googleapis

/** * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { OAuth2Client, JWT, Compute, UserRefreshClient } from 'google-auth-library'; import { GoogleConfigurable, MethodOptions, GlobalOptions, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { GaxiosPromise } from 'gaxios'; export declare namespace dlp_v2 { interface Options extends GlobalOptions { version: 'v2'; } interface StandardParameters { /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Cloud Data Loss Prevention (DLP) API * * Provides methods for detection, risk analysis, and de-identification of privacy-sensitive fragments in text, images, and Google Cloud Platform storage repositories. * * @example * const {google} = require('googleapis'); * const dlp = google.dlp('v2'); * * @namespace dlp * @type {Function} * @version v2 * @variation v2 * @param {object=} options Options for Dlp */ class Dlp { context: APIRequestContext; infoTypes: Resource$Infotypes; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * A task to execute on the completion of a job. See https://cloud.google.com/dlp/docs/concepts-actions to learn more. */ interface Schema$GooglePrivacyDlpV2Action { /** * Enable email notification to project owners and editors on job's completion/failure. */ jobNotificationEmails?: Schema$GooglePrivacyDlpV2JobNotificationEmails; /** * Publish findings to Cloud Datahub. */ publishFindingsToCloudDataCatalog?: Schema$GooglePrivacyDlpV2PublishFindingsToCloudDataCatalog; /** * Publish summary to Cloud Security Command Center (Alpha). */ publishSummaryToCscc?: Schema$GooglePrivacyDlpV2PublishSummaryToCscc; /** * Publish a notification to a pubsub topic. */ pubSub?: Schema$GooglePrivacyDlpV2PublishToPubSub; /** * Save resulting findings in a provided location. */ saveFindings?: Schema$GooglePrivacyDlpV2SaveFindings; } /** * Request message for ActivateJobTrigger. */ interface Schema$GooglePrivacyDlpV2ActivateJobTriggerRequest { } /** * Result of a risk analysis operation request. */ interface Schema$GooglePrivacyDlpV2AnalyzeDataSourceRiskDetails { categoricalStatsResult?: Schema$GooglePrivacyDlpV2CategoricalStatsResult; deltaPresenceEstimationResult?: Schema$GooglePrivacyDlpV2DeltaPresenceEstimationResult; kAnonymityResult?: Schema$GooglePrivacyDlpV2KAnonymityResult; kMapEstimationResult?: Schema$GooglePrivacyDlpV2KMapEstimationResult; lDiversityResult?: Schema$GooglePrivacyDlpV2LDiversityResult; numericalStatsResult?: Schema$GooglePrivacyDlpV2NumericalStatsResult; /** * Privacy metric to compute. */ requestedPrivacyMetric?: Schema$GooglePrivacyDlpV2PrivacyMetric; /** * Input dataset to compute metrics over. */ requestedSourceTable?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable). */ interface Schema$GooglePrivacyDlpV2AuxiliaryTable { /** * Quasi-identifier columns. [required] */ quasiIds?: Schema$GooglePrivacyDlpV2QuasiIdField[]; /** * The relative frequency column must contain a floating-point number between 0 and 1 (inclusive). Null values are assumed to be zero. [required] */ relativeFrequency?: Schema$GooglePrivacyDlpV2FieldId; /** * Auxiliary table location. [required] */ table?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Message defining a field of a BigQuery table. */ interface Schema$GooglePrivacyDlpV2BigQueryField { /** * Designated field in the BigQuery table. */ field?: Schema$GooglePrivacyDlpV2FieldId; /** * Source table of the field. */ table?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Row key for identifying a record in BigQuery table. */ interface Schema$GooglePrivacyDlpV2BigQueryKey { /** * Absolute number of the row from the beginning of the table at the time of scanning. */ rowNumber?: string; /** * Complete BigQuery table reference. */ tableReference?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Options defining BigQuery table and row identifiers. */ interface Schema$GooglePrivacyDlpV2BigQueryOptions { /** * References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. */ excludedFields?: Schema$GooglePrivacyDlpV2FieldId[]; /** * References to fields uniquely identifying rows within the table. Nested fields in the format, like `person.birthdate.year`, are allowed. */ identifyingFields?: Schema$GooglePrivacyDlpV2FieldId[]; /** * Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. */ rowsLimit?: string; /** * Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. */ rowsLimitPercent?: number; sampleMethod?: string; /** * Complete BigQuery table reference. */ tableReference?: Schema$GooglePrivacyDlpV2BigQueryTable; } /** * Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `<project_id>:<dataset_id>.<table_id>` or `<project_id>.<dataset_id>.