Classes
Action
A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more.
Action.Types
Container for nested types declared in the Action message type.
Action.Types.Deidentify
Create a de-identified copy of the requested table or files.
A TransformationDetail will be created for each transformation.
If any rows in BigQuery are skipped during de-identification (transformation errors or row size exceeds BigQuery insert API limits) they are placed in the failure output table. If the original row exceeds the BigQuery insert API limit it will be truncated when written to the failure output table. The failure output table can be set in the action.deidentify.output.big_query_output.deidentified_failure_output_table field, if no table is set, a table will be automatically created in the same project and dataset as the original table.
Compatible with: Inspect
Action.Types.JobNotificationEmails
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
Action.Types.PublishFindingsToCloudDataCatalog
Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag
templates are applied to the resource that Cloud DLP scanned. Data
Catalog tag templates are stored in the same project and region where the
BigQuery table exists. For Cloud DLP to create and apply the tag template,
the Cloud DLP service agent must have the
roles/datacatalog.tagTemplateOwner
permission on the project. The tag
template contains fields summarizing the results of the DlpJob. Any field
values previously written by another DlpJob are deleted. [InfoType naming
patterns][google.privacy.dlp.v2.InfoType] are strictly enforced when using
this feature.
Findings are persisted in Data Catalog storage and are governed by service-specific policies for Data Catalog. For more information, see Service Specific Terms.
Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect
Action.Types.PublishSummaryToCscc
Publish the result summary of a DlpJob to Security Command Center. This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by service-specific policies for Security Command Center. Only a single instance of this action can be specified. Compatible with: Inspect
Action.Types.PublishToPubSub
Publish a message into a given Pub/Sub topic when DlpJob has completed. The
message contains a single field, DlpJobName
, which is equal to the
finished job's
DlpJob.name
.
Compatible with: Inspect, Risk
Action.Types.PublishToStackdriver
Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.
Action.Types.SaveFindings
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk
ActionDetails
The results of an [Action][google.privacy.dlp.v2.Action].
ActivateJobTriggerRequest
Request message for ActivateJobTrigger.
AllOtherDatabaseResources
Match database resources not covered by any other filter.
AllOtherResources
Match discovery resources not covered by any other filter.
AmazonS3Bucket
Amazon S3 bucket.
AmazonS3BucketConditions
Amazon S3 bucket conditions.
AmazonS3BucketConditions.Types
Container for nested types declared in the AmazonS3BucketConditions message type.
AmazonS3BucketRegex
Amazon S3 bucket regex.
AnalyzeDataSourceRiskDetails
Result of a risk analysis operation request.
AnalyzeDataSourceRiskDetails.Types
Container for nested types declared in the AnalyzeDataSourceRiskDetails message type.
AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult
Result of the categorical stats computation.
AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult.Types
Container for nested types declared in the CategoricalStatsResult message type.
AnalyzeDataSourceRiskDetails.Types.CategoricalStatsResult.Types.CategoricalStatsHistogramBucket
Histogram of value frequencies in the column.
AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult
Result of the δ-presence computation. Note that these results are an estimation, not exact values.
AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types
Container for nested types declared in the DeltaPresenceEstimationResult message type.
AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types.DeltaPresenceEstimationHistogramBucket
A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.
AnalyzeDataSourceRiskDetails.Types.DeltaPresenceEstimationResult.Types.DeltaPresenceEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
AnalyzeDataSourceRiskDetails.Types.KAnonymityResult
Result of the k-anonymity computation.
AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types
Container for nested types declared in the KAnonymityResult message type.
AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types.KAnonymityEquivalenceClass
The set of columns' values that share the same ldiversity value
AnalyzeDataSourceRiskDetails.Types.KAnonymityResult.Types.KAnonymityHistogramBucket
Histogram of k-anonymity equivalence classes.
AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult
Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.
AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types
Container for nested types declared in the KMapEstimationResult message type.
AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types.KMapEstimationHistogramBucket
A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records.
AnalyzeDataSourceRiskDetails.Types.KMapEstimationResult.Types.KMapEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
AnalyzeDataSourceRiskDetails.Types.LDiversityResult
Result of the l-diversity computation.
AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types
Container for nested types declared in the LDiversityResult message type.
AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types.LDiversityEquivalenceClass
The set of columns' values that share the same ldiversity value.
AnalyzeDataSourceRiskDetails.Types.LDiversityResult.Types.LDiversityHistogramBucket
Histogram of l-diversity equivalence class sensitive value frequencies.
AnalyzeDataSourceRiskDetails.Types.NumericalStatsResult
Result of the numerical stats computation.
AnalyzeDataSourceRiskDetails.Types.RequestedRiskAnalysisOptions
Risk analysis options.
AwsAccount
AWS account.
AwsAccountRegex
AWS account regex.
BigQueryDiscoveryTarget
Target used to match against for discovery with BigQuery tables
BigQueryField
Message defining a field of a BigQuery table.
BigQueryKey
Row key for identifying a record in BigQuery table.
BigQueryOptions
Options defining BigQuery table and row identifiers.
BigQueryOptions.Types
Container for nested types declared in the BigQueryOptions message type.
BigQueryRegex
A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
BigQueryRegexes
A collection of regular expressions to determine what tables to match against.
BigQueryTable
Message defining the location of a BigQuery table. A table is uniquely
identified by its project_id, dataset_id, and table_name. Within a query
a table is often referenced with a string in the format of:
<project_id>:<dataset_id>.<table_id>
or
<project_id>.<dataset_id>.<table_id>
.
BigQueryTableCollection
Specifies a collection of BigQuery tables. Used for Discovery.
BigQueryTableTypes
The types of BigQuery tables supported by Cloud DLP.
BoundingBox
Bounding box encompassing detected text within an image.
BucketingConfig
Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW, 31-65 -> MEDIUM, 66-100 -> HIGH.
This can be used on data of type: number, long, string, timestamp.
If the bound Value
type differs from the type of data being transformed, we
will first attempt converting the type of the data to be transformed to match
the type of the bound before comparing.
See
https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to
learn more.
BucketingConfig.Types
Container for nested types declared in the BucketingConfig message type.
BucketingConfig.Types.Bucket
Bucket is represented as a range, along with replacement values.
