dlp_v2.types.StoredInfoType¶

StoredInfoType resource message that contains information about the current version and any pending updates.

name¶: Resource name.

current_version¶: Current version of the stored info type.

pending_versions¶: Pending versions of the stored info type. Empty if no versions are pending.

current_version: Field google.privacy.dlp.v2.StoredInfoType.current_version

name: Field google.privacy.dlp.v2.StoredInfoType.name

pending_versions: Field google.privacy.dlp.v2.StoredInfoType.pending_versions

class google.cloud.dlp_v2.types.StoredInfoTypeConfig¶

Configuration for stored infoTypes. All fields and subfield are provided by the user. For more information, see https://cloud.google.com/dlp/docs/creating-custom-infotypes.

display_name¶: Display name of the StoredInfoType (max 256 characters).

description¶: Description of the StoredInfoType (max 256 characters).

large_custom_dictionary¶: StoredInfoType where findings are defined by a dictionary of phrases.

description: Field google.privacy.dlp.v2.StoredInfoTypeConfig.description

display_name: Field google.privacy.dlp.v2.StoredInfoTypeConfig.display_name

large_custom_dictionary: Field google.privacy.dlp.v2.StoredInfoTypeConfig.large_custom_dictionary

class google.cloud.dlp_v2.types.StoredInfoTypeStats¶

Statistics for a StoredInfoType.

large_custom_dictionary¶: StoredInfoType where findings are defined by a dictionary of phrases.

large_custom_dictionary: Field google.privacy.dlp.v2.StoredInfoTypeStats.large_custom_dictionary

class google.cloud.dlp_v2.types.StoredInfoTypeVersion¶

Version of a StoredInfoType, including the configuration used to build it, create timestamp, and current state.

config¶: StoredInfoType configuration.

create_time¶: Create timestamp of the version. Read-only, determined by the system when the version is created.

state¶: Stored info type version state. Read-only, updated by the system during dictionary creation.

errors¶: Errors that occurred when creating this storedInfoType version, or anomalies detected in the storedInfoType data that render it unusable. Only the five most recent errors will be displayed, with the most recent error appearing first. .. raw:: html <p> For example, some of the data for stored custom dictionaries is put in the user’s Google Cloud Storage bucket, and if this data is modified or deleted by the user or another system, the dictionary becomes invalid. .. raw:: html <p> If any errors occur, fix the problem indicated by the error message and use the UpdateStoredInfoType API method to create another version of the storedInfoType to continue using it, reusing the same config if it was not the source of the error.

stats¶: Statistics about this storedInfoType version.

config: Field google.privacy.dlp.v2.StoredInfoTypeVersion.config

create_time: Field google.privacy.dlp.v2.StoredInfoTypeVersion.create_time

errors: Field google.privacy.dlp.v2.StoredInfoTypeVersion.errors

state: Field google.privacy.dlp.v2.StoredInfoTypeVersion.state

stats: Field google.privacy.dlp.v2.StoredInfoTypeVersion.stats

class google.cloud.dlp_v2.types.StoredType¶

A reference to a StoredInfoType to use with scanning.

name¶: Resource name of the requested StoredInfoType, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

create_time¶: Timestamp indicating when the version of the StoredInfoType used for inspection was created. Output- only field, populated by the system.

create_time: Field google.privacy.dlp.v2.StoredType.create_time

name: Field google.privacy.dlp.v2.StoredType.name

class google.cloud.dlp_v2.types.Table¶

Structured content to inspect. Up to 50,000 Values per request allowed. See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to learn more.

class Row¶

values¶: Field google.privacy.dlp.v2.Table.Row.values

headers¶: Field google.privacy.dlp.v2.Table.headers

rows¶: Field google.privacy.dlp.v2.Table.rows

class google.cloud.dlp_v2.types.TableLocation¶

Location of a finding within a table.

row_index¶: The zero-based index of the row where the finding is located.

row_index: Field google.privacy.dlp.v2.TableLocation.row_index

class google.cloud.dlp_v2.types.TimeOfDay¶

hours¶: Field google.type.TimeOfDay.hours

minutes¶: Field google.type.TimeOfDay.minutes

nanos¶: Field google.type.TimeOfDay.nanos

seconds¶: Field google.type.TimeOfDay.seconds

class google.cloud.dlp_v2.types.TimePartConfig¶

For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.

part_to_extract¶: Field google.privacy.dlp.v2.TimePartConfig.part_to_extract

class google.cloud.dlp_v2.types.Timestamp¶

nanos¶: Field google.protobuf.Timestamp.nanos

seconds¶: Field google.protobuf.Timestamp.seconds

class google.cloud.dlp_v2.types.TransformationOverview¶

Overview of the modifications that occurred.

transformed_bytes¶: Total size in bytes that were transformed in some way.

transformation_summaries¶: Transformations applied to the dataset.

transformation_summaries: Field google.privacy.dlp.v2.TransformationOverview.transformation_summaries

transformed_bytes: Field google.privacy.dlp.v2.TransformationOverview.transformed_bytes

class google.cloud.dlp_v2.types.TransformationSummary¶

Summary of a single transformation. Only one of ‘transformation’, ‘field_transformation’, or ‘record_suppress’ will be set.

info_type¶: Set if the transformation was limited to a specific InfoType.

field¶: Set if the transformation was limited to a specific FieldId.

transformation¶: The specific transformation these stats apply to.

field_transformations¶: The field transformation that was applied. If multiple field transformations are requested for a single field, this list will contain all of them; otherwise, only one is supplied.

record_suppress¶: The specific suppression option these stats apply to.

