Google Cloud Data Loss Prevention v2 API - Namespace Google.Cloud.Dlp.V2 (4.14.0)

Classes

Action

A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more.

Action.Types

Container for nested types declared in the Action message type.

Action.Types.Deidentify

Create a de-identified copy of the requested table or files.

A TransformationDetail will be created for each transformation.

If any rows in BigQuery are skipped during de-identification (transformation errors or row size exceeds BigQuery insert API limits) they are placed in the failure output table. If the original row exceeds the BigQuery insert API limit it will be truncated when written to the failure output table. The failure output table can be set in the action.deidentify.output.big_query_output.deidentified_failure_output_table field, if no table is set, a table will be automatically created in the same project and dataset as the original table.

Compatible with: Inspect

Action.Types.JobNotificationEmails

Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.

Action.Types.PublishFindingsToCloudDataCatalog

Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag templates are applied to the resource that Cloud DLP scanned. Data Catalog tag templates are stored in the same project and region where the BigQuery table exists. For Cloud DLP to create and apply the tag template, the Cloud DLP service agent must have the roles/datacatalog.tagTemplateOwner permission on the project. The tag template contains fields summarizing the results of the DlpJob. Any field values previously written by another DlpJob are deleted. [InfoType naming patterns][google.privacy.dlp.v2.InfoType] are strictly enforced when using this feature.

Findings are persisted in Data Catalog storage and are governed by service-specific policies for Data Catalog. For more information, see Service Specific Terms.

Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect

Action.Types.PublishSummaryToCscc

Publish the result summary of a DlpJob to Security Command Center. This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by service-specific policies for Security Command Center. Only a single instance of this action can be specified. Compatible with: Inspect

Action.Types.PublishToPubSub

Publish a message into a given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName, which is equal to the finished job's DlpJob.name. Compatible with: Inspect, Risk

Action.Types.PublishToStackdriver

Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.

Action.Types.SaveFindings

If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk

ActionDetails

The results of an [Action][google.privacy.dlp.v2.Action].

ActivateJobTriggerRequest

Request message for ActivateJobTrigger.

AllOtherDatabaseResources

Match database resources not covered by any other filter.

AllOtherResources

Match discovery resources not covered by any other filter.

AmazonS3Bucket

Amazon S3 bucket.

AmazonS3BucketConditions

Amazon S3 bucket conditions.

AmazonS3BucketConditions.Types

Container for nested types declared in the AmazonS3BucketConditions message type.

AmazonS3BucketRegex

Amazon S3 bucket regex.

AnalyzeDataSourceRiskDetails

Result of a risk analysis operation request.

AnalyzeDataSourceRiskDetails.Types

Container for nested types declared in the AnalyzeDataSourceRiskDetails message type.

AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult

Result of the categorical stats computation.

AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult.Types

Container for nested types declared in the CategoricalStatsResult message type.

AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult.Types.CategoricalStatsHistogramBucket

Histogram of value frequencies in the column.

AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult

Result of the δ-presence computation. Note that these results are an estimation, not exact values.

AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types

Container for nested types declared in the DeltaPresenceEstimationResult message type.

AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types.DeltaPresenceEstimationHistogramBucket

A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.

AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types.DeltaPresenceEstimationQuasiIdValues

A tuple of values for the quasi-identifier columns.

AnalyzeDataSourceRiskDetails.Types.KAnonymityResult

Result of the k-anonymity computation.

AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types

Container for nested types declared in the KAnonymityResult message type.

AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types.KAnonymityEquivalenceClass

The set of columns' values that share the same ldiversity value

AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types.KAnonymityHistogramBucket

Histogram of k-anonymity equivalence classes.

AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult

Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.

AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types

Container for nested types declared in the KMapEstimationResult message type.

AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types.KMapEstimationHistogramBucket

A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records.

AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types.KMapEstimationQuasiIdValues

A tuple of values for the quasi-identifier columns.

AnalyzeDataSourceRiskDetails.Types.LDiversityResult

Result of the l-diversity computation.

AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types

Container for nested types declared in the LDiversityResult message type.

AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types.LDiversityEquivalenceClass

The set of columns' values that share the same ldiversity value.

AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types.LDiversityHistogramBucket

Histogram of l-diversity equivalence class sensitive value frequencies.

AnalyzeDataSourceRiskDetails.Types.NumericalStatsResult

Result of the numerical stats computation.

AnalyzeDataSourceRiskDetails.Types.RequestedRiskAnalysisOptions

Risk analysis options.

AwsAccount

AWS account.

AwsAccountRegex

AWS account regex.

BigQueryDiscoveryTarget

Target used to match against for discovery with BigQuery tables

BigQueryField

Message defining a field of a BigQuery table.

BigQueryKey

Row key for identifying a record in BigQuery table.

BigQueryOptions

Options defining BigQuery table and row identifiers.

BigQueryOptions.Types

Container for nested types declared in the BigQueryOptions message type.

BigQueryRegex

A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

BigQueryRegexes

A collection of regular expressions to determine what tables to match against.

BigQueryTable

Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: <project_id>:<dataset_id>.<table_id> or <project_id>.<dataset_id>.<table_id>.

BigQueryTableCollection

Specifies a collection of BigQuery tables. Used for Discovery.

BigQueryTableTypes

The types of BigQuery tables supported by Cloud DLP.

BoundingBox

Bounding box encompassing detected text within an image.

BucketingConfig

Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW, 31-65 -> MEDIUM, 66-100 -> HIGH.

This can be used on data of type: number, long, string, timestamp.

If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more.

BucketingConfig.Types

Container for nested types declared in the BucketingConfig message type.

BucketingConfig.Types.Bucket

Bucket is represented as a range, along with replacement values.

ByteContentItem

Container for bytes to inspect or redact.

ByteContentItem.Types

Container for nested types declared in the ByteContentItem message type.

CancelDlpJobRequest

The request message for canceling a DLP job.

CharacterMaskConfig

Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3.

CharsToIgnore

Characters to skip when doing deidentification of a value. These will be left alone and skipped.

CharsToIgnore.Types

Container for nested types declared in the CharsToIgnore message type.

CloudSqlDiscoveryTarget

Target used to match against for discovery with Cloud SQL tables.

CloudSqlIamCredential

Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.

CloudSqlProperties

Cloud SQL connection properties.

CloudSqlProperties.Types

Container for nested types declared in the CloudSqlProperties message type.

CloudStorageDiscoveryTarget

Target used to match against for discovery with Cloud Storage buckets.

CloudStorageFileSet

Message representing a set of files in Cloud Storage.

CloudStorageOptions

Options defining a file or a set of files within a Cloud Storage bucket.

CloudStorageOptions.Types

Container for nested types declared in the CloudStorageOptions message type.

CloudStorageOptions.Types.FileSet

Set of files to scan.

CloudStoragePath

Message representing a single file or path in Cloud Storage.

CloudStorageRegex

A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

CloudStorageRegexFileSet

Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include.