ByteContentItem
Container for bytes to inspect or redact.
ByteContentItem.Types
Container for nested types declared in the ByteContentItem message type.
CancelDlpJobRequest
The request message for canceling a DLP job.
CharacterMaskConfig
Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3.
CharsToIgnore
Characters to skip when doing deidentification of a value. These will be left alone and skipped.
CharsToIgnore.Types
Container for nested types declared in the CharsToIgnore message type.
CloudSqlDiscoveryTarget
Target used to match against for discovery with Cloud SQL tables.
CloudSqlIamCredential
Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.
CloudSqlProperties
Cloud SQL connection properties.
CloudSqlProperties.Types
Container for nested types declared in the CloudSqlProperties message type.
CloudStorageDiscoveryTarget
Target used to match against for discovery with Cloud Storage buckets.
CloudStorageFileSet
Message representing a set of files in Cloud Storage.
CloudStorageOptions
Options defining a file or a set of files within a Cloud Storage bucket.
CloudStorageOptions.Types
Container for nested types declared in the CloudStorageOptions message type.
CloudStorageOptions.Types.FileSet
Set of files to scan.
CloudStoragePath
Message representing a single file or path in Cloud Storage.
CloudStorageRegex
A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
CloudStorageRegexFileSet
Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include.
Included files are those that match at least one item in include_regex
and
do not match any items in exclude_regex
. Note that a file that matches
items from both lists will not be included. For a match to occur, the
entire file path (i.e., everything in the url after the bucket name) must
match the regular expression.
For example, given the input {bucket_name: "mybucket", include_regex:
["directory1/.*"], exclude_regex:
["directory1/excluded.*"]}
:
gs://mybucket/directory1/myfile
will be includedgs://mybucket/directory1/directory2/myfile
will be included (.*
matches across/
)gs://mybucket/directory0/directory1/myfile
will not be included (the full path doesn't match any items ininclude_regex
)gs://mybucket/directory1/excludedfile
will not be included (the path matches an item inexclude_regex
)
If include_regex
is left empty, it will match all files by default
(this is equivalent to setting include_regex: [".*"]
).
Some other common use cases:
{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]}
will include all files inmybucket
except for .pdf files{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]}
will include all files directly undergs://mybucket/directory/
, without matching across/
CloudStorageResourceReference
Identifies a single Cloud Storage bucket.
Color
Represents a color in the RGB color space.
ColumnDataProfile
The profile for a scanned column within a table.
ColumnDataProfile.Types
Container for nested types declared in the ColumnDataProfile message type.
ColumnDataProfileName
Resource name for the ColumnDataProfile
resource.
Connection
A data connection to allow DLP to profile data in locations that require additional configuration.
ConnectionName
Resource name for the Connection
resource.
Container
Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record.
ContentItem
Type of content to inspect.
ContentLocation
Precise location of the finding within a document, record, image, or metadata container.
CreateConnectionRequest
Request message for CreateConnection.
CreateDeidentifyTemplateRequest
Request message for CreateDeidentifyTemplate.
CreateDiscoveryConfigRequest
Request message for CreateDiscoveryConfig.
CreateDlpJobRequest
Request message for CreateDlpJobRequest. Used to initiate long running jobs such as calculating risk metrics or inspecting Google Cloud Storage.
CreateInspectTemplateRequest
Request message for CreateInspectTemplate.
CreateJobTriggerRequest
Request message for CreateJobTrigger.
CreateStoredInfoTypeRequest
Request message for CreateStoredInfoType.
CryptoDeterministicConfig
Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
CryptoHashConfig
Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). Currently, only string and integer values can be hashed. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more.
CryptoKey
This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.
CryptoReplaceFfxFpeConfig
Replaces an identifier with a surrogate using Format Preserving Encryption
(FPE) with the FFX mode of operation; however when used in the
ReidentifyContent
API method, it serves the opposite function by reversing
the surrogate back into the original identifier. The identifier must be
encoded as ASCII. For a given crypto key and context, the same identifier
will be replaced with the same surrogate. Identifiers must be at least two
characters long. In the case that the identifier is the empty string, it will
be skipped. See
https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to
learn more.
Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.
CryptoReplaceFfxFpeConfig.Types
Container for nested types declared in the CryptoReplaceFfxFpeConfig message type.
CustomInfoType
Custom information type provided by the user. Used to find domain-specific sensitive information configurable to the data in question.
CustomInfoType.Types
Container for nested types declared in the CustomInfoType message type.
CustomInfoType.Types.DetectionRule
Deprecated; use InspectionRuleSet
instead. Rule for modifying a
CustomInfoType
to alter behavior under certain circumstances, depending
on the specific details of the rule. Not supported for the surrogate_type
custom infoType.
CustomInfoType.Types.DetectionRule.Types
Container for nested types declared in the DetectionRule message type.
CustomInfoType.Types.DetectionRule.Types.HotwordRule
The rule that adjusts the likelihood of findings within a certain proximity of hotwords.
CustomInfoType.Types.DetectionRule.Types.LikelihoodAdjustment
Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.
CustomInfoType.Types.DetectionRule.Types.Proximity
Message for specifying a window around a finding to apply a detection rule.
CustomInfoType.Types.Dictionary
Custom information type based on a dictionary of words or phrases. This can be used to match sensitive information specific to the data, such as a list of employee IDs or job titles.
Dictionary words are case-insensitive and all characters other than letters and digits in the unicode Basic Multilingual Plane will be replaced with whitespace when scanning for matches, so the dictionary phrase "Sam Johnson" will match all three phrases "sam johnson", "Sam, Johnson", and "Sam (Johnson)". Additionally, the characters surrounding any match must be of a different type than the adjacent characters within the word, so letters must be next to non-letters and digits next to non-digits. For example, the dictionary word "jen" will match the first three letters of the text "jen123" but will return no matches for "jennifer".
Dictionary words containing a large number of characters that are not
letters or digits may result in unexpected findings because such characters
are treated as whitespace. The
limits page
contains details about the size limits of dictionaries. For dictionaries
that do not fit within these constraints, consider using
LargeCustomDictionaryConfig
in the StoredInfoType
API.
CustomInfoType.Types.Dictionary.Types
Container for nested types declared in the Dictionary message type.