<table_id>`. */ interface Schema$GooglePrivacyDlpV2BigQueryTable { /** * Dataset ID of the table. */ datasetId?: string; /** * The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. */ projectId?: string; /** * Name of the table. */ tableId?: string; } /** * Bounding box encompassing detected text within an image. */ interface Schema$GooglePrivacyDlpV2BoundingBox { /** * Height of the bounding box in pixels. */ height?: number; /** * Left coordinate of the bounding box. (0,0) is upper left. */ left?: number; /** * Top coordinate of the bounding box. (0,0) is upper left. */ top?: number; /** * Width of the bounding box in pixels. */ width?: number; } /** * Bucket is represented as a range, along with replacement values. */ interface Schema$GooglePrivacyDlpV2Bucket { /** * Upper bound of the range, exclusive; type must match min. */ max?: Schema$GooglePrivacyDlpV2Value; /** * Lower bound of the range, inclusive. Type should be the same as max if used. */ min?: Schema$GooglePrivacyDlpV2Value; /** * Replacement value for this bucket. If not provided the default behavior will be to hyphenate the min-max range. */ replacementValue?: Schema$GooglePrivacyDlpV2Value; } /** * Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound `Value` type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. */ interface Schema$GooglePrivacyDlpV2BucketingConfig { /** * Set of buckets. Ranges must be non-overlapping. */ buckets?: Schema$GooglePrivacyDlpV2Bucket[]; } /** * Container for bytes to inspect or redact. */ interface Schema$GooglePrivacyDlpV2ByteContentItem { /** * Content data to inspect or redact. */ data?: string; /** * The type of data stored in the bytes string. Default will be TEXT_UTF8. */ type?: string; } /** * The request message for canceling a DLP job. */ interface Schema$GooglePrivacyDlpV2CancelDlpJobRequest { } /** * Compute numerical stats over an individual column, including number of distinct values and value count distribution. */ interface Schema$GooglePrivacyDlpV2CategoricalStatsConfig { /** * Field to compute categorical stats on. All column types are supported except for arrays and structs. However, it may be more informative to use NumericalStats when the field type is supported, depending on the data. */ field?: Schema$GooglePrivacyDlpV2FieldId; } interface Schema$GooglePrivacyDlpV2CategoricalStatsHistogramBucket { /** * Total number of values in this bucket. */ bucketSize?: string; /** * Total number of distinct values in this bucket. */ bucketValueCount?: string; /** * Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20. */ bucketValues?: Schema$GooglePrivacyDlpV2ValueFrequency[]; /** * Lower bound on the value frequency of the values in this bucket. */ valueFrequencyLowerBound?: string; /** * Upper bound on the value frequency of the values in this bucket. */ valueFrequencyUpperBound?: string; } /** * Result of the categorical stats computation. */ interface Schema$GooglePrivacyDlpV2CategoricalStatsResult { /** * Histogram of value frequencies in the column. */ valueFrequencyHistogramBuckets?: Schema$GooglePrivacyDlpV2CategoricalStatsHistogramBucket[]; } /** * Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3. */ interface Schema$GooglePrivacyDlpV2CharacterMaskConfig { /** * When masking a string, items in this list will be skipped when replacing. For example, if your string is 555-555-5555 and you ask us to skip `-` and mask 5 chars with * we would produce ***-*55-5555. */ charactersToIgnore?: Schema$GooglePrivacyDlpV2CharsToIgnore[]; /** * Character to mask the sensitive values&mdash;for example, "*" for an alphabetic string such as name, or "0" for a numeric string such as ZIP code or credit card number. String must have length 1. If not supplied, we will default to "*" for strings, 0 for digits. */ maskingCharacter?: string; /** * Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. */ numberToMask?: number; /** * Mask characters in reverse order. For example, if `masking_character` is '0', number_to_mask is 14, and `reverse_order` is false, then 1234-5678-9012-3456 -> 00000000000000-3456 If `masking_character` is '*', `number_to_mask` is 3, and `reverse_order` is true, then 12345 -> 12*** */ reverseOrder?: boolean; } /** * Characters to skip when doing deidentification of a value. These will be left alone and skipped. */ interface Schema$GooglePrivacyDlpV2CharsToIgnore { charactersToSkip?: string; commonCharactersToIgnore?: string; } /** * Message representing a set of files in Cloud Storage. */ interface Schema$GooglePrivacyDlpV2CloudStorageFileSet { /** * The url, in the format `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed. */ url?: string; } /** * Options defining a file or a set of files within a Google Cloud Storage bucket. */ interface Schema$GooglePrivacyDlpV2CloudStorageOptions { /** * Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. */ bytesLimitPerFile?: string; /** * Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. */ bytesLimitPerFilePercent?: number; /** * The set of one or more files to scan. */ fileSet?: Schema$GooglePrivacyDlpV2FileSet; /** * Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. */ filesLimitPercent?: number; /** * List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. */ fileTypes?: string[]; sampleMethod?: string; } /** * Message representing a single file or path in Cloud Storage. */ interface Schema$GooglePrivacyDlpV2CloudStoragePath { /** * A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt */ path?: string; } /** * Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include. Included files are those that match at least one item in `include_regex` and do not match any items in `exclude_regex`. Note that a file that matches items from both lists will _not_ be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression. For example, given the input `{bucket_name: "mybucket", include_regex: ["directory1/.*"], exclude_regex: ["directory1/excluded.*"]}`: * `gs://mybucket/directory1/myfile` will be included * `gs://mybucket/directory1/directory2/myfile` will be included (`.*` matches across `/`) * `gs://mybucket/directory0/directory1/myfile` will _not_ be included (the full path doesn't match any items in `include_regex`) * `gs://mybucket/directory1/excludedfile` will _not_ be included (the path matches an item in `exclude_regex`) If `include_regex` is left empty, it will match all files by default (this is equivalent to setting `include_regex: [".*"]`). Some other common use cases: * `{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]}` will include all files in `mybucket` except for .pdf files * `{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]}` will include all files directly under `gs://mybucket/directory/`, without matching across `/` */ interface Schema$GooglePrivacyDlpV2CloudStorageRegexFileSet { /** * The name of a Cloud Storage bucket. Required. */ bucketName?: string; /** * A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ excludeRegex?: string[]; /** * A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in `exclude_regex`. Leaving this field empty will match all files by default (this is equivalent to including `.*` in the list). Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub. */ includeRegex?: string[]; } /** * Represents a color in the RGB color space. */ interface Schema$GooglePrivacyDlpV2Color { /** * The amount of blue in the color as a value in the interval [0, 1]. */ blue?: number; /** * The amount of green in the color as a value in the interval [0, 1]. */ green?: number; /** * The amount of red in the color as a value in the interval [0, 1]. */ red?: number; } /** * The field type of `value` and `field` do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A `value` of type: - `string` can be compared against all other types - `boolean` can only be compared against other booleans - `integer` can be compared against doubles or a string if the string value can be parsed as an integer. - `double` can be compared against integers or a string if the string can be parsed as a double. - `Timestamp` can be compared against strings in RFC 3339 date string format. - `TimeOfDay` can be compared against timestamps and strings in the format of 'HH:mm:ss'. If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false. */ interface Schema$GooglePrivacyDlpV2Condition { /** * Field within the record this condition is evaluated against. [required] */ field?: Schema$GooglePrivacyDlpV2FieldId; /** * Operator used to compare the field or infoType to the value. [required] */ operator?: string; /** * Value to compare against. [Required, except for `EXISTS` tests.] */ value?: Schema$GooglePrivacyDlpV2Value; } /** * A collection of conditions. */ interface Schema$GooglePrivacyDlpV2Conditions { conditions?: Schema$GooglePrivacyDlpV2Condition[]; } /** * Container structure for the content to inspect. */ interface Schema$GooglePrivacyDlpV2ContentItem { /** * Content data to inspect or redact. Replaces `type` and `data`. */ byteItem?: Schema$GooglePrivacyDlpV2ByteContentItem; /** * Structured content for inspection. See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to learn more. */ table?: Schema$GooglePrivacyDlpV2Table; /** * String data to inspect or redact. */ value?: string; } /** * Findings container location data. */ interface Schema$GooglePrivacyDlpV2ContentLocation { /** * Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows: * BigQuery tables: `<project_id>:<dataset_id>.