Included files are those that match at least one item in include_regex and do not match any items in exclude_regex. Note that a file that matches items from both lists will not be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression.

For example, given the input {bucket_name: "mybucket", include_regex: ["directory1/.*"], exclude_regex: ["directory1/excluded.*"]}:

  • gs://mybucket/directory1/myfile will be included
  • gs://mybucket/directory1/directory2/myfile will be included (.* matches across /)
  • gs://mybucket/directory0/directory1/myfile will not be included (the full path doesn't match any items in include_regex)
  • gs://mybucket/directory1/excludedfile will not be included (the path matches an item in exclude_regex)

If include_regex is left empty, it will match all files by default (this is equivalent to setting include_regex: [".*"]).

Some other common use cases:

  • {bucket_name: "mybucket", exclude_regex: [".*\.pdf"]} will include all files in mybucket except for .pdf files
  • {bucket_name: "mybucket", include_regex: ["directory/[^/]+"]} will include all files directly under gs://mybucket/directory/, without matching across /

CloudStorageResourceReference

Identifies a single Cloud Storage bucket.

Color

Represents a color in the RGB color space.

ColumnDataProfile

The profile for a scanned column within a table.

ColumnDataProfile.Types

Container for nested types declared in the ColumnDataProfile message type.

ColumnDataProfileName

Resource name for the ColumnDataProfile resource.

Connection

A data connection to allow DLP to profile data in locations that require additional configuration.

ConnectionName

Resource name for the Connection resource.

Container

Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record.

ContentItem

Type of content to inspect.

ContentLocation

Precise location of the finding within a document, record, image, or metadata container.

CreateConnectionRequest

Request message for CreateConnection.

CreateDeidentifyTemplateRequest

Request message for CreateDeidentifyTemplate.

CreateDiscoveryConfigRequest

Request message for CreateDiscoveryConfig.

CreateDlpJobRequest

Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage.

CreateInspectTemplateRequest

Request message for CreateInspectTemplate.

CreateJobTriggerRequest

Request message for CreateJobTrigger.

CreateStoredInfoTypeRequest

Request message for CreateStoredInfoType.

CryptoDeterministicConfig

Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.

CryptoHashConfig

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more.

CryptoKey

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.

CryptoReplaceFfxFpeConfig

Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the ReidentifyContent API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more.

Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.

CryptoReplaceFfxFpeConfig.Types

Container for nested types declared in the CryptoReplaceFfxFpeConfig message type.

CustomInfoType

Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question.

CustomInfoType.Types

Container for nested types declared in the CustomInfoType message type.

CustomInfoType.Types.DetectionRule

Deprecated; use InspectionRuleSet instead. Rule for modifying a CustomInfoType to alter behavior under certain circumstances, depending on the specific details of the rule. Not supported for the surrogate_type custom infoType.

CustomInfoType.Types.DetectionRule.Types

Container for nested types declared in the DetectionRule message type.

CustomInfoType.Types.DetectionRule.Types.HotwordRule

The rule that adjusts the likelihood of findings within a certain proximity of hotwords.

CustomInfoType.Types.DetectionRule.Types.LikelihoodAdjustment

Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.

CustomInfoType.Types.DetectionRule.Types.Proximity

Message for specifying a window around a finding to apply a detection rule.

CustomInfoType.Types.Dictionary

Custom information type based on a dictionary of words or phrases. This can be used to match sensitive information specific to the data, such as a list of employee IDs or job titles.

Dictionary words are case-insensitive and all characters other than letters and digits in the unicode Basic Multilingual Plane will be replaced with whitespace when scanning for matches, so the dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters surrounding any match must be of a different type than the adjacent characters within the word, so letters must be next to non-letters and digits next to non-digits. For example, the dictionary word "jen" will match the first three letters of the text "jen123" but will return no matches for "jennifer".

Dictionary words containing a large number of characters that are not letters or digits may result in unexpected findings because such characters are treated as whitespace. The limits page contains details about the size limits of dictionaries. For dictionaries that do not fit within these constraints, consider using LargeCustomDictionaryConfig in the StoredInfoType API.

CustomInfoType.Types.Dictionary.Types

Container for nested types declared in the Dictionary message type.

CustomInfoType.Types.Dictionary.Types.WordList

Message defining a list of words or phrases to search for in the data.

CustomInfoType.Types.Regex

Message defining a custom regular expression.

CustomInfoType.Types.SurrogateType

Message for detecting output from deidentification transformations such as CryptoReplaceFfxFpeConfig. These types of transformations are those that perform pseudonymization, thereby producing a "surrogate" as output. This should be used in conjunction with a field on the transformation such as surrogate_info_type. This CustomInfoType does not support the use of detection_rules.

DataProfileAction

A task to execute when a data profile has been generated.

DataProfileAction.Types

Container for nested types declared in the DataProfileAction message type.

DataProfileAction.Types.Export

If set, the detailed data profiles will be persisted to the location of your choice whenever updated.

DataProfileAction.Types.PubSubNotification

Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of DataProfilePubSubMessage.

DataProfileAction.Types.PubSubNotification.Types

Container for nested types declared in the PubSubNotification message type.

DataProfileAction.Types.PublishToChronicle

Message expressing intention to publish to Google Security Operations.

DataProfileAction.Types.PublishToSecurityCommandCenter

If set, a summary finding will be created/updated in SCC for each profile.

DataProfileAction.Types.TagResources

If set, attaches the tags provided to profiled resources. Tags support access control. You can conditionally grant or deny access to a resource based on whether the resource has a specific tag.

DataProfileAction.Types.TagResources.Types

Container for nested types declared in the TagResources message type.

DataProfileAction.Types.TagResources.Types.TagCondition

The tag to attach to profiles matching the condition. At most one TagCondition can be specified per sensitivity level.

DataProfileAction.Types.TagResources.Types.TagValue

A value of a tag.

DataProfileBigQueryRowSchema

The schema of data to be saved to the BigQuery table when the DataProfileAction is enabled.

DataProfileConfigSnapshot

Snapshot of the configurations used to generate the profile.

DataProfileJobConfig

Configuration for setting up a job to scan resources for profile generation. Only one data profile configuration may exist per organization, folder, or project.

The generated data profiles are retained according to the data retention policy.

DataProfileLocation

The data that will be profiled.

DataProfilePubSubCondition

A condition for determining whether a Pub/Sub should be triggered.

DataProfilePubSubCondition.Types

Container for nested types declared in the DataProfilePubSubCondition message type.

DataProfilePubSubCondition.Types.PubSubCondition

A condition consisting of a value.

DataProfilePubSubCondition.Types.PubSubExpressions

An expression, consisting of an operator and conditions.

DataProfilePubSubCondition.Types.PubSubExpressions.Types

Container for nested types declared in the PubSubExpressions message type.

DataProfilePubSubMessage

Pub/Sub topic message for a DataProfileAction.PubSubNotification event. To receive a message of protocol buffer schema type, convert the message data to an object of this proto class.

DataRiskLevel

Score is a summary of all elements in the data profile. A higher number means more risk.

