googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace dlp_v2 { export interface Options extends GlobalOptions { version: 'v2'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Sensitive Data Protection (DLP) * * Discover and protect your sensitive data. A fully managed service designed to help you discover, classify, and protect your valuable data assets with ease. * * @example * ```js * const {google} = require('googleapis'); * const dlp = google.dlp('v2'); * ``` */ export class Dlp { context: APIRequestContext; infoTypes: Resource$Infotypes; locations: Resource$Locations; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more. */ export interface Schema$GooglePrivacyDlpV2Action { /** * Create a de-identified copy of the input data. */ deidentify?: Schema$GooglePrivacyDlpV2Deidentify; /** * Sends an email when the job completes. The email goes to IAM project owners and technical [Essential Contacts](https://cloud.google.com/resource-manager/docs/managing-notification-contacts). */ jobNotificationEmails?: Schema$GooglePrivacyDlpV2JobNotificationEmails; /** * Deprecated because Data Catalog is being turned down. Use publish_findings_to_dataplex_catalog to publish findings to Dataplex Universal Catalog. */ publishFindingsToCloudDataCatalog?: Schema$GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog; /** * Publish findings as an aspect to Dataplex Universal Catalog. */ publishFindingsToDataplexCatalog?: Schema$GooglePrivacyDlpV2PublishFindingsToDataplexCatalog; /** * Publish summary to Cloud Security Command Center (Alpha). */ publishSummaryToCscc?: Schema$GooglePrivacyDlpV2PublishSummaryToCscc; /** * Enable Stackdriver metric dlp.googleapis.com/finding_count. */ publishToStackdriver?: Schema$GooglePrivacyDlpV2PublishToStackdriver; /** * Publish a notification to a Pub/Sub topic. */ pubSub?: Schema$GooglePrivacyDlpV2PublishToPubSub; /** * Save resulting findings in a provided location. */ saveFindings?: Schema$GooglePrivacyDlpV2SaveFindings; } /** * The results of an Action. */ export interface Schema$GooglePrivacyDlpV2ActionDetails { /** * Outcome of a de-identification action. */ deidentifyDetails?: Schema$GooglePrivacyDlpV2DeidentifyDataSourceDetails; } /** * Request message for ActivateJobTrigger. */ export interface Schema$GooglePrivacyDlpV2ActivateJobTriggerRequest { } /** * AdjustmentRule condition for image findings. This rule is silently ignored if the content being inspected is not an image. */ export interface Schema$GooglePrivacyDlpV2AdjustByImageFindings { /** * Specifies the required spatial relationship between the bounding boxes of the target finding and the context infoType findings. */ imageContainmentType?: Schema$GooglePrivacyDlpV2ImageContainmentType; /** * A list of image-supported infoTypes—excluding [document infoTypes](https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#documents)—to be used as context for the adjustment rule. Sensitive Data Protection adjusts the likelihood of an image finding if its bounding box has the specified spatial relationship (defined by `image_containment_type`) with a finding of an infoType in this list. For example, you can create a rule to adjust the likelihood of a `US_PASSPORT` finding if it is enclosed by a finding of `OBJECT_TYPE/PERSON/PASSPORT`. To configure this, set `US_PASSPORT` in `InspectionRuleSet.info_types`. Add an `adjustment_rule` with an `adjust_by_image_findings.info_types` that contains `OBJECT_TYPE/PERSON/PASSPORT` and `image_containment_type` set to `encloses`. In this case, the likelihood of the `US_PASSPORT` finding is adjusted, but the likelihood of the `OBJECT_TYPE/PERSON/PASSPORT` finding is not. */ infoTypes?: Schema$GooglePrivacyDlpV2InfoType[]; /** * Required. Minimum likelihood of the `adjust_by_image_findings.info_types` finding. If the likelihood is lower than this value, Sensitive Data Protection doesn't adjust the likelihood of the `InspectionRuleSet.info_types` finding. */ minLikelihood?: string | null; } /** * AdjustmentRule condition for matching infoTypes. */ export interface Schema$GooglePrivacyDlpV2AdjustByMatchingInfoTypes { /** * Sensitive Data Protection adjusts the likelihood of a