CustomInfoType.Types.Dictionary.Types.WordList
Message defining a list of words or phrases to search for in the data.
CustomInfoType.Types.Regex
Message defining a custom regular expression.
CustomInfoType.Types.SurrogateType
Message for detecting output from deidentification transformations
such as
CryptoReplaceFfxFpeConfig
.
These types of transformations are
those that perform pseudonymization, thereby producing a "surrogate" as
output. This should be used in conjunction with a field on the
transformation such as surrogate_info_type
. This CustomInfoType does
not support the use of detection_rules
.
DataProfileAction
A task to execute when a data profile has been generated.
DataProfileAction.Types
Container for nested types declared in the DataProfileAction message type.
DataProfileAction.Types.Export
If set, the detailed data profiles will be persisted to the location of your choice whenever updated.
DataProfileAction.Types.PubSubNotification
Send a Pub/Sub message into the given Pub/Sub topic to connect other
systems to data profile generation. The message payload data will
be the byte serialization of DataProfilePubSubMessage
.
DataProfileAction.Types.PubSubNotification.Types
Container for nested types declared in the PubSubNotification message type.
DataProfileAction.Types.PublishToChronicle
Message expressing intention to publish to Google Security Operations.
DataProfileAction.Types.PublishToSecurityCommandCenter
If set, a summary finding will be created/updated in SCC for each profile.
DataProfileAction.Types.TagResources
If set, attaches the tags provided to profiled resources. Tags support access control. You can conditionally grant or deny access to a resource based on whether the resource has a specific tag.
DataProfileAction.Types.TagResources.Types
Container for nested types declared in the TagResources message type.
DataProfileAction.Types.TagResources.Types.TagCondition
The tag to attach to profiles matching the condition. At most one
TagCondition
can be specified per sensitivity level.
DataProfileAction.Types.TagResources.Types.TagValue
A value of a tag.
DataProfileBigQueryRowSchema
The schema of data to be saved to the BigQuery table when the
DataProfileAction
is enabled.
DataProfileConfigSnapshot
Snapshot of the configurations used to generate the profile.
DataProfileJobConfig
Configuration for setting up a job to scan resources for profile generation. Only one data profile configuration may exist per organization, folder, or project.
The generated data profiles are retained according to the data retention policy.
DataProfileLocation
The data that will be profiled.
DataProfilePubSubCondition
A condition for determining whether a Pub/Sub should be triggered.
DataProfilePubSubCondition.Types
Container for nested types declared in the DataProfilePubSubCondition message type.
DataProfilePubSubCondition.Types.PubSubCondition
A condition consisting of a value.
DataProfilePubSubCondition.Types.PubSubExpressions
An expression, consisting of an operator and conditions.
DataProfilePubSubCondition.Types.PubSubExpressions.Types
Container for nested types declared in the PubSubExpressions message type.
DataProfilePubSubMessage
Pub/Sub topic message for a DataProfileAction.PubSubNotification event. To receive a message of protocol buffer schema type, convert the message data to an object of this proto class.
DataRiskLevel
Score is a summary of all elements in the data profile. A higher number means more risk.
DataRiskLevel.Types
Container for nested types declared in the DataRiskLevel message type.
DataSourceType
Message used to identify the type of resource being profiled.
DatabaseResourceCollection
Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures.
DatabaseResourceReference
Identifies a single database resource, like a table within a database.
DatabaseResourceRegex
A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
DatabaseResourceRegexes
A collection of regular expressions to determine what database resources to match against.
DatastoreKey
Record key for a finding in Cloud Datastore.
DatastoreOptions
Options defining a data set within Google Cloud Datastore.
DateShiftConfig
Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/sensitive-data-protection/docs/concepts-date-shifting to learn more.
DateTime
Message for a date time object. e.g. 2018-01-01, 5th August.
DateTime.Types
Container for nested types declared in the DateTime message type.
DateTime.Types.TimeZone
Time zone of the date time object.
DeidentifyConfig
The configuration that controls how the data will change.
DeidentifyContentRequest
Request to de-identify a ContentItem.
DeidentifyContentResponse
Results of de-identifying a ContentItem.
DeidentifyDataSourceDetails
The results of a [Deidentify][google.privacy.dlp.v2.Action.Deidentify] action from an inspect job.
DeidentifyDataSourceDetails.Types
Container for nested types declared in the DeidentifyDataSourceDetails message type.
DeidentifyDataSourceDetails.Types.RequestedDeidentifyOptions
De-identification options.
DeidentifyDataSourceStats
Summary of what was modified during a transformation.
DeidentifyTemplate
DeidentifyTemplates contains instructions on how to de-identify content. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.
DeidentifyTemplateName
Resource name for the DeidentifyTemplate
resource.
DeleteConnectionRequest
Request message for DeleteConnection.
DeleteDeidentifyTemplateRequest
Request message for DeleteDeidentifyTemplate.
DeleteDiscoveryConfigRequest
Request message for DeleteDiscoveryConfig.
DeleteDlpJobRequest
The request message for deleting a DLP job.
DeleteFileStoreDataProfileRequest
Request message for DeleteFileStoreProfile.
DeleteInspectTemplateRequest
Request message for DeleteInspectTemplate.
DeleteJobTriggerRequest
Request message for DeleteJobTrigger.
DeleteStoredInfoTypeRequest
Request message for DeleteStoredInfoType.
DeleteTableDataProfileRequest
Request message for DeleteTableProfile.
Disabled
Do not profile the tables.
DiscoveryBigQueryConditions
Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age).
DiscoveryBigQueryConditions.Types
Container for nested types declared in the DiscoveryBigQueryConditions message type.
DiscoveryBigQueryConditions.Types.OrConditions
There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery.
DiscoveryBigQueryFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID.
DiscoveryBigQueryFilter.Types
Container for nested types declared in the DiscoveryBigQueryFilter message type.
DiscoveryBigQueryFilter.Types.AllOtherBigQueryTables
Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target.
DiscoveryCloudSqlConditions
Requirements that must be true before a table is profiled for the first time.
DiscoveryCloudSqlConditions.Types
Container for nested types declared in the DiscoveryCloudSqlConditions message type.
DiscoveryCloudSqlFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name.
DiscoveryCloudSqlGenerationCadence
How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity.