DataRiskLevel.Types

Container for nested types declared in the DataRiskLevel message type.

DataSourceType

Message used to identify the type of resource being profiled.

DatabaseResourceCollection

Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures.

DatabaseResourceReference

Identifies a single database resource, like a table within a database.

DatabaseResourceRegex

A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

DatabaseResourceRegexes

A collection of regular expressions to determine what database resources to match against.

DatastoreKey

Record key for a finding in Cloud Datastore.

DatastoreOptions

Options defining a data set within Google Cloud Datastore.

DateShiftConfig

Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/sensitive-data-protection/docs/concepts-date-shifting to learn more.

DateTime

Message for a date time object. e.g. 2018-01-01, 5th August.

DateTime.Types

Container for nested types declared in the DateTime message type.

DateTime.Types.TimeZone

Time zone of the date time object.

DeidentifyConfig

The configuration that controls how the data will change.

DeidentifyContentRequest

Request to de-identify a ContentItem.

DeidentifyContentResponse

Results of de-identifying a ContentItem.

DeidentifyDataSourceDetails

The results of a [Deidentify][google.privacy.dlp.v2.Action.Deidentify] action from an inspect job.

DeidentifyDataSourceDetails.Types

Container for nested types declared in the DeidentifyDataSourceDetails message type.

DeidentifyDataSourceDetails.Types.RequestedDeidentifyOptions

De-identification options.

DeidentifyDataSourceStats

Summary of what was modified during a transformation.

DeidentifyTemplate

DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.

DeidentifyTemplateName

Resource name for the DeidentifyTemplate resource.

DeleteConnectionRequest

Request message for DeleteConnection.

DeleteDeidentifyTemplateRequest

Request message for DeleteDeidentifyTemplate.

DeleteDiscoveryConfigRequest

Request message for DeleteDiscoveryConfig.

DeleteDlpJobRequest

The request message for deleting a DLP job.

DeleteFileStoreDataProfileRequest

Request message for DeleteFileStoreProfile.

DeleteInspectTemplateRequest

Request message for DeleteInspectTemplate.

DeleteJobTriggerRequest

Request message for DeleteJobTrigger.

DeleteStoredInfoTypeRequest

Request message for DeleteStoredInfoType.

DeleteTableDataProfileRequest

Request message for DeleteTableProfile.

Disabled

Do not profile the tables.

DiscoveryBigQueryConditions

Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age).

DiscoveryBigQueryConditions.Types

Container for nested types declared in the DiscoveryBigQueryConditions message type.

DiscoveryBigQueryConditions.Types.OrConditions

There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery.

DiscoveryBigQueryFilter

Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID.

DiscoveryBigQueryFilter.Types

Container for nested types declared in the DiscoveryBigQueryFilter message type.

DiscoveryBigQueryFilter.Types.AllOtherBigQueryTables

Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target.

DiscoveryCloudSqlConditions

Requirements that must be true before a table is profiled for the first time.

DiscoveryCloudSqlConditions.Types

Container for nested types declared in the DiscoveryCloudSqlConditions message type.

DiscoveryCloudSqlFilter

Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name.

DiscoveryCloudSqlGenerationCadence

How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity.

DiscoveryCloudSqlGenerationCadence.Types

Container for nested types declared in the DiscoveryCloudSqlGenerationCadence message type.

DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence

How frequently to modify the profile when the table's schema is modified.

DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence.Types

Container for nested types declared in the SchemaModifiedCadence message type.

DiscoveryCloudStorageConditions

Requirements that must be true before a Cloud Storage bucket or object is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.

DiscoveryCloudStorageConditions.Types

Container for nested types declared in the DiscoveryCloudStorageConditions message type.

DiscoveryCloudStorageFilter

Determines which buckets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID and bucket name.

DiscoveryCloudStorageGenerationCadence

How often existing buckets should have their profiles refreshed. New buckets are scanned as quickly as possible depending on system capacity.

DiscoveryConfig

Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project.

The generated data profiles are retained according to the data retention policy.

DiscoveryConfig.Types

Container for nested types declared in the DiscoveryConfig message type.

DiscoveryConfig.Types.OrgConfig

Project and scan location information. Only set when the parent is an org.

DiscoveryConfigName

Resource name for the DiscoveryConfig resource.

DiscoveryFileStoreConditions

Requirements that must be true before a file store is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.

DiscoveryGenerationCadence

What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity.

DiscoveryInspectTemplateModifiedCadence

The cadence at which to update data profiles when the inspection rules defined by the InspectTemplate change.

DiscoveryOtherCloudConditions

Requirements that must be true before a resource is profiled for the first time.

DiscoveryOtherCloudFilter

Determines which resources from the other cloud will have profiles generated. Includes the ability to filter by resource names.

DiscoveryOtherCloudGenerationCadence

How often existing resources should have their profiles refreshed. New resources are scanned as quickly as possible depending on system capacity.

DiscoverySchemaModifiedCadence

The cadence at which to update data profiles when a schema is modified.

DiscoveryStartingLocation

The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization.

DiscoveryTableModifiedCadence

The cadence at which to update data profiles when a table is modified.

DiscoveryTarget

Target used to match against for Discovery.

DlpContentName

Resource name for the DlpContent resource.

DlpJob

Combines all of the information about a DLP job.

DlpJob.Types

Container for nested types declared in the DlpJob message type.

DlpJobName

Resource name for the DlpJob resource.

DlpService

The Cloud Data Loss Prevention (DLP) API is a service that allows clients to detect the presence of Personally Identifiable Information (PII) and other privacy-sensitive data in user-supplied, unstructured data streams, like text blocks or images. The service also includes methods for sensitive data redaction and scheduling of data scans on Google Cloud Platform based data sets.

To learn more about concepts and find how-to guides see https://cloud.google.com/sensitive-data-protection/docs/.

DlpService.DlpServiceBase

Base class for server-side implementations of DlpService

DlpService.DlpServiceClient

Client for DlpService

DlpServiceClient

DlpService client wrapper, for convenient use.

DlpServiceClientBuilder

Builder class for DlpServiceClient to provide simple configuration of credentials, endpoint etc.

DlpServiceClientImpl

DlpService client wrapper implementation, for convenient use.

DlpServiceSettings

Settings for DlpServiceClient instances.

DocumentLocation

Location of a finding within a document.

EntityId

An entity in a dataset is a field or set of fields that correspond to a single person. For example, in medical records the EntityId might be a patient identifier, or for financial records it might be an account identifier. This message is used when generalizations or analysis must take into account that multiple rows correspond to the same entity.

Error

Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.

Error.Types

Container for nested types declared in the Error message type.

ExcludeByHotword

The rule to exclude findings based on a hotword. For record inspection of tables, column names are considered hotwords. An example of this is to exclude a finding if it belongs to a BigQuery column that matches a specific pattern.

ExcludeInfoTypes

List of excluded infoTypes.

ExclusionRule

The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.

FieldId

General identifier of a data field in a storage service.

FieldTransformation

The transformation to apply to the field.