finding if that finding also matches one of these infoTypes. For example, you can create a rule to adjust the likelihood of a `PHONE_NUMBER` finding if the string is found within a document that is classified as `DOCUMENT_TYPE/HR/RESUME`. To configure this, set `PHONE_NUMBER` in `InspectionRuleSet.info_types`. Add an `adjustment_rule` with an `adjust_by_matching_info_types.info_types` that contains `DOCUMENT_TYPE/HR/RESUME`. In this case, the likelihood of the `PHONE_NUMBER` finding is adjusted, but the likelihood of the `DOCUMENT_TYPE/HR/RESUME` finding is not. */ infoTypes?: Schema$GooglePrivacyDlpV2InfoType[]; /** * How the adjustment rule is applied. Only MATCHING_TYPE_PARTIAL_MATCH is supported: - Partial match: adjusts the findings of infoTypes specified in the inspection rule when they have a nonempty intersection with a finding of an infoType specified in this adjustment rule. */ matchingType?: string | null; /** * Required. Minimum likelihood of the `adjust_by_matching_info_types.info_types` finding. If the likelihood is lower than this value, Sensitive Data Protection doesn't adjust the likelihood of the `InspectionRuleSet.info_types` finding. */ minLikelihood?: string | null; } /** * Rule that specifies conditions when a certain infoType's finding details should be adjusted. */ export interface Schema$GooglePrivacyDlpV2AdjustmentRule { /** * AdjustmentRule condition for image findings. */ adjustByImageFindings?: Schema$GooglePrivacyDlpV2AdjustByImageFindings; /** * Set of infoTypes for which findings would affect this rule. */ adjustByMatchingInfoTypes?: Schema$GooglePrivacyDlpV2AdjustByMatchingInfoTypes; /** * Likelihood adjustment to apply to the infoType. */ likelihoodAdjustment?: Schema$GooglePrivacyDlpV2LikelihoodAdjustment; } /** * Apply transformation to all findings. */ export interface Schema$GooglePrivacyDlpV2AllInfoTypes { } /** * Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. */ export interface Schema$GooglePrivacyDlpV2AllOtherBigQueryTables { } /** * Match database resources not covered by any other filter. */ export interface Schema$GooglePrivacyDlpV2AllOtherDatabaseResources { } /** * Match discovery resources not covered by any other filter. */ export interface Schema$GooglePrivacyDlpV2AllOtherResources { } /** * Apply to all text. */ export interface Schema$GooglePrivacyDlpV2AllText { } /** * Amazon S3 bucket. */ export interface Schema$GooglePrivacyDlpV2AmazonS3Bucket { /** * The AWS account. */ awsAccount?: Schema$GooglePrivacyDlpV2AwsAccount; /** * Required. The bucket name. */ bucketName?: string | null; } /** * Amazon S3 bucket conditions. */ export interface Schema$GooglePrivacyDlpV2AmazonS3BucketConditions { /** * Optional. Bucket types that should be profiled. Optional. Defaults to TYPE_ALL_SUPPORTED if unspecified. */ bucketTypes?: string[] | null; /** * Optional. Object classes that should be profiled. Optional. Defaults to ALL_SUPPORTED_CLASSES if unspecified. */ objectStorageClasses?: string[] | null; } /** * Amazon S3 bucket regex. */ export interface Schema$GooglePrivacyDlpV2AmazonS3BucketRegex { /** * The AWS account regex. */ awsAccountRegex?: Schema$GooglePrivacyDlpV2AwsAccountRegex; /** * Optional. Regex to test the bucket name against. If empty, all buckets match. */ bucketNameRegex?: string | null; } /** * Result of a risk analysis operation request. */ export interface Schema$GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails { /** * Categorical stats result */ categoricalStatsResult?: Schema$GooglePrivacyDlpV2CategoricalStatsResult; /** * Delta-presence result */ deltaPresenceEstimationResult?: Schema$GooglePrivacyDlpV2DeltaPresenceEstimationResult; /** * K-anonymity result */ kAnonymityResult?: Schema$GooglePrivacyDlpV2KAnonymityResult; /** * K-map result */ kMapEstimationResult?: Schema$GooglePrivacyDlpV2KMapEstimationResult; /** * L-divesity result */ lDiversityResult?: Schema$GooglePrivacyDlpV2LDiversityResult; /** * Numerical stats result */ numericalStatsResult?: Schema$GooglePrivacyDlpV2NumericalStatsResult; /** * The configuration used for this job. */ requestedOptions?: Schema$GooglePrivacyDlpV2RequestedRiskAnalysisOptions; /** * Privacy metric to compute. */ requestedPrivacyMetric?: Schema$GooglePrivacyDlpV2PrivacyMetric; /** * Input dataset to compute metrics over. */ requestedSourceTable?