DiscoveryCloudSqlGenerationCadence.Types
Container for nested types declared in the DiscoveryCloudSqlGenerationCadence message type.
DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence
How frequently to modify the profile when the table's schema is modified.
DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence.Types
Container for nested types declared in the SchemaModifiedCadence message type.
DiscoveryCloudStorageConditions
Requirements that must be true before a Cloud Storage bucket or object is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
DiscoveryCloudStorageConditions.Types
Container for nested types declared in the DiscoveryCloudStorageConditions message type.
DiscoveryCloudStorageFilter
Determines which buckets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID and bucket name.
DiscoveryCloudStorageGenerationCadence
How often existing buckets should have their profiles refreshed. New buckets are scanned as quickly as possible depending on system capacity.
DiscoveryConfig
Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project.
The generated data profiles are retained according to the data retention policy.
DiscoveryConfig.Types
Container for nested types declared in the DiscoveryConfig message type.
DiscoveryConfig.Types.OrgConfig
Project and scan location information. Only set when the parent is an org.
DiscoveryConfigName
Resource name for the DiscoveryConfig
resource.
DiscoveryFileStoreConditions
Requirements that must be true before a file store is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
DiscoveryGenerationCadence
What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity.
DiscoveryInspectTemplateModifiedCadence
The cadence at which to update data profiles when the inspection rules
defined by the InspectTemplate
change.
DiscoveryOtherCloudConditions
Requirements that must be true before a resource is profiled for the first time.
DiscoveryOtherCloudFilter
Determines which resources from the other cloud will have profiles generated. Includes the ability to filter by resource names.
DiscoveryOtherCloudGenerationCadence
How often existing resources should have their profiles refreshed. New resources are scanned as quickly as possible depending on system capacity.
DiscoverySchemaModifiedCadence
The cadence at which to update data profiles when a schema is modified.
DiscoveryStartingLocation
The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization.
DiscoveryTableModifiedCadence
The cadence at which to update data profiles when a table is modified.
DiscoveryTarget
Target used to match against for Discovery.
DlpContentName
Resource name for the DlpContent
resource.
DlpJob
Combines all of the information about a DLP job.
DlpJob.Types
Container for nested types declared in the DlpJob message type.
DlpJobName
Resource name for the DlpJob
resource.
DlpService
The Cloud Data Loss Prevention (DLP) API is a service that allows clients to detect the presence of Personally Identifiable Information (PII) and other privacy-sensitive data in user-supplied, unstructured data streams, like text blocks or images. The service also includes methods for sensitive data redaction and scheduling of data scans on Google Cloud Platform based data sets.
To learn more about concepts and find how-to guides see https://cloud.google.com/sensitive-data-protection/docs/.
DlpService.DlpServiceBase
Base class for server-side implementations of DlpService
DlpService.DlpServiceClient
Client for DlpService
DlpServiceClient
DlpService client wrapper, for convenient use.
DlpServiceClientBuilder
Builder class for DlpServiceClient to provide simple configuration of credentials, endpoint etc.
DlpServiceClientImpl
DlpService client wrapper implementation, for convenient use.
DlpServiceSettings
Settings for DlpServiceClient instances.
DocumentLocation
Location of a finding within a document.
EntityId
An entity in a dataset is a field or set of fields that correspond to a
single person. For example, in medical records the EntityId
might be a
patient identifier, or for financial records it might be an account
identifier. This message is used when generalizations or analysis must take
into account that multiple rows correspond to the same entity.
Error
Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
Error.Types
Container for nested types declared in the Error message type.
ExcludeByHotword
The rule to exclude findings based on a hotword. For record inspection of tables, column names are considered hotwords. An example of this is to exclude a finding if it belongs to a BigQuery column that matches a specific pattern.
ExcludeInfoTypes
List of excluded infoTypes.
ExclusionRule
The rule that specifies conditions when findings of infoTypes specified in
InspectionRuleSet
are removed from results.
FieldId
General identifier of a data field in a storage service.
FieldTransformation
The transformation to apply to the field.
FileClusterSummary
The file cluster summary.
FileClusterType
Message used to identify file cluster type being profiled.
FileClusterType.Types
Container for nested types declared in the FileClusterType message type.
FileExtensionInfo
Information regarding the discovered file extension.
FileStoreCollection
Match file stores (e.g. buckets) using regex filters.
FileStoreDataProfile
The profile for a file store.
- Cloud Storage: maps 1:1 with a bucket.
- Amazon S3: maps 1:1 with a bucket.
FileStoreDataProfile.Types
Container for nested types declared in the FileStoreDataProfile message type.
FileStoreDataProfileName
Resource name for the FileStoreDataProfile
resource.
FileStoreInfoTypeSummary
Information regarding the discovered InfoType.
FileStoreRegex
A pattern to match against one or more file stores.
FileStoreRegexes
A collection of regular expressions to determine what file store to match against.
Finding
Represents a piece of potentially sensitive content.
FindingName
Resource name for the Finding
resource.
FinishDlpJobRequest
The request message for finishing a DLP hybrid job.
FixedSizeBucketingConfig
Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.
The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20".
This can be used on data of type: double, long.
If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.
See https://cloud.google.com/sensitive-data-protection/docs/concepts-bucketing to learn more.
GetColumnDataProfileRequest
Request to get a column data profile.
GetConnectionRequest
Request message for GetConnection.
GetDeidentifyTemplateRequest
Request message for GetDeidentifyTemplate.
GetDiscoveryConfigRequest
Request message for GetDiscoveryConfig.
GetDlpJobRequest
The request message for [DlpJobs.GetDlpJob][].
GetFileStoreDataProfileRequest
Request to get a file store data profile.
GetInspectTemplateRequest
Request message for GetInspectTemplate.
GetJobTriggerRequest
Request message for GetJobTrigger.
GetProjectDataProfileRequest
Request to get a project data profile.
GetStoredInfoTypeRequest
Request message for GetStoredInfoType.
GetTableDataProfileRequest
Request to get a table data profile.
HybridContentItem
An individual hybrid item to inspect. Will be stored temporarily during processing.
HybridFindingDetails
Populate to associate additional data with each finding.
HybridInspectDlpJobRequest
Request to search for potentially sensitive info in a custom location.