FileClusterSummary

The file cluster summary.

FileClusterType

Message used to identify file cluster type being profiled.

FileClusterType.Types

Container for nested types declared in the FileClusterType message type.

FileExtensionInfo

Information regarding the discovered file extension.

FileStoreCollection

Match file stores (e.g. buckets) using regex filters.

FileStoreDataProfile

The profile for a file store.

  • Cloud Storage: maps 1:1 with a bucket.
  • Amazon S3: maps 1:1 with a bucket.

FileStoreDataProfile.Types

Container for nested types declared in the FileStoreDataProfile message type.

FileStoreDataProfileName

Resource name for the FileStoreDataProfile resource.

FileStoreInfoTypeSummary

Information regarding the discovered InfoType.

FileStoreRegex

A pattern to match against one or more file stores.

FileStoreRegexes

A collection of regular expressions to determine what file store to match against.

Finding

Represents a piece of potentially sensitive content.

FindingName

Resource name for the Finding resource.

FinishDlpJobRequest

The request message for finishing a DLP hybrid job.

FixedSizeBucketingConfig

Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.

The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20".

This can be used on data of type: double, long.

If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.

See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more.

GetColumnDataProfileRequest

Request to get a column data profile.

GetConnectionRequest

Request message for GetConnection.

GetDeidentifyTemplateRequest

Request message for GetDeidentifyTemplate.

GetDiscoveryConfigRequest

Request message for GetDiscoveryConfig.

GetDlpJobRequest

The request message for [DlpJobs.GetDlpJob][].

GetFileStoreDataProfileRequest

Request to get a file store data profile.

GetInspectTemplateRequest

Request message for GetInspectTemplate.

GetJobTriggerRequest

Request message for GetJobTrigger.

GetProjectDataProfileRequest

Request to get a project data profile.

GetStoredInfoTypeRequest

Request message for GetStoredInfoType.

GetTableDataProfileRequest

Request to get a table data profile.

HybridContentItem

An individual hybrid item to inspect. Will be stored temporarily during processing.

HybridFindingDetails

Populate to associate additional data with each finding.

HybridInspectDlpJobRequest

Request to search for potentially sensitive info in a custom location.

HybridInspectJobTriggerRequest

Request to search for potentially sensitive info in a custom location.

HybridInspectResponse

Quota exceeded errors will be thrown once quota has been met.

HybridInspectStatistics

Statistics related to processing hybrid inspect requests.

HybridOptions

Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.

ImageLocation

Location of the finding within an image.

ImageTransformations

A type of transformation that is applied over images.

ImageTransformations.Types

Container for nested types declared in the ImageTransformations message type.

ImageTransformations.Types.ImageTransformation

Configuration for determining how redaction of images should occur.

ImageTransformations.Types.ImageTransformation.Types

Container for nested types declared in the ImageTransformation message type.

ImageTransformations.Types.ImageTransformation.Types.AllInfoTypes

Apply transformation to all findings.

ImageTransformations.Types.ImageTransformation.Types.AllText

Apply to all text.

ImageTransformations.Types.ImageTransformation.Types.SelectedInfoTypes

Apply transformation to the selected info_types.

InfoType

Type of information detected by the API.

InfoTypeCategory

Classification of infoTypes to organize them according to geographic location, industry, and data type.

InfoTypeCategory.Types

Container for nested types declared in the InfoTypeCategory message type.

InfoTypeDescription

InfoType description.

InfoTypeStats

Statistics regarding a specific InfoType.

InfoTypeSummary

The infoType details for this column.

InfoTypeTransformations

A type of transformation that will scan unstructured text and apply various PrimitiveTransformations to each finding, where the transformation is applied to only values that were identified as a specific info_type.

InfoTypeTransformations.Types

Container for nested types declared in the InfoTypeTransformations message type.

InfoTypeTransformations.Types.InfoTypeTransformation

A transformation to apply to text that is identified as a specific info_type.

InspectConfig

Configuration description of the scanning process. When used with redactContent only info_types and min_likelihood are currently used.

InspectConfig.Types

Container for nested types declared in the InspectConfig message type.

InspectConfig.Types.FindingLimits

Configuration to control the number of findings returned for inspection. This is not used for de-identification or data profiling.

When redacting sensitive data from images, finding limits don't apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don't include finding limits in [RedactImage][google.privacy.dlp.v2.DlpService.RedactImage] requests. Otherwise, Cloud DLP returns an error.

InspectConfig.Types.FindingLimits.Types

Container for nested types declared in the FindingLimits message type.

InspectConfig.Types.FindingLimits.Types.InfoTypeLimit

Max findings configuration per infoType, per content item or long running DlpJob.

InspectConfig.Types.InfoTypeLikelihood

Configuration for setting a minimum likelihood per infotype. Used to customize the minimum likelihood level for specific infotypes in the request. For example, use this if you want to lower the precision for PERSON_NAME without lowering the precision for the other infotypes in the request.

InspectContentRequest

Request to search for potentially sensitive info in a ContentItem.

InspectContentResponse

Results of inspecting an item.

InspectDataSourceDetails

The results of an inspect DataSource job.

InspectDataSourceDetails.Types

Container for nested types declared in the InspectDataSourceDetails message type.

InspectDataSourceDetails.Types.RequestedOptions

Snapshot of the inspection configuration.

InspectDataSourceDetails.Types.Result

All result fields mentioned below are updated while the job is processing.

InspectJobConfig

Controls what and how to inspect for findings.

InspectResult

All the findings for a single scanned item.

InspectTemplate

The inspectTemplate contains a configuration (set of types of sensitive data to be detected) to be used anywhere you otherwise would normally specify InspectConfig. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.

InspectTemplateName

Resource name for the InspectTemplate resource.

InspectionRule

A single inspection rule to be applied to infoTypes, specified in InspectionRuleSet.

InspectionRuleSet

Rule set for modifying a set of infoTypes to alter behavior under certain circumstances, depending on the specific details of the rules within the set.

JobTrigger

Contains a configuration to make API calls on a repeating basis. See https://cloud.google.com/sensitive-data-protection/docs/concepts-job-triggers to learn more.

JobTrigger.Types

Container for nested types declared in the JobTrigger message type.

JobTrigger.Types.Trigger

What event needs to occur for a new job to be started.

JobTriggerName

Resource name for the JobTrigger resource.

Key

A unique identifier for a Datastore entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts.

Key.Types

Container for nested types declared in the Key message type.

Key.Types.PathElement

A (kind, ID/name) pair used to construct a key path.

If either name or ID is set, the element is complete. If neither is set, the element is incomplete.

KindExpression

A representation of a Datastore kind.

KmsWrappedCryptoKey

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt

For more information, see Creating a wrapped key.

Note: When you use Cloud KMS for cryptographic operations, charges apply.

LargeCustomDictionaryConfig

Configuration for a custom dictionary created from a data source of any size up to the maximum size defined in the limits page. The artifacts of dictionary creation are stored in the specified Cloud Storage location. Consider using CustomInfoType.Dictionary for smaller dictionaries that satisfy the size requirements.