<table_id>` * Cloud Storage files: `gs://<bucket>/<path>` * Datastore namespace: <namespace> Nested names could be absent if the embedded object has no string identifier (for an example an image contained within a document). */ containerName?: string; /** * Findings container modification timestamp, if applicable. For Google Cloud Storage contains last file modification timestamp. For BigQuery table contains last_modified_time property. For Datastore - not populated. */ containerTimestamp?: string; /** * Findings container version, if available ("generation" for Google Cloud Storage). */ containerVersion?: string; /** * Location data for document files. */ documentLocation?: Schema$GooglePrivacyDlpV2DocumentLocation; /** * Location within an image's pixels. */ imageLocation?: Schema$GooglePrivacyDlpV2ImageLocation; /** * Location within a row or record of a database table. */ recordLocation?: Schema$GooglePrivacyDlpV2RecordLocation; } /** * Request message for CreateDeidentifyTemplate. */ interface Schema$GooglePrivacyDlpV2CreateDeidentifyTemplateRequest { /** * The DeidentifyTemplate to create. */ deidentifyTemplate?: Schema$GooglePrivacyDlpV2DeidentifyTemplate; /** * The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. */ templateId?: string; } /** * Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage. */ interface Schema$GooglePrivacyDlpV2CreateDlpJobRequest { inspectJob?: Schema$GooglePrivacyDlpV2InspectJobConfig; /** * The job id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. */ jobId?: string; riskJob?: Schema$GooglePrivacyDlpV2RiskAnalysisJobConfig; } /** * Request message for CreateInspectTemplate. */ interface Schema$GooglePrivacyDlpV2CreateInspectTemplateRequest { /** * The InspectTemplate to create. */ inspectTemplate?: Schema$GooglePrivacyDlpV2InspectTemplate; /** * The template id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. */ templateId?: string; } /** * Request message for CreateJobTrigger. */ interface Schema$GooglePrivacyDlpV2CreateJobTriggerRequest { /** * The JobTrigger to create. */ jobTrigger?: Schema$GooglePrivacyDlpV2JobTrigger; /** * The trigger id can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. */ triggerId?: string; } /** * Request message for CreateStoredInfoType. */ interface Schema$GooglePrivacyDlpV2CreateStoredInfoTypeRequest { /** * Configuration of the storedInfoType to create. */ config?: Schema$GooglePrivacyDlpV2StoredInfoTypeConfig; /** * The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one. */ storedInfoTypeId?: string; } /** * Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. */ interface Schema$GooglePrivacyDlpV2CryptoDeterministicConfig { /** * Optional. A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. */ context?: Schema$GooglePrivacyDlpV2FieldId; /** * The key used by the encryption function. */ cryptoKey?: Schema$GooglePrivacyDlpV2CryptoKey; /** * The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: <info type name>(<surrogate character count>):<surrogate> For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE */ surrogateInfoType?: Schema$GooglePrivacyDlpV2InfoType; } /** * Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. */ interface Schema$GooglePrivacyDlpV2CryptoHashConfig { /** * The key used by the hash function. */ cryptoKey?: Schema$GooglePrivacyDlpV2CryptoKey; } /** * This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. */ interface Schema$GooglePrivacyDlpV2CryptoKey { kmsWrapped?: Schema$GooglePrivacyDlpV2KmsWrappedCryptoKey; transient?: Schema$GooglePrivacyDlpV2TransientCryptoKey; unwrapped?: Schema$GooglePrivacyDlpV2UnwrappedCryptoKey; } /** * Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `ReidentifyContent` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. */ interface Schema$GooglePrivacyDlpV2CryptoReplaceFfxFpeConfig { commonAlphabet?: string; /** * The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2 */ context?: Schema$GooglePrivacyDlpV2FieldId; /** * The key used by the encryption algorithm. [required] */ cryptoKey?: Schema$GooglePrivacyDlpV2CryptoKey; /** * This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 62]. This must be encoded as ASCII. The order of characters does not matter. */ customAlphabet?: string; /** * The native way to select the alphabet. Must be in the range [2, 62]. */ radix?: number; /** * The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE */ surrogateInfoType?: Schema$GooglePrivacyDlpV2InfoType; } /** * Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question. */ interface Schema$GooglePrivacyDlpV2CustomInfoType { /** * Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the `surrogate_type` CustomInfoType. */ detectionRules?: Schema$GooglePrivacyDlpV2DetectionRule[]; /** * A list of phrases to detect