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable). */ export interface Schema$GooglePrivacyDlpV2AuxiliaryTable { /** * Required. Quasi-identifier columns. */ quasiIds?: Schema$GooglePrivacyDlpV2QuasiIdField[]; /** * Required. The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero. */ relativeFrequency?: Schema$GooglePrivacyDlpV2FieldId; /** * Required. Auxiliary table location. */ table?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * AWS account. */ export interface Schema$GooglePrivacyDlpV2AwsAccount { /** * Required. AWS account ID. */ accountId?: string | null; } /** * AWS account regex. */ export interface Schema$GooglePrivacyDlpV2AwsAccountRegex { /** * Optional. Regex to test the AWS account ID against. If empty, all accounts match. */ accountIdRegex?: string | null; } /** * The AWS starting location for discovery. */ export interface Schema$GooglePrivacyDlpV2AwsDiscoveryStartingLocation { /** * The AWS account ID that this discovery config applies to. Within an AWS organization, you can find the AWS account ID inside an AWS account ARN. Example: arn:{partition\}:organizations::{management_account_id\}:account/{org_id\}/{account_id\} */ accountId?: string | null; /** * All AWS assets stored in Asset Inventory that didn't match other AWS discovery configs. */ allAssetInventoryAssets?: boolean | null; } /** * Target used to match against for discovery with BigQuery tables */ export interface Schema$GooglePrivacyDlpV2BigQueryDiscoveryTarget { /** * How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity. */ cadence?: Schema$GooglePrivacyDlpV2DiscoveryGenerationCadence; /** * In addition to matching the filter, these conditions must be true before a profile is generated. */ conditions?: Schema$GooglePrivacyDlpV2DiscoveryBigQueryConditions; /** * Tables that match this filter will not have profiles created. */ disabled?: Schema$GooglePrivacyDlpV2Disabled; /** * Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table. */ filter?: Schema$GooglePrivacyDlpV2DiscoveryBigQueryFilter; } /** * Message defining a field of a BigQuery table. */ export interface Schema$GooglePrivacyDlpV2BigQueryField { /** * Designated field in the BigQuery table. */ field?: Schema$GooglePrivacyDlpV2FieldId; /** * Source table of the field. */ table?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Row key for identifying a record in BigQuery table. */ export interface Schema$GooglePrivacyDlpV2BigQueryKey { /** * Row number inferred at the time the table was scanned. This value is nondeterministic, cannot be queried, and may be null for inspection jobs. To locate findings within a table, specify `inspect_job.storage_config.big_query_options.identifying_fields` in `CreateDlpJobRequest`. */ rowNumber?: string | null; /** * Complete BigQuery table reference. */ tableReference?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Options defining BigQuery table and row identifiers. */ export interface Schema$GooglePrivacyDlpV2BigQueryOptions { /** * References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used. */ excludedFields?: Schema$GooglePrivacyDlpV2FieldId[]; /** * Table fields that may uniquely identify a row within the table. When `actions.saveFindings.outputConfig.table` is specified, the values of columns specified here are available in the output table under `location.content_locations.record_location.record_key.id_values`. Nested fields such as `person.birthdate.year` are allowed. */ identifyingFields?: Schema$GooglePrivacyDlpV2FieldId[]; /** * Limit scanning only to these fields. When inspecting a table, we recommend that you inspect all columns. Otherwise, findings might be affected because hints from excluded columns will not be used. */ includedFields?: Schema$GooglePrivacyDlpV2FieldId[]; /** * Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. */ rowsLimit?: string | null; /** * Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. Caution: A [known issue](https://cloud.google.com/sensitive-data-protection/docs/known-issues#bq-sampling) is causing the `rowsLimitPercent` field to behave unexpectedly. We recommend using `rowsLimit` instead. */ rowsLimitPercent?: number | null; /** * How to sample the data. */ sampleMethod?: string | null; /** * Complete BigQuery table reference. */ tableReference?