transformed_bytes¶: Total size in bytes that were transformed in some way.

class SummaryResult¶

A collection that informs the user the number of times a particular TransformationResultCode and error details occurred.

details¶: A place for warnings or errors to show up if a transformation didn’t work as expected.

code¶: Field google.privacy.dlp.v2.TransformationSummary.SummaryResult.code

count¶: Field google.privacy.dlp.v2.TransformationSummary.SummaryResult.count

details: Field google.privacy.dlp.v2.TransformationSummary.SummaryResult.details

field: Field google.privacy.dlp.v2.TransformationSummary.field

field_transformations: Field google.privacy.dlp.v2.TransformationSummary.field_transformations

info_type: Field google.privacy.dlp.v2.TransformationSummary.info_type

record_suppress: Field google.privacy.dlp.v2.TransformationSummary.record_suppress

results¶: Field google.privacy.dlp.v2.TransformationSummary.results

transformation: Field google.privacy.dlp.v2.TransformationSummary.transformation

transformed_bytes: Field google.privacy.dlp.v2.TransformationSummary.transformed_bytes

class google.cloud.dlp_v2.types.TransientCryptoKey¶

Use this to have a random data crypto key generated. It will be discarded after the request finishes.

name¶: Name of the key. [required] This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).

name: Field google.privacy.dlp.v2.TransientCryptoKey.name

class google.cloud.dlp_v2.types.UnwrappedCryptoKey¶

Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.

key¶: A 128/192/256 bit key. [required]

key: Field google.privacy.dlp.v2.UnwrappedCryptoKey.key

class google.cloud.dlp_v2.types.UpdateDeidentifyTemplateRequest¶

Request message for UpdateDeidentifyTemplate.

name¶: Required. Resource name of organization and deidentify template to be updated, for example organizations/433245324/deidentifyTemplates/432452342 or projects/project-id/deidentifyTemplates/432452342.

deidentify_template¶: New DeidentifyTemplate value.

update_mask¶: Mask to control which fields get updated.

deidentify_template: Field google.privacy.dlp.v2.UpdateDeidentifyTemplateRequest.deidentify_template

name: Field google.privacy.dlp.v2.UpdateDeidentifyTemplateRequest.name

update_mask: Field google.privacy.dlp.v2.UpdateDeidentifyTemplateRequest.update_mask

class google.cloud.dlp_v2.types.UpdateInspectTemplateRequest¶

Request message for UpdateInspectTemplate.

name¶: Required. Resource name of organization and inspectTemplate to be updated, for example organizations/433245324/inspectTemplates/432452342 or projects/project-id/inspectTemplates/432452342.

inspect_template¶: New InspectTemplate value.

update_mask¶: Mask to control which fields get updated.

inspect_template: Field google.privacy.dlp.v2.UpdateInspectTemplateRequest.inspect_template

name: Field google.privacy.dlp.v2.UpdateInspectTemplateRequest.name

update_mask: Field google.privacy.dlp.v2.UpdateInspectTemplateRequest.update_mask

class google.cloud.dlp_v2.types.UpdateJobTriggerRequest¶

Request message for UpdateJobTrigger.

name¶: Required. Resource name of the project and the triggeredJob, for example projects/dlp-test- project/jobTriggers/53234423.

job_trigger¶: New JobTrigger value.

update_mask¶: Mask to control which fields get updated.

job_trigger: Field google.privacy.dlp.v2.UpdateJobTriggerRequest.job_trigger

name: Field google.privacy.dlp.v2.UpdateJobTriggerRequest.name

update_mask: Field google.privacy.dlp.v2.UpdateJobTriggerRequest.update_mask

class google.cloud.dlp_v2.types.UpdateStoredInfoTypeRequest¶

Request message for UpdateStoredInfoType.

name¶: Required. Resource name of organization and storedInfoType to be updated, for example organizations/433245324/storedInfoTypes/432452342 or projects/project-id/storedInfoTypes/432452342.

config¶: Updated configuration for the storedInfoType. If not provided, a new version of the storedInfoType will be created with the existing configuration.

update_mask¶: Mask to control which fields get updated.

config: Field google.privacy.dlp.v2.UpdateStoredInfoTypeRequest.config

name: Field google.privacy.dlp.v2.UpdateStoredInfoTypeRequest.name

update_mask: Field google.privacy.dlp.v2.UpdateStoredInfoTypeRequest.update_mask

class google.cloud.dlp_v2.types.Value¶

Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a ‘Value’ is based on its representation as a UTF-8 encoded string. For example, if ‘integer_value’ is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data.

boolean_value¶: Field google.privacy.dlp.v2.Value.boolean_value

date_value¶: Field google.privacy.dlp.v2.Value.date_value

day_of_week_value¶: Field google.privacy.dlp.v2.Value.day_of_week_value

float_value¶: Field google.privacy.dlp.v2.Value.float_value

integer_value¶: Field google.privacy.dlp.v2.Value.integer_value

string_value¶: Field google.privacy.dlp.v2.Value.string_value

time_value¶: Field google.privacy.dlp.v2.Value.time_value

timestamp_value¶: Field google.privacy.dlp.v2.Value.timestamp_value

class google.cloud.dlp_v2.types.ValueFrequency¶

A value of a field, including its frequency.

value¶: A value contained in the field in question.

count¶: How many times the value is contained in the field.

count: Field google.privacy.dlp.v2.ValueFrequency.count

value: Field google.privacy.dlp.v2.ValueFrequency.value

Types for Cloud Data Loss Prevention (DLP) API Client¶

google-cloud-dlp

Navigation

Related Topics