HybridInspectJobTriggerRequest
Request to search for potentially sensitive info in a custom location.
HybridInspectResponse
Quota exceeded errors will be thrown once quota has been met.
HybridInspectStatistics
Statistics related to processing hybrid inspect requests.
HybridOptions
Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.
ImageLocation
Location of the finding within an image.
ImageTransformations
A type of transformation that is applied over images.
ImageTransformations.Types
Container for nested types declared in the ImageTransformations message type.
ImageTransformations.Types.ImageTransformation
Configuration for determining how redaction of images should occur.
ImageTransformations.Types.ImageTransformation.Types
Container for nested types declared in the ImageTransformation message type.
ImageTransformations.Types.ImageTransformation.Types.AllInfoTypes
Apply transformation to all findings.
ImageTransformations.Types.ImageTransformation.Types.AllText
Apply to all text.
ImageTransformations.Types.ImageTransformation.Types.SelectedInfoTypes
Apply transformation to the selected info_types.
InfoType
Type of information detected by the API.
InfoTypeCategory
Classification of infoTypes to organize them according to geographic location, industry, and data type.
InfoTypeCategory.Types
Container for nested types declared in the InfoTypeCategory message type.
InfoTypeDescription
InfoType description.
InfoTypeStats
Statistics regarding a specific InfoType.
InfoTypeSummary
The infoType details for this column.
InfoTypeTransformations
A type of transformation that will scan unstructured text and
apply various PrimitiveTransformation
s to each finding, where the
transformation is applied to only values that were identified as a specific
info_type.
InfoTypeTransformations.Types
Container for nested types declared in the InfoTypeTransformations message type.
InfoTypeTransformations.Types.InfoTypeTransformation
A transformation to apply to text that is identified as a specific info_type.
InspectConfig
Configuration description of the scanning process. When used with redactContent only info_types and min_likelihood are currently used.
InspectConfig.Types
Container for nested types declared in the InspectConfig message type.
InspectConfig.Types.FindingLimits
Configuration to control the number of findings returned for inspection. This is not used for de-identification or data profiling.
When redacting sensitive data from images, finding limits don't apply. They can cause unexpected or inconsistent results, where only some data is redacted. Don't include finding limits in [RedactImage][google.privacy.dlp.v2.DlpService.RedactImage] requests. Otherwise, Cloud DLP returns an error.
InspectConfig.Types.FindingLimits.Types
Container for nested types declared in the FindingLimits message type.
InspectConfig.Types.FindingLimits.Types.InfoTypeLimit
Max findings configuration per infoType, per content item or long running DlpJob.
InspectConfig.Types.InfoTypeLikelihood
Configuration for setting a minimum likelihood per infotype. Used to customize the minimum likelihood level for specific infotypes in the request. For example, use this if you want to lower the precision for PERSON_NAME without lowering the precision for the other infotypes in the request.
InspectContentRequest
Request to search for potentially sensitive info in a ContentItem.
InspectContentResponse
Results of inspecting an item.
InspectDataSourceDetails
The results of an inspect DataSource job.
InspectDataSourceDetails.Types
Container for nested types declared in the InspectDataSourceDetails message type.
InspectDataSourceDetails.Types.RequestedOptions
Snapshot of the inspection configuration.
InspectDataSourceDetails.Types.Result
All result fields mentioned below are updated while the job is processing.
InspectJobConfig
Controls what and how to inspect for findings.
InspectResult
All the findings for a single scanned item.
InspectTemplate
The inspectTemplate contains a configuration (set of types of sensitive data to be detected) to be used anywhere you otherwise would normally specify InspectConfig. See https://cloud.google.com/sensitive-data-protection/docs/concepts-templates to learn more.
InspectTemplateName
Resource name for the InspectTemplate
resource.
InspectionRule
A single inspection rule to be applied to infoTypes, specified in
InspectionRuleSet
.
InspectionRuleSet
Rule set for modifying a set of infoTypes to alter behavior under certain circumstances, depending on the specific details of the rules within the set.
JobTrigger
Contains a configuration to make API calls on a repeating basis. See https://cloud.google.com/sensitive-data-protection/docs/concepts-job-triggers to learn more.
JobTrigger.Types
Container for nested types declared in the JobTrigger message type.
JobTrigger.Types.Trigger
What event needs to occur for a new job to be started.
JobTriggerName
Resource name for the JobTrigger
resource.
Key
A unique identifier for a Datastore entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts.
Key.Types
Container for nested types declared in the Key message type.
Key.Types.PathElement
A (kind, ID/name) pair used to construct a key path.
If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
KindExpression
A representation of a Datastore kind.
KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt
For more information, see Creating a wrapped key.
Note: When you use Cloud KMS for cryptographic operations, charges apply.
LargeCustomDictionaryConfig
Configuration for a custom dictionary created from a data source of any size
up to the maximum size defined in the
limits page. The
artifacts of dictionary creation are stored in the specified Cloud Storage
location. Consider using CustomInfoType.Dictionary
for smaller dictionaries
that satisfy the size requirements.
LargeCustomDictionaryStats
Summary statistics of a custom dictionary.
ListColumnDataProfilesRequest
Request to list the profiles generated for a given organization or project.
ListColumnDataProfilesResponse
List of profiles generated for a given organization or project.
ListConnectionsRequest
Request message for ListConnections.
ListConnectionsResponse
Response message for ListConnections.
ListDeidentifyTemplatesRequest
Request message for ListDeidentifyTemplates.
ListDeidentifyTemplatesResponse
Response message for ListDeidentifyTemplates.
ListDiscoveryConfigsRequest
Request message for ListDiscoveryConfigs.
ListDiscoveryConfigsResponse
Response message for ListDiscoveryConfigs.
ListDlpJobsRequest
The request message for listing DLP jobs.
ListDlpJobsResponse
The response message for listing DLP jobs.
ListFileStoreDataProfilesRequest
Request to list the file store profiles generated for a given organization or project.
ListFileStoreDataProfilesResponse
List of file store data profiles generated for a given organization or project.
ListInfoTypesRequest
Request for the list of infoTypes.
ListInfoTypesResponse
Response to the ListInfoTypes request.
ListInspectTemplatesRequest
Request message for ListInspectTemplates.