LargeCustomDictionaryStats

Summary statistics of a custom dictionary.

ListColumnDataProfilesRequest

Request to list the profiles generated for a given organization or project.

ListColumnDataProfilesResponse

List of profiles generated for a given organization or project.

ListConnectionsRequest

Request message for ListConnections.

ListConnectionsResponse

Response message for ListConnections.

ListDeidentifyTemplatesRequest

Request message for ListDeidentifyTemplates.

ListDeidentifyTemplatesResponse

Response message for ListDeidentifyTemplates.

ListDiscoveryConfigsRequest

Request message for ListDiscoveryConfigs.

ListDiscoveryConfigsResponse

Response message for ListDiscoveryConfigs.

ListDlpJobsRequest

The request message for listing DLP jobs.

ListDlpJobsResponse

The response message for listing DLP jobs.

ListFileStoreDataProfilesRequest

Request to list the file store profiles generated for a given organization or project.

ListFileStoreDataProfilesResponse

List of file store data profiles generated for a given organization or project.

ListInfoTypesRequest

Request for the list of infoTypes.

ListInfoTypesResponse

Response to the ListInfoTypes request.

ListInspectTemplatesRequest

Request message for ListInspectTemplates.

ListInspectTemplatesResponse

Response message for ListInspectTemplates.

ListJobTriggersRequest

Request message for ListJobTriggers.

ListJobTriggersResponse

Response message for ListJobTriggers.

ListProjectDataProfilesRequest

Request to list the profiles generated for a given organization or project.

ListProjectDataProfilesResponse

List of profiles generated for a given organization or project.

ListStoredInfoTypesRequest

Request message for ListStoredInfoTypes.

ListStoredInfoTypesResponse

Response message for ListStoredInfoTypes.

ListTableDataProfilesRequest

Request to list the profiles generated for a given organization or project.

ListTableDataProfilesResponse

List of profiles generated for a given organization or project.

Location

Specifies the location of the finding.

Manual

Job trigger option for hybrid jobs. Jobs must be manually created and finished.

MetadataLocation

Metadata Location

OrganizationLocationName

Resource name for the OrganizationLocation resource.

OtherCloudDiscoveryStartingLocation

The other cloud starting location for discovery.

OtherCloudDiscoveryStartingLocation.Types

Container for nested types declared in the OtherCloudDiscoveryStartingLocation message type.

OtherCloudDiscoveryStartingLocation.Types.AwsDiscoveryStartingLocation

The AWS starting location for discovery.

OtherCloudDiscoveryTarget

Target used to match against for discovery of resources from other clouds. An AWS connector in Security Command Center (Enterprise is required to use this feature.

OtherCloudResourceCollection

Match resources using regex filters.

OtherCloudResourceRegex

A pattern to match against one or more resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.

OtherCloudResourceRegexes

A collection of regular expressions to determine what resources to match against.

OtherCloudSingleResourceReference

Identifies a single resource, like a single Amazon S3 bucket.

OtherInfoTypeSummary

Infotype details for other infoTypes found within a column.

OutputStorageConfig

Cloud repository for storing output.

OutputStorageConfig.Types

Container for nested types declared in the OutputStorageConfig message type.

PartitionId

Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.

A partition ID contains several dimensions: project ID and namespace ID.

PrimitiveTransformation

A rule for transforming a value.

PrivacyMetric

Privacy metric to compute for reidentification risk analysis.

PrivacyMetric.Types

Container for nested types declared in the PrivacyMetric message type.

PrivacyMetric.Types.CategoricalStatsConfig

Compute numerical stats over an individual column, including number of distinct values and value count distribution.

PrivacyMetric.Types.DeltaPresenceEstimationConfig

δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead.

PrivacyMetric.Types.KAnonymityConfig

k-anonymity metric, used for analysis of reidentification risk.

PrivacyMetric.Types.KMapEstimationConfig

Reidentifiability metric. This corresponds to a risk model similar to what is called "journalist risk" in the literature, except the attack dataset is statistically modeled instead of being perfectly known. This can be done using publicly available data (like the US Census), or using a custom statistical model (indicated as one or several BigQuery tables), or by extrapolating from the distribution of values in the input dataset.

PrivacyMetric.Types.KMapEstimationConfig.Types

Container for nested types declared in the KMapEstimationConfig message type.

PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable

An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).

PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable.Types

Container for nested types declared in the AuxiliaryTable message type.

PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable.Types.QuasiIdField

A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.

PrivacyMetric.Types.KMapEstimationConfig.Types.TaggedField

A column with a semantic tag attached.

PrivacyMetric.Types.LDiversityConfig

l-diversity metric, used for analysis of reidentification risk.

PrivacyMetric.Types.NumericalStatsConfig

Compute numerical stats over an individual column, including min, max, and quantiles.

ProfileStatus

Success or errors for the profile generation.

ProjectDataProfile

An aggregated profile for this project, based on the resources profiled within it.

ProjectDataProfileName

Resource name for the ProjectDataProfile resource.

QuasiId

A column with a semantic tag attached.

QuoteInfo

Message for infoType-dependent details parsed from quote.

Range

Generic half-open interval [start, end)

RecordCondition

A condition for determining whether a transformation should be applied to a field.

RecordCondition.Types

Container for nested types declared in the RecordCondition message type.

RecordCondition.Types.Condition

The field type of value and field do not need to match to be considered equal, but not all comparisons are possible. EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types, but all other comparisons are invalid with incompatible types. A value of type:

  • string can be compared against all other types
  • boolean can only be compared against other booleans
  • integer can be compared against doubles or a string if the string value can be parsed as an integer.
  • double can be compared against integers or a string if the string can be parsed as a double.
  • Timestamp can be compared against strings in RFC 3339 date string format.
  • TimeOfDay can be compared against timestamps and strings in the format of 'HH:mm:ss'.

If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.

RecordCondition.Types.Conditions

A collection of conditions.

RecordCondition.Types.Expressions

An expression, consisting of an operator and conditions.

RecordCondition.Types.Expressions.Types

Container for nested types declared in the Expressions message type.

RecordKey

Message for a unique key indicating a record that contains a finding.

RecordLocation

Location of a finding within a row or record.

RecordSuppression

Configuration to suppress records whose suppression conditions evaluate to true.

RecordTransformation

The field in a record to transform.

RecordTransformations

A type of transformation that is applied over structured data such as a table.

RedactConfig

Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.

RedactImageRequest

Request to search for potentially sensitive info in an image and redact it by covering it with a colored rectangle.

RedactImageRequest.Types

Container for nested types declared in the RedactImageRequest message type.

RedactImageRequest.Types.ImageRedactionConfig

Configuration for determining how redaction of images should occur.

RedactImageResponse

Results of redacting an image.

ReidentifyContentRequest

Request to re-identify an item.

ReidentifyContentResponse

Results of re-identifying an item.

ReplaceDictionaryConfig

Replace each input value with a value randomly selected from the dictionary.