as a CustomInfoType. */ dictionary?: Schema$GooglePrivacyDlpV2Dictionary; /** * If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. */ exclusionType?: string; /** * CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type. */ infoType?: Schema$GooglePrivacyDlpV2InfoType; /** * Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. */ likelihood?: string; /** * Regular expression based CustomInfoType. */ regex?: Schema$GooglePrivacyDlpV2Regex; /** * Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`. */ storedType?: Schema$GooglePrivacyDlpV2StoredType; /** * Message for detecting output from deidentification transformations that support reversing. */ surrogateType?: Schema$GooglePrivacyDlpV2SurrogateType; } /** * Record key for a finding in Cloud Datastore. */ interface Schema$GooglePrivacyDlpV2DatastoreKey { /** * Datastore entity key. */ entityKey?: Schema$GooglePrivacyDlpV2Key; } /** * Options defining a data set within Google Cloud Datastore. */ interface Schema$GooglePrivacyDlpV2DatastoreOptions { /** * The kind to process. */ kind?: Schema$GooglePrivacyDlpV2KindExpression; /** * A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. */ partitionId?: Schema$GooglePrivacyDlpV2PartitionId; } /** * Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. */ interface Schema$GooglePrivacyDlpV2DateShiftConfig { /** * Points to the field that contains the context, for example, an entity id. If set, must also set method. If set, shift will be consistent for the given context. */ context?: Schema$GooglePrivacyDlpV2FieldId; /** * Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. */ cryptoKey?: Schema$GooglePrivacyDlpV2CryptoKey; /** * For example, -5 means shift date to at most 5 days back in the past. [Required] */ lowerBoundDays?: number; /** * Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future. [Required] */ upperBoundDays?: number; } /** * Message for a date time object. e.g. 2018-01-01, 5th August. */ interface Schema$GooglePrivacyDlpV2DateTime { /** * One or more of the following must be set. All fields are optional, but when set must be valid date or time values. */ date?: Schema$GoogleTypeDate; dayOfWeek?: string; time?: Schema$GoogleTypeTimeOfDay; timeZone?: Schema$GooglePrivacyDlpV2TimeZone; } /** * The configuration that controls how the data will change. */ interface Schema$GooglePrivacyDlpV2DeidentifyConfig { /** * Treat the dataset as free-form text and apply the same free text transformation everywhere. */ infoTypeTransformations?: Schema$GooglePrivacyDlpV2InfoTypeTransformations; /** * Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. */ recordTransformations?: Schema$GooglePrivacyDlpV2RecordTransformations; } /** * Request to de-identify a list of items. */ interface Schema$GooglePrivacyDlpV2DeidentifyContentRequest { /** * Configuration for the de-identification of the content item. Items specified here will override the template referenced by the deidentify_template_name argument. */ deidentifyConfig?: Schema$GooglePrivacyDlpV2DeidentifyConfig; /** * Optional template to use. Any configuration directly specified in deidentify_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged. */ deidentifyTemplateName?: string; /** * Configuration for the inspector. Items specified here will override the template referenced by the inspect_template_name argument. */ inspectConfig?: Schema$GooglePrivacyDlpV2InspectConfig; /** * Optional template to use. Any configuration directly specified in inspect_config will override those set in the template. Singular fields that are set in this request will replace their corresponding fields in the template. Repeated fields are appended. Singular sub-messages and groups are recursively merged. */ inspectTemplateName?: string; /** * The item to de-identify. Will be treated as text. */ item?: Schema$GooglePrivacyDlpV2ContentItem; /** * The geographic location to process de-identification. Reserved for future extensions. */ location?: string; } /** * Results of de-identifying a ContentItem. */ interface Schema$GooglePrivacyDlpV2DeidentifyContentResponse { /** * The de-identified item. */ item?: Schema$GooglePrivacyDlpV2ContentItem; /** * An overview of the changes that were made on the `item`. */ overview?: Schema$GooglePrivacyDlpV2TransformationOverview; } /** * The DeidentifyTemplates contains instructions on how to deidentify content. See https://cloud.google.com/dlp/docs/concepts-templates to learn more. */ interface Schema$GooglePrivacyDlpV2DeidentifyTemplate { /** * The creation timestamp of a inspectTemplate, output only field. */ createTime?: string; /** * ///////////// // The core content of the template // /////////////// */ deidentifyConfig?: Schema$GooglePrivacyDlpV2DeidentifyConfig; /** * Short description (max 256 chars). */ description?: string; /** * Display name (max 256 chars). */ displayName?: string; /** * The template name. Output only. The template will have one of the following formats: `projects/PROJECT_ID/deidentifyTemplates/TEMPLATE_ID` OR `organizations/ORGANIZATION_ID/deidentifyTemplates/TEMPLATE_ID` */ name?: string; /** * The last update timestamp of a inspectTemplate, output only field. */ updateTime?: string; } /** * δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead. */ interface Schema$GooglePrivacyDlpV2DeltaPresenceEstimationConfig { /** * Several auxiliary tables can be used in the analysis. Each custom_tag used to tag a quasi-identifiers field must appear in exactly one field of one auxiliary table. */ auxiliaryTables?: Schema$GooglePrivacyDlpV2StatisticalTable[]; /** * Fields considered to be quasi-identifiers. No two fields can have the same tag. [required] */ quasiIds?: Schema$GooglePrivacyDlpV2QuasiId[]; /** * ISO 3166-1 alpha-2 region code to use in the statistical modeling. Required if no column is tagged with a region-specific InfoType (like US_ZIP_5) or a region code. */ regionCode?: string; } /** * A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset. */ interface Schema$GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket { /** * Number of records within these probability bounds. */ bucketSize?: string; /** * Total number of distinct quasi-identifier tuple values in this bucket. */ bucketValueCount?: string; /** * Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20. */ bucketValues?: Schema$GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues[]; /** * Always greater than or equal to min_probability. */ maxProbability?: number; /** * Between 0 and 1. */ minProbability?: number; } /** * A tuple of values for the quasi-identifier columns. */ interface Schema$GooglePrivacyDlpV2DeltaPresenceEstimationQuasiIdValues { /** * The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside *and* outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi-identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15. */ estimatedProbability?: number; /** * The quasi-identifier values. */ quasiIdsValues?: Schema$GooglePrivacyDlpV2Value[]; } /** * Result of the δ-presence computation. Note that these results are an estimation, not exact values. */ interface Schema$GooglePrivacyDlpV2DeltaPresenceEstimationResult { /** * The intervals [min_probability, max_probability) do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4. */ deltaPresenceEstimationHistogram?: Schema$GooglePrivacyDlpV2DeltaPresenceEstimationHistogramBucket[]; } /** * Deprecated; use `InspectionRuleSet` instead. Rule for modifying a `CustomInfoType` to alter behavior under certain circumstances, depending on the specific details of the rule. Not supported for the `surrogate_type` custom infoType. */ interface Schema$GooglePrivacyDlpV2DetectionRule { /** * Hotword-based detection rule. */ hotwordRule?: Schema$GooglePrivacyDlpV2HotwordRule; } /** * Custom information type based on a dictionary of words or phrases. This can be used to match sensitive information specific to the data, such as a list of employee IDs or job titles. Dictionary words are case-insensitive and all characters other than letters and digits in the unicode [Basic Multilingual Plane](https://en.wikipedia.org/wiki/Plane_%28Unicode%29#Basic_Multilingual_Plane) will be replaced with whitespace when scanning for matches, so the dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters surrounding any match must be of a different type than the adjacent characters within the word, so letters must be next to non-letters and digits next to non-digits. For example, the dictionary word "jen" will match the first three letters of the text "jen123" but will return no matches for "jennifer". Dictionary words containing a large number of characters that are not letters or digits may result in unexpected findings because such characters are treated as whitespace. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries. For dictionaries that do not fit within these constraints, consider using `LargeCustomDictionaryConfig` in the `StoredInfoType` API. */ interface Schema$GooglePrivacyDlpV2Dictionary { /** * Newline-delimited file of words in Cloud Storage. Only a single file is accepted. */ cloudStoragePath?: Schema$GooglePrivacyDlpV2CloudStoragePath; /** * List of words or phrases to search for. */ wordList?: Schema$GooglePrivacyDlpV2WordList; } /** * Combines all of the information about a DLP job. */ interface Schema$GooglePrivacyDlpV2DlpJob { /** * Time when the job was created. */ createTime?: string; /** * Time when the job finished