ListInspectTemplatesResponse
Response message for ListInspectTemplates.
ListJobTriggersRequest
Request message for ListJobTriggers.
ListJobTriggersResponse
Response message for ListJobTriggers.
ListProjectDataProfilesRequest
Request to list the profiles generated for a given organization or project.
ListProjectDataProfilesResponse
List of profiles generated for a given organization or project.
ListStoredInfoTypesRequest
Request message for ListStoredInfoTypes.
ListStoredInfoTypesResponse
Response message for ListStoredInfoTypes.
ListTableDataProfilesRequest
Request to list the profiles generated for a given organization or project.
ListTableDataProfilesResponse
List of profiles generated for a given organization or project.
Location
Specifies the location of the finding.
Manual
Job trigger option for hybrid jobs. Jobs must be manually created and finished.
MetadataLocation
Metadata Location
OrganizationLocationName
Resource name for the OrganizationLocation
resource.
OtherCloudDiscoveryStartingLocation
The other cloud starting location for discovery.
OtherCloudDiscoveryStartingLocation.Types
Container for nested types declared in the OtherCloudDiscoveryStartingLocation message type.
OtherCloudDiscoveryStartingLocation.Types.AwsDiscoveryStartingLocation
The AWS starting location for discovery.
OtherCloudDiscoveryTarget
Target used to match against for discovery of resources from other clouds. An AWS connector in Security Command Center (Enterprise is required to use this feature.
OtherCloudResourceCollection
Match resources using regex filters.
OtherCloudResourceRegex
A pattern to match against one or more resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
OtherCloudResourceRegexes
A collection of regular expressions to determine what resources to match against.
OtherCloudSingleResourceReference
Identifies a single resource, like a single Amazon S3 bucket.
OtherInfoTypeSummary
Infotype details for other infoTypes found within a column.
OutputStorageConfig
Cloud repository for storing output.
OutputStorageConfig.Types
Container for nested types declared in the OutputStorageConfig message type.
PartitionId
Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty.
A partition ID contains several dimensions: project ID and namespace ID.
PrimitiveTransformation
A rule for transforming a value.
PrivacyMetric
Privacy metric to compute for reidentification risk analysis.
PrivacyMetric.Types
Container for nested types declared in the PrivacyMetric message type.
PrivacyMetric.Types.CategoricalStatsConfig
Compute numerical stats over an individual column, including number of distinct values and value count distribution.
PrivacyMetric.Types.DeltaPresenceEstimationConfig
δ-presence metric, used to estimate how likely it is for an attacker to figure out that one given individual appears in a de-identified dataset. Similarly to the k-map metric, we cannot compute δ-presence exactly without knowing the attack dataset, so we use a statistical model instead.
PrivacyMetric.Types.KAnonymityConfig
k-anonymity metric, used for analysis of reidentification risk.
PrivacyMetric.Types.KMapEstimationConfig
Reidentifiability metric. This corresponds to a risk model similar to what is called "journalist risk" in the literature, except the attack dataset is statistically modeled instead of being perfectly known. This can be done using publicly available data (like the US Census), or using a custom statistical model (indicated as one or several BigQuery tables), or by extrapolating from the distribution of values in the input dataset.
PrivacyMetric.Types.KMapEstimationConfig.Types
Container for nested types declared in the KMapEstimationConfig message type.
PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable
An auxiliary table contains statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).
PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable.Types
Container for nested types declared in the AuxiliaryTable message type.
PrivacyMetric.Types.KMapEstimationConfig.Types.AuxiliaryTable.Types.QuasiIdField
A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.
PrivacyMetric.Types.KMapEstimationConfig.Types.TaggedField
A column with a semantic tag attached.
PrivacyMetric.Types.LDiversityConfig
l-diversity metric, used for analysis of reidentification risk.
PrivacyMetric.Types.NumericalStatsConfig
Compute numerical stats over an individual column, including min, max, and quantiles.
ProfileStatus
Success or errors for the profile generation.
ProjectDataProfile
An aggregated profile for this project, based on the resources profiled within it.
ProjectDataProfileName
Resource name for the ProjectDataProfile
resource.
QuasiId
A column with a semantic tag attached.
QuoteInfo
Message for infoType-dependent details parsed from quote.
Range
Generic half-open interval [start, end)
RecordCondition
A condition for determining whether a transformation should be applied to a field.
RecordCondition.Types
Container for nested types declared in the RecordCondition message type.
RecordCondition.Types.Condition
The field type of value
and field
do not need to match to be
considered equal, but not all comparisons are possible.
EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
but all other comparisons are invalid with incompatible types.
A value
of type:
string
can be compared against all other typesboolean
can only be compared against other booleansinteger
can be compared against doubles or a string if the string value can be parsed as an integer.double
can be compared against integers or a string if the string can be parsed as a double.Timestamp
can be compared against strings in RFC 3339 date string format.TimeOfDay
can be compared against timestamps and strings in the format of 'HH:mm:ss'.
If we fail to compare do to type mismatch, a warning will be given and the condition will evaluate to false.
RecordCondition.Types.Conditions
A collection of conditions.
RecordCondition.Types.Expressions
An expression, consisting of an operator and conditions.
RecordCondition.Types.Expressions.Types
Container for nested types declared in the Expressions message type.
RecordKey
Message for a unique key indicating a record that contains a finding.
RecordLocation
Location of a finding within a row or record.
RecordSuppression
Configuration to suppress records whose suppression conditions evaluate to true.
RecordTransformation
The field in a record to transform.
RecordTransformations
A type of transformation that is applied over structured data such as a table.
RedactConfig
Redact a given value. For example, if used with an InfoTypeTransformation
transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the
output would be 'My phone number is '.
RedactImageRequest
Request to search for potentially sensitive info in an image and redact it by covering it with a colored rectangle.
RedactImageRequest.Types
Container for nested types declared in the RedactImageRequest message type.
RedactImageRequest.Types.ImageRedactionConfig
Configuration for determining how redaction of images should occur.
RedactImageResponse
Results of redacting an image.
ReidentifyContentRequest
Request to re-identify an item.
ReidentifyContentResponse
Results of re-identifying an item.
ReplaceDictionaryConfig
Replace each input value with a value randomly selected from the dictionary.