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ export interface Schema$GooglePrivacyDlpV2BigQueryRegex { /** * If unset, this property matches all datasets. */ datasetIdRegex?: string | null; /** * For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project. */ projectIdRegex?: string | null; /** * If unset, this property matches all tables. */ tableIdRegex?: string | null; } /** * A collection of regular expressions to determine what tables to match against. */ export interface Schema$GooglePrivacyDlpV2BigQueryRegexes { /** * A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. */ patterns?: Schema$GooglePrivacyDlpV2BigQueryRegex[]; } /** * Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. */ export interface Schema$GooglePrivacyDlpV2BigQueryTable { /** * Dataset ID of the table. */ datasetId?: string | null; /** * The Google Cloud project ID of the project containing the table. If omitted, project ID is inferred from the API call. */ projectId?: string | null; /** * Name of the table. */ tableId?: string | null; } /** * Specifies a collection of BigQuery tables. Used for Discovery. */ export interface Schema$GooglePrivacyDlpV2BigQueryTableCollection { /** * A collection of regular expressions to match a BigQuery table against. */ includeRegexes?: Schema$GooglePrivacyDlpV2BigQueryRegexes; } /** * The types of BigQuery tables supported by Cloud DLP. */ export interface Schema$GooglePrivacyDlpV2BigQueryTableTypes { /** * A set of BigQuery table types. */ types?: string[] | null; } /** * Bounding box encompassing detected text within an image. */ export interface Schema$GooglePrivacyDlpV2BoundingBox { /** * Height of the bounding box in pixels. */ height?: number | null; /** * Left coordinate of the bounding box. (0,0) is upper left. */ left?: number | null; /** * Top coordinate of the bounding box. (0,0) is upper left. */ top?: number | null; /** * Width of the bounding box in pixels. */ width?: number | null; } /** * Bucket is represented as a range, along with replacement values. */ export interface Schema$GooglePrivacyDlpV2Bucket { /** * Upper bound of the range, exclusive; type must match min. */ max?: Schema$GooglePrivacyDlpV2Value; /** * Lower bound of the range, inclusive. Type should be the same as max if used. */ min?: Schema$GooglePrivacyDlpV2Value; /** * Required. Replacement value for this bucket. */ replacementValue?: Schema$GooglePrivacyDlpV2Value; } /** * Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\> LOW, 31-65 -\> MEDIUM, 66-100 -\> HIGH. This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more. */ export interface Schema$GooglePrivacyDlpV2BucketingConfig { /** * Set of buckets. Ranges must be non-overlapping. */ buckets?: Schema$GooglePrivacyDlpV2Bucket[]; } /** * Container for bytes to inspect or redact. */ export interface Schema$GooglePrivacyDlpV2ByteContentItem { /** * Content data to inspect or redact. */ data?: string | null; /** * The type of data stored in the bytes string. Default will be TEXT_UTF8. */ type?: string | null; } /** * The request message for canceling a DLP job. */ export interface Schema$GooglePrivacyDlpV2CancelDlpJobRequest { } /** * Compute numerical stats over an individual column, including number of distinct values and value count distribution. */ export interface Schema$GooglePrivacyDlpV2CategoricalStatsConfig { /** * Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data. */ field?: Schema$GooglePrivacyDlpV2FieldId; } /** * Histogram of value frequencies in the column. */ export interface Schema$GooglePrivacyDlpV2CategoricalStatsHistogramBucket { /** * Total number of values in this bucket. */ bucketSize?: string | null; /** * Total number of distinct values in this bucket. */ bucketValueCount?: string | null; /** * Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20. */ bucketValues?: Schema$GooglePrivacyDlpV2ValueFrequency[]; /** * Lower