ReplaceValueConfig

Replace each input value with a given Value.

ReplaceWithInfoTypeConfig

Replace each matching finding with the name of the info_type.

RiskAnalysisJobConfig

Configuration for a risk analysis job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-risk-analysis to learn more.

Schedule

Schedule for inspect job triggers.

SearchConnectionsRequest

Request message for SearchConnections.

SearchConnectionsResponse

Response message for SearchConnections.

SecretManagerCredential

A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager charges apply.

SecretsDiscoveryTarget

Discovery target for credentials and secrets in cloud resource metadata.

This target does not include any filtering or frequency controls. Cloud DLP will scan cloud resource metadata for secrets daily.

No inspect template should be included in the discovery config for a security benchmarks scan. Instead, the built-in list of secrets and credentials infoTypes will be used (see https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets).

Credentials and secrets discovered will be reported as vulnerabilities to Security Command Center.

SensitivityScore

Score is calculated from of all elements in the data profile. A higher level means the data is more sensitive.

SensitivityScore.Types

Container for nested types declared in the SensitivityScore message type.

StatisticalTable

An auxiliary table containing statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).

StatisticalTable.Types

Container for nested types declared in the StatisticalTable message type.

StatisticalTable.Types.QuasiIdentifierField

A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.

StorageConfig

Shared message indicating Cloud storage type.

StorageConfig.Types

Container for nested types declared in the StorageConfig message type.

StorageConfig.Types.TimespanConfig

Configuration of the timespan of the items to include in scanning. Currently only supported when inspecting Cloud Storage and BigQuery.

StorageMetadataLabel

Storage metadata label to indicate which metadata entry contains findings.

StoredInfoType

StoredInfoType resource message that contains information about the current version and any pending updates.

StoredInfoTypeConfig

Configuration for stored infoTypes. All fields and subfield are provided by the user. For more information, see https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes.

StoredInfoTypeName

Resource name for the StoredInfoType resource.

StoredInfoTypeStats

Statistics for a StoredInfoType.

StoredInfoTypeVersion

Version of a StoredInfoType, including the configuration used to build it, create timestamp, and current state.

StoredType

A reference to a StoredInfoType to use with scanning.

Table

Structured content to inspect. Up to 50,000 Values per request allowed. See https://cloud.google.com/sensitive-data-protection/docs/inspecting-structured-text#inspecting_a_table to learn more.

Table.Types

Container for nested types declared in the Table message type.

Table.Types.Row

Values of the row.

TableDataProfile

The profile for a scanned table.

TableDataProfile.Types

Container for nested types declared in the TableDataProfile message type.

TableDataProfileName

Resource name for the TableDataProfile resource.

TableLocation

Location of a finding within a table.

TableOptions

Instructions regarding the table content being inspected.

TableReference

Message defining the location of a BigQuery table with the projectId inferred from the parent project.

TimePartConfig

For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.

TimePartConfig.Types

Container for nested types declared in the TimePartConfig message type.

TransformationConfig

User specified templates and configs for how to deidentify structured, unstructures, and image files. User must provide either a unstructured deidentify template or at least one redact image config.

TransformationDescription

A flattened description of a PrimitiveTransformation or RecordSuppression.

TransformationDetails

Details about a single transformation. This object contains a description of the transformation, information about whether the transformation was successfully applied, and the precise location where the transformation occurred. These details are stored in a user-specified BigQuery table.

TransformationDetailsStorageConfig

Config for storing transformation details.

TransformationErrorHandling

How to handle transformation errors during de-identification. A transformation error occurs when the requested transformation is incompatible with the data. For example, trying to de-identify an IP address using a DateShift transformation would result in a transformation error, since date info cannot be extracted from an IP address. Information about any incompatible transformations, and how they were handled, is returned in the response as part of the TransformationOverviews.

TransformationErrorHandling.Types

Container for nested types declared in the TransformationErrorHandling message type.

TransformationErrorHandling.Types.LeaveUntransformed

Skips the data without modifying it if the requested transformation would cause an error. For example, if a DateShift transformation were applied an an IP address, this mode would leave the IP address unchanged in the response.

TransformationErrorHandling.Types.ThrowError

Throw an error and fail the request when a transformation error occurs.

TransformationLocation

Specifies the location of a transformation.

TransformationOverview

Overview of the modifications that occurred.

TransformationResultStatus

The outcome of a transformation.

TransformationSummary

Summary of a single transformation. Only one of 'transformation', 'field_transformation', or 'record_suppress' will be set.

TransformationSummary.Types

Container for nested types declared in the TransformationSummary message type.

TransformationSummary.Types.SummaryResult

A collection that informs the user the number of times a particular TransformationResultCode and error details occurred.

TransientCryptoKey

Use this to have a random data crypto key generated. It will be discarded after the request finishes.

UnwrappedCryptoKey

Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.

UpdateConnectionRequest

Request message for UpdateConnection.

UpdateDeidentifyTemplateRequest

Request message for UpdateDeidentifyTemplate.

UpdateDiscoveryConfigRequest

Request message for UpdateDiscoveryConfig.

UpdateInspectTemplateRequest

Request message for UpdateInspectTemplate.

UpdateJobTriggerRequest

Request message for UpdateJobTrigger.

UpdateStoredInfoTypeRequest

Request message for UpdateStoredInfoType.

Value

Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data.

ValueFrequency

A value of a field, including its frequency.

VersionDescription

Details about each available version for an infotype.

Enums

Action.ActionOneofCase

Enum of possible cases for the "action" oneof.

Action.Types.Deidentify.OutputOneofCase

Enum of possible cases for the "output" oneof.

ActionDetails.DetailsOneofCase

Enum of possible cases for the "details" oneof.

AmazonS3BucketConditions.Types.BucketType

Supported Amazon S3 bucket types. Defaults to TYPE_ALL_SUPPORTED.

AmazonS3BucketConditions.Types.ObjectStorageClass

Supported Amazon S3 object storage classes. Defaults to ALL_SUPPORTED_CLASSES.

AnalyzeDataSourceRiskDetails.ResultOneofCase

Enum of possible cases for the "result" oneof.

BigQueryDiscoveryTarget.FrequencyOneofCase

Enum of possible cases for the "frequency" oneof.

BigQueryOptions.Types.SampleMethod

How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either rows_limit or rows_limit_percent. If not specified, rows are scanned in the order BigQuery reads them.

BigQuerySchemaModification

Attributes evaluated to determine if a schema has been modified. New values may be added at a later time.

BigQueryTableCollection.PatternOneofCase

Enum of possible cases for the "pattern" oneof.

BigQueryTableModification

Attributes evaluated to determine if a table has been modified. New values may be added at a later time.

BigQueryTableType

Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, SNAPSHOT, and non-BigLake external tables are not supported.

BigQueryTableTypeCollection

Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, and SNAPSHOT are not supported.

ByteContentItem.Types.BytesType

The type of data being sent for inspection. To learn more, see Supported file types.

CharsToIgnore.CharactersOneofCase

Enum of possible cases for the "characters" oneof.