ReplaceValueConfig
Replace each input value with a given Value
.
ReplaceWithInfoTypeConfig
Replace each matching finding with the name of the info_type.
RiskAnalysisJobConfig
Configuration for a risk analysis job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-risk-analysis to learn more.
Schedule
Schedule for inspect job triggers.
SearchConnectionsRequest
Request message for SearchConnections.
SearchConnectionsResponse
Response message for SearchConnections.
SecretManagerCredential
A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager charges apply.
SecretsDiscoveryTarget
Discovery target for credentials and secrets in cloud resource metadata.
This target does not include any filtering or frequency controls. Cloud DLP will scan cloud resource metadata for secrets daily.
No inspect template should be included in the discovery config for a security benchmarks scan. Instead, the built-in list of secrets and credentials infoTypes will be used (see https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets).
Credentials and secrets discovered will be reported as vulnerabilities to Security Command Center.
SensitivityScore
Score is calculated from of all elements in the data profile. A higher level means the data is more sensitive.
SensitivityScore.Types
Container for nested types declared in the SensitivityScore message type.
StatisticalTable
An auxiliary table containing statistical information on the relative frequency of different quasi-identifiers values. It has one or several quasi-identifiers columns, and one column that indicates the relative frequency of each quasi-identifier tuple. If a tuple is present in the data but not in the auxiliary table, the corresponding relative frequency is assumed to be zero (and thus, the tuple is highly reidentifiable).
StatisticalTable.Types
Container for nested types declared in the StatisticalTable message type.
StatisticalTable.Types.QuasiIdentifierField
A quasi-identifier column has a custom_tag, used to know which column in the data corresponds to which column in the statistical model.
StorageConfig
Shared message indicating Cloud storage type.
StorageConfig.Types
Container for nested types declared in the StorageConfig message type.
StorageConfig.Types.TimespanConfig
Configuration of the timespan of the items to include in scanning. Currently only supported when inspecting Cloud Storage and BigQuery.
StorageMetadataLabel
Storage metadata label to indicate which metadata entry contains findings.
StoredInfoType
StoredInfoType resource message that contains information about the current version and any pending updates.
StoredInfoTypeConfig
Configuration for stored infoTypes. All fields and subfield are provided by the user. For more information, see https://cloud.google.com/sensitive-data-protection/docs/creating-custom-infotypes.
StoredInfoTypeName
Resource name for the StoredInfoType
resource.
StoredInfoTypeStats
Statistics for a StoredInfoType.
StoredInfoTypeVersion
Version of a StoredInfoType, including the configuration used to build it, create timestamp, and current state.
StoredType
A reference to a StoredInfoType to use with scanning.
Table
Structured content to inspect. Up to 50,000 Value
s per request allowed. See
https://cloud.google.com/sensitive-data-protection/docs/inspecting-structured-text#inspecting_a_table
to learn more.
Table.Types
Container for nested types declared in the Table message type.
Table.Types.Row
Values of the row.
TableDataProfile
The profile for a scanned table.
TableDataProfile.Types
Container for nested types declared in the TableDataProfile message type.
TableDataProfileName
Resource name for the TableDataProfile
resource.
TableLocation
Location of a finding within a table.
TableOptions
Instructions regarding the table content being inspected.
TableReference
Message defining the location of a BigQuery table with the projectId inferred from the parent project.
TimePartConfig
For use with Date
, Timestamp
, and TimeOfDay
, extract or preserve a
portion of the value.
TimePartConfig.Types
Container for nested types declared in the TimePartConfig message type.
TransformationConfig
User specified templates and configs for how to deidentify structured, unstructures, and image files. User must provide either a unstructured deidentify template or at least one redact image config.
TransformationDescription
A flattened description of a PrimitiveTransformation
or
RecordSuppression
.
TransformationDetails
Details about a single transformation. This object contains a description of the transformation, information about whether the transformation was successfully applied, and the precise location where the transformation occurred. These details are stored in a user-specified BigQuery table.
TransformationDetailsStorageConfig
Config for storing transformation details.
TransformationErrorHandling
How to handle transformation errors during de-identification. A
transformation error occurs when the requested transformation is incompatible
with the data. For example, trying to de-identify an IP address using a
DateShift
transformation would result in a transformation error, since date
info cannot be extracted from an IP address.
Information about any incompatible transformations, and how they were
handled, is returned in the response as part of the
TransformationOverviews
.
TransformationErrorHandling.Types
Container for nested types declared in the TransformationErrorHandling message type.
TransformationErrorHandling.Types.LeaveUntransformed
Skips the data without modifying it if the requested transformation would
cause an error. For example, if a DateShift
transformation were applied
an an IP address, this mode would leave the IP address unchanged in the
response.
TransformationErrorHandling.Types.ThrowError
Throw an error and fail the request when a transformation error occurs.
TransformationLocation
Specifies the location of a transformation.
TransformationOverview
Overview of the modifications that occurred.
TransformationResultStatus
The outcome of a transformation.
TransformationSummary
Summary of a single transformation. Only one of 'transformation', 'field_transformation', or 'record_suppress' will be set.
TransformationSummary.Types
Container for nested types declared in the TransformationSummary message type.
TransformationSummary.Types.SummaryResult
A collection that informs the user the number of times a particular
TransformationResultCode
and error details occurred.
TransientCryptoKey
Use this to have a random data crypto key generated. It will be discarded after the request finishes.
UnwrappedCryptoKey
Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.
UpdateConnectionRequest
Request message for UpdateConnection.
UpdateDeidentifyTemplateRequest
Request message for UpdateDeidentifyTemplate.
UpdateDiscoveryConfigRequest
Request message for UpdateDiscoveryConfig.
UpdateInspectTemplateRequest
Request message for UpdateInspectTemplate.
UpdateJobTriggerRequest
Request message for UpdateJobTrigger.
UpdateStoredInfoTypeRequest
Request message for UpdateStoredInfoType.
Value
Set of primitive values supported by the system. Note that for the purposes of inspection or transformation, the number of bytes considered to comprise a 'Value' is based on its representation as a UTF-8 encoded string. For example, if 'integer_value' is set to 123456789, the number of bytes would be counted as 9, even though an int64 only holds up to 8 bytes of data.