bound on the value frequency of the values in this bucket. */ valueFrequencyLowerBound?: string | null; /** * Upper bound on the value frequency of the values in this bucket. */ valueFrequencyUpperBound?: string | null; } /** * Result of the categorical stats computation. */ export interface Schema$GooglePrivacyDlpV2CategoricalStatsResult { /** * Histogram of value frequencies in the column. */ valueFrequencyHistogramBuckets?: Schema$GooglePrivacyDlpV2CategoricalStatsHistogramBucket[]; } /** * Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. */ export interface Schema$GooglePrivacyDlpV2CharacterMaskConfig { /** * When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`. */ charactersToIgnore?: Schema$GooglePrivacyDlpV2CharsToIgnore[]; /** * Character to use to mask the sensitive values—for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits. */ maskingCharacter?: string | null; /** * Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If `number_to_mask` is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - `masking_character` is `*` - `number_to_mask` is `-4` - `reverse_order` is `false` - `CharsToIgnore` includes `-` - Input string is `1234-5678-9012-3456` The resulting de-identified string is `****-****-****-3456`. Cloud DLP masks all but the last four characters. If `reverse_order` is `true`, all but the first four characters are masked as `1234-****-****-****`. */ numberToMask?: number | null; /** * Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`. */ reverseOrder?: boolean | null; } /** * Characters to skip when doing deidentification of a value. These will be left alone and skipped. */ export interface Schema$GooglePrivacyDlpV2CharsToIgnore { /** * Characters to not transform when masking. */ charactersToSkip?: string | null; /** * Common characters to not transform when masking. Useful to avoid removing punctuation. */ commonCharactersToIgnore?: string | null; } /** * Target used to match against for discovery with Cloud SQL tables. */ export interface Schema$GooglePrivacyDlpV2CloudSqlDiscoveryTarget { /** * In addition to matching the filter, these conditions must be true before a profile is generated. */ conditions?: Schema$GooglePrivacyDlpV2DiscoveryCloudSqlConditions; /** * Disable profiling for database resources that match this filter. */ disabled?: Schema$GooglePrivacyDlpV2Disabled; /** * Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table. */ filter?: Schema$GooglePrivacyDlpV2DiscoveryCloudSqlFilter; /** * How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity. */ generationCadence?: Schema$GooglePrivacyDlpV2DiscoveryCloudSqlGenerationCadence; } /** * Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication. */ export interface Schema$GooglePrivacyDlpV2CloudSqlIamCredential { } /** * Cloud SQL connection properties. */ export interface Schema$GooglePrivacyDlpV2CloudSqlProperties { /** * Built-in IAM authentication (must be configured in Cloud SQL). */ cloudSqlIam?: Schema$GooglePrivacyDlpV2CloudSqlIamCredential; /** * Optional. Immutable. The Cloud SQL instance for which the connection is defined. Only one connection per instance is allowed. This can only be set at creation time, and cannot be updated. It is an error to use a connection_name from different project or region than the one that holds the connection. For example, a Connection resource for Cloud SQL connection_name `project-id:us-central1:sql-instance` must be created under the parent `projects/project-id/locations/us-central1` */ connectionName?: string | null; /** * Required. The database engine used by the Cloud SQL instance that this connection configures. */ databaseEngine?: string | null; /** * Required. The DLP API will limit its connections to max_connections. Must be 2 or greater. */ maxConnections?: number | null; /** * A username and password stored in Secret Manager. */ usernamePassword?: Schema$GooglePrivacyDlpV2SecretManagerCredential; } /** * Target used to match against for discovery with Cloud Storage buckets. */ export interface Schema$GooglePrivacyDlpV2CloudStorageDiscoveryTarget { /** * Optional. In addition to matching the filter, these conditions must be true before