CharsToIgnore.Types.CommonCharsToIgnore

Convenience enum for indicating common characters to not transform.

CloudSqlDiscoveryTarget.CadenceOneofCase

Enum of possible cases for the "cadence" oneof.

CloudSqlProperties.CredentialOneofCase

Enum of possible cases for the "credential" oneof.

CloudSqlProperties.Types.DatabaseEngine

Database engine of a Cloud SQL instance. New values may be added over time.

CloudStorageDiscoveryTarget.CadenceOneofCase

Enum of possible cases for the "cadence" oneof.

CloudStorageOptions.Types.SampleMethod

How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytes_limit_per_file. If not specified, scanning would start from the top.

ColumnDataProfile.Types.ColumnDataType

Data types of the data in a column. Types may be added over time.

ColumnDataProfile.Types.ColumnPolicyState

The possible policy states for a column.

ColumnDataProfile.Types.State

Possible states of a profile. New items may be added.

ColumnDataProfileName.ResourceNameType

The possible contents of ColumnDataProfileName.

Connection.PropertiesOneofCase

Enum of possible cases for the "properties" oneof.

ConnectionName.ResourceNameType

The possible contents of ConnectionName.

ConnectionState

State of the connection. New values may be added over time.

ContentItem.DataItemOneofCase

Enum of possible cases for the "data_item" oneof.

ContentLocation.LocationOneofCase

Enum of possible cases for the "location" oneof.

ContentOption

Deprecated and unused.

CreateDlpJobRequest.JobOneofCase

Enum of possible cases for the "job" oneof.

CryptoKey.SourceOneofCase

Enum of possible cases for the "source" oneof.

CryptoReplaceFfxFpeConfig.AlphabetOneofCase

Enum of possible cases for the "alphabet" oneof.

CryptoReplaceFfxFpeConfig.Types.FfxCommonNativeAlphabet

These are commonly used subsets of the alphabet that the FFX mode natively supports. In the algorithm, the alphabet is selected using the "radix". Therefore each corresponds to a particular radix.

CustomInfoType.TypeOneofCase

Enum of possible cases for the "type" oneof.

CustomInfoType.Types.DetectionRule.TypeOneofCase

Enum of possible cases for the "type" oneof.

CustomInfoType.Types.DetectionRule.Types.LikelihoodAdjustment.AdjustmentOneofCase

Enum of possible cases for the "adjustment" oneof.

CustomInfoType.Types.Dictionary.SourceOneofCase

Enum of possible cases for the "source" oneof.

CustomInfoType.Types.ExclusionType

Type of exclusion rule.

DataProfileAction.ActionOneofCase

Enum of possible cases for the "action" oneof.

DataProfileAction.Types.EventType

Types of event that can trigger an action.

DataProfileAction.Types.PubSubNotification.Types.DetailLevel

The levels of detail that can be included in the Pub/Sub message.

DataProfileAction.Types.TagResources.Types.TagCondition.TypeOneofCase

Enum of possible cases for the "type" oneof.

DataProfileAction.Types.TagResources.Types.TagValue.FormatOneofCase

Enum of possible cases for the "format" oneof.

DataProfileBigQueryRowSchema.DataProfileOneofCase

Enum of possible cases for the "data_profile" oneof.

DataProfileLocation.LocationOneofCase

Enum of possible cases for the "location" oneof.

DataProfilePubSubCondition.Types.ProfileScoreBucket

Various score levels for resources.

DataProfilePubSubCondition.Types.PubSubCondition.ValueOneofCase

Enum of possible cases for the "value" oneof.

DataProfilePubSubCondition.Types.PubSubExpressions.Types.PubSubLogicalOperator

Logical operators for conditional checks.

DataProfileUpdateFrequency

How frequently data profiles can be updated. New options can be added at a later time.

DataRiskLevel.Types.DataRiskLevelScore

Various score levels for resources.

DatabaseResourceCollection.PatternOneofCase

Enum of possible cases for the "pattern" oneof.

DateShiftConfig.MethodOneofCase

Enum of possible cases for the "method" oneof.

DeidentifyConfig.TransformationOneofCase

Enum of possible cases for the "transformation" oneof.

DeidentifyTemplateName.ResourceNameType

The possible contents of DeidentifyTemplateName.

DiscoveryBigQueryConditions.IncludedTypesOneofCase

Enum of possible cases for the "included_types" oneof.

DiscoveryBigQueryFilter.FilterOneofCase

Enum of possible cases for the "filter" oneof.

DiscoveryCloudSqlConditions.Types.DatabaseEngine

The database engines that should be profiled.

DiscoveryCloudSqlConditions.Types.DatabaseResourceType

Cloud SQL database resource types. New values can be added at a later time.

DiscoveryCloudSqlFilter.FilterOneofCase

Enum of possible cases for the "filter" oneof.

DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence.Types.CloudSqlSchemaModification

The type of modification that causes a profile update.

DiscoveryCloudStorageConditions.Types.CloudStorageBucketAttribute

The attribute of a bucket.

DiscoveryCloudStorageConditions.Types.CloudStorageObjectAttribute

The attribute of an object. See https://cloud.google.com/storage/docs/storage-classes for more information on storage classes.

DiscoveryCloudStorageFilter.FilterOneofCase

Enum of possible cases for the "filter" oneof.

DiscoveryConfig.Types.Status

Whether the discovery config is currently active. New options may be added at a later time.

DiscoveryConfigName.ResourceNameType

The possible contents of DiscoveryConfigName.

DiscoveryFileStoreConditions.ConditionsOneofCase

Enum of possible cases for the "conditions" oneof.

DiscoveryOtherCloudConditions.ConditionsOneofCase

Enum of possible cases for the "conditions" oneof.

DiscoveryOtherCloudFilter.FilterOneofCase

Enum of possible cases for the "filter" oneof.

DiscoveryStartingLocation.LocationOneofCase

Enum of possible cases for the "location" oneof.

DiscoveryTarget.TargetOneofCase

Enum of possible cases for the "target" oneof.

DlpContentName.ResourceNameType

The possible contents of DlpContentName.

DlpJob.DetailsOneofCase

Enum of possible cases for the "details" oneof.

DlpJob.Types.JobState

Possible states of a job. New items may be added.

DlpJobName.ResourceNameType

The possible contents of DlpJobName.

DlpJobType

An enum to represent the various types of DLP jobs.

EncryptionStatus

How a resource is encrypted.

Error.Types.ErrorExtraInfo

Additional information about the error.

ExclusionRule.TypeOneofCase

Enum of possible cases for the "type" oneof.

FieldTransformation.TransformationOneofCase

Enum of possible cases for the "transformation" oneof.

FileClusterType.FileClusterTypeOneofCase

Enum of possible cases for the "file_cluster_type" oneof.

FileClusterType.Types.Cluster

Cluster type. Each cluster corresponds to a set of file types. Over time, new types may be added and files may move between clusters.

FileStoreCollection.PatternOneofCase

Enum of possible cases for the "pattern" oneof.