a profile is generated. */ conditions?: Schema$GooglePrivacyDlpV2DiscoveryFileStoreConditions; /** * Optional. Disable profiling for buckets that match this filter. */ disabled?: Schema$GooglePrivacyDlpV2Disabled; /** * Required. The buckets the generation_cadence applies to. The first target with a matching filter will be the one to apply to a bucket. */ filter?: Schema$GooglePrivacyDlpV2DiscoveryCloudStorageFilter; /** * Optional. How often and when to update profiles. New buckets that match both the filter and conditions are scanned as quickly as possible depending on system capacity. */ generationCadence?: Schema$GooglePrivacyDlpV2DiscoveryCloudStorageGenerationCadence; } /** * Message representing a set of files in Cloud Storage. */ export interface Schema$GooglePrivacyDlpV2CloudStorageFileSet { /** * The url, in the format `gs:///`. Trailing wildcard in the path is allowed. */ url?: string | null; } /** * Options defining a file or a set of files within a Cloud Storage bucket. */ export interface Schema$GooglePrivacyDlpV2CloudStorageOptions { /** * Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of `bytes_limit_per_file` and `bytes_limit_per_file_percent` can be specified. This field can't be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see [Limits on bytes scanned per file](https://cloud.google.com/sensitive-data-protection/docs/supported-file-types#max-byte-size-per-file). */ bytesLimitPerFile?: string | null; /** * Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. This field can't be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see [Limits on bytes scanned per file](https://cloud.google.com/sensitive-data-protection/docs/supported-file-types#max-byte-size-per-file). */ bytesLimitPerFilePercent?: number | null; /** * The set of one or more files to scan. */ fileSet?: Schema$GooglePrivacyDlpV2FileSet; /** * Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. */ filesLimitPercent?: number | null; /** * List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. */ fileTypes?: string[] | null; /** * How to sample the data. */ sampleMethod?: string | null; } /** * Message representing a single file or path in Cloud Storage. */ export interface Schema$GooglePrivacyDlpV2CloudStoragePath { /** * A URL representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` */ path?: string | null; } /** * A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ export interface Schema$GooglePrivacyDlpV2CloudStorageRegex { /** * Optional. Regex to test the bucket name against. If empty, all buckets match. Example: "marketing2021" or "(marketing)\d{4\}" will both match the bucket gs://marketing2021 */ bucketNameRegex?: string | null; /** * Optional. For organizations, if unset, will match all projects. */ projectIdRegex?: string | null; } /** * Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include. Included files are those that match at least one item in `include_regex` and do not match any items in `exclude_regex`. Note that a file that matches items from both lists will _not_ be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression. For example, given the input `{bucket_name: "mybucket", include_regex: ["directory1/.*"], exclude_regex: ["directory1/excluded.*"]\}`: * `gs://mybucket/directory1/myfile` will be included * `gs://mybucket/directory1/directory2/myfile` will be included (`.*` matches across `/`) * `gs://mybucket/directory0/directory1/myfile` will _not_ be included (the full path doesn't match any items in `include_regex`) * `gs://mybucket/directory1/excludedfile` will _not_ be included (the path matches an item in `exclude_regex`) If `include_regex` is left empty, it will match all files by default (this is equivalent to setting `include_regex: [".*"]`). Some other common use cases: * `{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]\}` will include all files in `mybucket` except for .pdf files * `{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]\}` will include all files directly under `gs://mybucket/directory/`, without matching across `/` */ export interface Schema$GooglePrivacyDlpV2CloudStorageRegexFileSet { /** * The name of a Cloud Storage bucket. Required. */ bucketName?: string | null; /** * A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ excludeRegex?: string[] | null; /** * A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in `exclude_regex`. Leaving this field empty will match all files by default (this is equivalent to including `.*` in the list). Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ includeRegex?: string[] | null; } /** * Identifies a single Cloud Storage bucket. */ export interface Schema$GooglePrivacyDlpV2CloudStorageResourceReference { /** * Required. The bucket to scan. */ bucketName?: string | null; /** * Required. If within a project-level config, then this must match the config's project id. */ projectId?: string | null; } /** * Represents a color in the RGB color space. */ export interface Schema$GooglePrivacyDlpV2Color { /** * The amount of blue in the color as a value in the interval [0, 1]. */ blue?: number | null; /** * The amount of green in the color as a value in the interval [0, 1]. */ green?: number | null; /** * The amount of red in the color as a value in the interval [0, 1]. */ red?: number | null; } /** * The profile for a scanned column within a table. */ export interface Schema$GooglePrivacyDlpV2ColumnDataProfile { /** * The name of the column. */ column?: string | null; /** * If it's been determined this column can be identified as a single type, this will be set. Otherwise the column either has unidentifiable content or mixed types. */ columnInfoType?: Schema$GooglePrivacyDlpV2InfoTypeSummary; /** * The data type of a given column. */ columnType?: string | null; /** * The data risk level for this column. */ dataRiskLevel?: Schema$GooglePrivacyDlpV2DataRiskLevel; /** * The BigQuery dataset ID, if the resource profiled is a BigQuery table. */ datasetId?: string | null; /** * If supported, the location where the dataset's data is stored. See https://cloud.google.com/bigquery/docs/locations for supported BigQuery locations. */ datasetLocation?: string | null; /** * The Google Cloud project ID that owns the profiled resource. */ datasetProjectId?: string | null; /** * Approximate percentage of entries being null in the column. */ estimatedNullPercentage?: string | null; /** * Approximate uniqueness of the column. */ estimatedUniquenessScore?: string | null; /** * The likelihood that this column contains free-form text. A value close to 1 may indicate the column is likely to contain free-form or natural language text. Range in 0-1. */ freeTextScore?: number | null; /** * The name of the profile. */ name?: string | null; /** * Other types found within this column. List will be unordered. */ otherMatches?: Schema$GooglePrivacyDlpV2OtherInfoTypeSummary[]; /** * Indicates if a policy tag has been applied to the column. */ policyState?: string | null; /** * The last time the profile was generated. */ profileLastGenerated?: string | null; /** * Success or error status from the most recent profile generation attempt. May be empty if the profile is still being generated. */ profileStatus?: Schema$GooglePrivacyDlpV2ProfileStatus; /** * The sensitivity of this column. */ sensitivityScore?: Schema$GooglePrivacyDlpV2SensitivityScore; /** * State of a profile. */ state?: string | null; /** * The resource name of the table data profile. */ tableDataProfile?: string | null; /** * The resource name of the resource this column is within. */ tableFullResource?: string | null; /** * The table ID. */ tableId?: string | null; } /** * The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. */ export interface Schema$GooglePrivacyDlpV2Condition { /** * Required. Field within the record this condition is evaluated against. */ field?: Schema$GooglePrivacyDlpV2FieldId; /** * Required. Operator used to compare the field or infoType to the value. */ operator?: string | null; /** * Value to compare against. [Mandatory, except for `EXISTS` tests.] */ value?: Schema$GooglePrivacyDlpV2Value; } /** * A collection of conditions. */ export interface Schema$GooglePrivacyDlpV2Conditions { /** * A collection of conditions. */ conditions?: Schema$GooglePrivacyDlpV2Condition[]; } /** * A data connection to allow the DLP API