FileStoreDataProfile.Types.State

Possible states of a profile. New items may be added.

FileStoreDataProfileName.ResourceNameType

The possible contents of FileStoreDataProfileName.

FileStoreRegex.ResourceRegexOneofCase

Enum of possible cases for the "resource_regex" oneof.

FileType

Definitions of file type groups to scan. New types will be added to this list.

FindingName.ResourceNameType

The possible contents of FindingName.

ImageTransformations.Types.ImageTransformation.TargetOneofCase

Enum of possible cases for the "target" oneof.

InfoTypeCategory.CategoryOneofCase

Enum of possible cases for the "category" oneof.

InfoTypeCategory.Types.IndustryCategory

Enum of the current industries in the category. We might add more industries in the future.

InfoTypeCategory.Types.LocationCategory

Enum of the current locations. We might add more locations in the future.

InfoTypeCategory.Types.TypeCategory

Enum of the current types in the category. We might add more types in the future.

InfoTypeSupportedBy

Parts of the APIs which use certain infoTypes.

InspectTemplateName.ResourceNameType

The possible contents of InspectTemplateName.

InspectionRule.TypeOneofCase

Enum of possible cases for the "type" oneof.

JobTrigger.JobOneofCase

Enum of possible cases for the "job" oneof.

JobTrigger.Types.Status

Whether the trigger is currently active. If PAUSED or CANCELLED, no jobs will be created with this configuration. The service may automatically pause triggers experiencing frequent errors. To restart a job, set the status to HEALTHY after correcting user errors.

JobTrigger.Types.Trigger.TriggerOneofCase

Enum of possible cases for the "trigger" oneof.

JobTriggerName.ResourceNameType

The possible contents of JobTriggerName.

Key.Types.PathElement.IdTypeOneofCase

Enum of possible cases for the "id_type" oneof.

LargeCustomDictionaryConfig.SourceOneofCase

Enum of possible cases for the "source" oneof.

Likelihood

Coarse-grained confidence level of how well a particular finding satisfies the criteria to match a particular infoType.

Likelihood is calculated based on the number of signals a finding has that implies that the finding matches the infoType. For example, a string that has an '@' and a '.com' is more likely to be a match for an email address than a string that only has an '@'.

In general, the highest likelihood level has the strongest signals that indicate a match. That is, a finding with a high likelihood has a low chance of being a false positive.

For more information about each likelihood level and how likelihood works, see Match likelihood.

MatchingType

Type of the match which can be applied to different ways of matching, like Dictionary, regular expression and intersecting with findings of another info type.

MetadataLocation.LabelOneofCase

Enum of possible cases for the "label" oneof.

MetadataType

Type of metadata containing the finding.

NullPercentageLevel

Bucketized nullness percentage levels. A higher level means a higher percentage of the column is null.

OrganizationLocationName.ResourceNameType

The possible contents of OrganizationLocationName.

OtherCloudDiscoveryStartingLocation.LocationOneofCase

Enum of possible cases for the "location" oneof.

OtherCloudDiscoveryStartingLocation.Types.AwsDiscoveryStartingLocation.ScopeOneofCase

Enum of possible cases for the "scope" oneof.

OtherCloudDiscoveryTarget.CadenceOneofCase

Enum of possible cases for the "cadence" oneof.

OtherCloudResourceCollection.PatternOneofCase

Enum of possible cases for the "pattern" oneof.

OtherCloudResourceRegex.ResourceRegexOneofCase

Enum of possible cases for the "resource_regex" oneof.

OtherCloudSingleResourceReference.ResourceOneofCase

Enum of possible cases for the "resource" oneof.

OutputStorageConfig.TypeOneofCase

Enum of possible cases for the "type" oneof.

OutputStorageConfig.Types.OutputSchema

Predefined schemas for storing findings. Only for use with external storage.

PrimitiveTransformation.TransformationOneofCase

Enum of possible cases for the "transformation" oneof.

PrivacyMetric.TypeOneofCase

Enum of possible cases for the "type" oneof.

PrivacyMetric.Types.KMapEstimationConfig.Types.TaggedField.TagOneofCase

Enum of possible cases for the "tag" oneof.

ProfileGeneration

Whether a profile being created is the first generation or an update.

ProjectDataProfileName.ResourceNameType

The possible contents of ProjectDataProfileName.

QuasiId.TagOneofCase

Enum of possible cases for the "tag" oneof.

QuoteInfo.ParsedQuoteOneofCase

Enum of possible cases for the "parsed_quote" oneof.

RecordCondition.Types.Expressions.TypeOneofCase

Enum of possible cases for the "type" oneof.

RecordCondition.Types.Expressions.Types.LogicalOperator

Logical operators for conditional checks.

RecordKey.TypeOneofCase

Enum of possible cases for the "type" oneof.

RedactImageRequest.Types.ImageRedactionConfig.TargetOneofCase

Enum of possible cases for the "target" oneof.

RelationalOperator

Operators available for comparing the value of fields.

ReplaceDictionaryConfig.TypeOneofCase

Enum of possible cases for the "type" oneof.

ResourceVisibility

How broadly the data in the resource has been shared. New items may be added over time. A higher number means more restricted.

Schedule.OptionOneofCase

Enum of possible cases for the "option" oneof.

SensitivityScore.Types.SensitivityScoreLevel

Various sensitivity score levels for resources.

StorageConfig.TypeOneofCase

Enum of possible cases for the "type" oneof.

StoredInfoTypeConfig.TypeOneofCase

Enum of possible cases for the "type" oneof.

StoredInfoTypeName.ResourceNameType

The possible contents of StoredInfoTypeName.

StoredInfoTypeState

State of a StoredInfoType version.

StoredInfoTypeStats.TypeOneofCase

Enum of possible cases for the "type" oneof.

TableDataProfile.Types.State

Possible states of a profile. New items may be added.

TableDataProfileName.ResourceNameType

The possible contents of TableDataProfileName.

TimePartConfig.Types.TimePart

Components that make up time.

TransformationContainerType

Describes functionality of a given container in its original format.

TransformationDetailsStorageConfig.TypeOneofCase

Enum of possible cases for the "type" oneof.

TransformationErrorHandling.ModeOneofCase

Enum of possible cases for the "mode" oneof.

TransformationLocation.LocationTypeOneofCase

Enum of possible cases for the "location_type" oneof.

TransformationResultStatusType

Enum of possible outcomes of transformations. SUCCESS if transformation and storing of transformation was successful, otherwise, reason for not transforming.

TransformationSummary.Types.TransformationResultCode

Possible outcomes of transformations.

TransformationType

An enum of rules that can be used to transform a value. Can be a record suppression, or one of the transformation rules specified under PrimitiveTransformation.

UniquenessScoreLevel

Bucketized uniqueness score levels. A higher uniqueness score is a strong signal that the column may contain a unique identifier like user id. A low value indicates that the column contains few unique values like booleans or other classifiers.

Value.TypeOneofCase

Enum of possible cases for the "type" oneof.