to profile data in locations that require additional configuration. */ export interface Schema$GooglePrivacyDlpV2Connection { /** * Connect to a Cloud SQL instance. */ cloudSql?: Schema$GooglePrivacyDlpV2CloudSqlProperties; /** * Output only. Set if status == ERROR, to provide additional details. Will store the last 10 errors sorted with the most recent first. */ errors?: Schema$GooglePrivacyDlpV2Error[]; /** * Output only. Name of the connection: `projects/{project\}/locations/{location\}/connections/{name\}`. */ name?: string | null; /** * Required. The connection's state in its lifecycle. */ state?: string | null; } /** * Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record. */ export interface Schema$GooglePrivacyDlpV2Container { /** * A string representation of the full container name. Examples: - BigQuery: 'Project:DataSetId.TableId' - Cloud Storage: 'gs://Bucket/folders/filename.txt' */ fullPath?: string | null; /** * Project where the finding was found. Can be different from the project that owns the finding. */ projectId?: string | null; /** * The rest of the path after the root. Examples: - For BigQuery table `project_id:dataset_id.table_id`, the relative path is `table_id` - For Cloud Storage file `gs://bucket/folder/filename.txt`, the relative path is `folder/filename.txt` */ relativePath?: string | null; /** * The root of the container. Examples: - For BigQuery table `project_id:dataset_id.table_id`, the root is `dataset_id` - For Cloud Storage file `gs://bucket/folder/filename.txt`, the root is `gs://bucket` */ rootPath?: string | null; /** * Container type, for example BigQuery or Cloud Storage. */ type?: string | null; /** * Findings container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated. */ updateTime?: string | null; /** * Findings container version, if available ("generation" for Cloud Storage). */ version?: string | null; } /** * Type of content to inspect. */ export interface Schema$GooglePrivacyDlpV2ContentItem { /** * Content data to inspect or redact. Replaces `type` and `data`. */ byteItem?: Schema$GooglePrivacyDlpV2ByteContentItem; /** * Structured content for inspection. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-text#inspecting_a_table to learn more. */ table?: Schema$GooglePrivacyDlpV2Table; /** * String data to inspect or redact. */ value?: string | null; } /** * Precise location of the finding within a document, record, image, or metadata container. */ export interface Schema$GooglePrivacyDlpV2ContentLocation { /** * Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows: * BigQuery tables: `{project_id\}:{dataset_id\}.{table_id\}` * Cloud Storage files: `gs://{bucket\}/{path\}` * Datastore namespace: {namespace\} Nested names could be absent if the embedded object has no string identifier (for example, an image contained within a document). */ containerName?: string | null; /** * Finding container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated. */ containerTimestamp?: string | null; /** * Finding container version, if available ("generation" for Cloud Storage). */ containerVersion?: string | null; /** * Location data for document files. */ documentLocation?: Schema$GooglePrivacyDlpV2DocumentLocation; /** * Location within an image's pixels. */ imageLocation?: Schema$GooglePrivacyDlpV2ImageLocation; /** * Location within the metadata for inspected content. */ metadataLocation?: Schema$GooglePrivacyDlpV2MetadataLocation; /** * Location within a row or record of a database table. */ recordLocation?: Schema$GooglePrivacyDlpV2RecordLocation; } /** * Request message for CreateConnection. */ export interface Schema$GooglePrivacyDlpV2CreateConnectionRequest { /** * Required. The connection resource. */ connection?: Schema$GooglePrivacyDlpV2Connection; } /** * Request message for CreateDeidentifyTemplate. */ export interface Schema$GooglePrivacyDlpV2CreateDeidentifyTemplateRequest { /** * Required. The DeidentifyTemplate to create. */ deidentifyTemplate?: Schema$GooglePrivacyDlpV2DeidentifyTemplate; /** * Deprecated. This field has no effect. */ locationId?: string | null; /** * The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length