ValueFrequency
A value of a field, including its frequency.
VersionDescription
Details about each available version for an infotype.
Enums
Action.ActionOneofCase
Enum of possible cases for the "action" oneof.
Action.Types.Deidentify.OutputOneofCase
Enum of possible cases for the "output" oneof.
ActionDetails.DetailsOneofCase
Enum of possible cases for the "details" oneof.
AmazonS3BucketConditions.Types.BucketType
Supported Amazon S3 bucket types. Defaults to TYPE_ALL_SUPPORTED.
AmazonS3BucketConditions.Types.ObjectStorageClass
Supported Amazon S3 object storage classes. Defaults to ALL_SUPPORTED_CLASSES.
AnalyzeDataSourceRiskDetails.ResultOneofCase
Enum of possible cases for the "result" oneof.
BigQueryDiscoveryTarget.FrequencyOneofCase
Enum of possible cases for the "frequency" oneof.
BigQueryOptions.Types.SampleMethod
How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either rows_limit or rows_limit_percent. If not specified, rows are scanned in the order BigQuery reads them.
BigQuerySchemaModification
Attributes evaluated to determine if a schema has been modified. New values may be added at a later time.
BigQueryTableCollection.PatternOneofCase
Enum of possible cases for the "pattern" oneof.
BigQueryTableModification
Attributes evaluated to determine if a table has been modified. New values may be added at a later time.
BigQueryTableType
Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, SNAPSHOT, and non-BigLake external tables are not supported.
BigQueryTableTypeCollection
Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, and SNAPSHOT are not supported.
ByteContentItem.Types.BytesType
The type of data being sent for inspection. To learn more, see Supported file types.
CharsToIgnore.CharactersOneofCase
Enum of possible cases for the "characters" oneof.
CharsToIgnore.Types.CommonCharsToIgnore
Convenience enum for indicating common characters to not transform.
CloudSqlDiscoveryTarget.CadenceOneofCase
Enum of possible cases for the "cadence" oneof.
CloudSqlProperties.CredentialOneofCase
Enum of possible cases for the "credential" oneof.
CloudSqlProperties.Types.DatabaseEngine
Database engine of a Cloud SQL instance. New values may be added over time.
CloudStorageDiscoveryTarget.CadenceOneofCase
Enum of possible cases for the "cadence" oneof.
CloudStorageOptions.Types.SampleMethod
How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytes_limit_per_file. If not specified, scanning would start from the top.
ColumnDataProfile.Types.ColumnDataType
Data types of the data in a column. Types may be added over time.
ColumnDataProfile.Types.ColumnPolicyState
The possible policy states for a column.
ColumnDataProfile.Types.State
Possible states of a profile. New items may be added.
ColumnDataProfileName.ResourceNameType
The possible contents of ColumnDataProfileName.
Connection.PropertiesOneofCase
Enum of possible cases for the "properties" oneof.
ConnectionName.ResourceNameType
The possible contents of ConnectionName.
ConnectionState
State of the connection. New values may be added over time.
ContentItem.DataItemOneofCase
Enum of possible cases for the "data_item" oneof.
ContentLocation.LocationOneofCase
Enum of possible cases for the "location" oneof.
ContentOption
Deprecated and unused.
CreateDlpJobRequest.JobOneofCase
Enum of possible cases for the "job" oneof.
CryptoKey.SourceOneofCase
Enum of possible cases for the "source" oneof.
CryptoReplaceFfxFpeConfig.AlphabetOneofCase
Enum of possible cases for the "alphabet" oneof.
CryptoReplaceFfxFpeConfig.Types.FfxCommonNativeAlphabet
These are commonly used subsets of the alphabet that the FFX mode natively supports. In the algorithm, the alphabet is selected using the "radix". Therefore each corresponds to a particular radix.
CustomInfoType.TypeOneofCase
Enum of possible cases for the "type" oneof.
CustomInfoType.Types.DetectionRule.TypeOneofCase
Enum of possible cases for the "type" oneof.
CustomInfoType.Types.DetectionRule.Types.LikelihoodAdjustment.AdjustmentOneofCase
Enum of possible cases for the "adjustment" oneof.
CustomInfoType.Types.Dictionary.SourceOneofCase
Enum of possible cases for the "source" oneof.
CustomInfoType.Types.ExclusionType
Type of exclusion rule.
DataProfileAction.ActionOneofCase
Enum of possible cases for the "action" oneof.
DataProfileAction.Types.EventType
Types of event that can trigger an action.
DataProfileAction.Types.PubSubNotification.Types.DetailLevel
The levels of detail that can be included in the Pub/Sub message.
DataProfileAction.Types.TagResources.Types.TagCondition.TypeOneofCase
Enum of possible cases for the "type" oneof.
DataProfileAction.Types.TagResources.Types.TagValue.FormatOneofCase
Enum of possible cases for the "format" oneof.
DataProfileBigQueryRowSchema.DataProfileOneofCase
Enum of possible cases for the "data_profile" oneof.
DataProfileLocation.LocationOneofCase
Enum of possible cases for the "location" oneof.
DataProfilePubSubCondition.Types.ProfileScoreBucket
Various score levels for resources.
DataProfilePubSubCondition.Types.PubSubCondition.ValueOneofCase
Enum of possible cases for the "value" oneof.
DataProfilePubSubCondition.Types.PubSubExpressions.Types.PubSubLogicalOperator
Logical operators for conditional checks.
DataProfileUpdateFrequency
How frequently data profiles can be updated. New options can be added at a later time.
DataRiskLevel.Types.DataRiskLevelScore
Various score levels for resources.
DatabaseResourceCollection.PatternOneofCase
Enum of possible cases for the "pattern" oneof.
DateShiftConfig.MethodOneofCase
Enum of possible cases for the "method" oneof.
DeidentifyConfig.TransformationOneofCase
Enum of possible cases for the "transformation" oneof.
DeidentifyTemplateName.ResourceNameType
The possible contents of DeidentifyTemplateName.
DiscoveryBigQueryConditions.IncludedTypesOneofCase
Enum of possible cases for the "included_types" oneof.
DiscoveryBigQueryFilter.FilterOneofCase
Enum of possible cases for the "filter" oneof.
DiscoveryCloudSqlConditions.Types.DatabaseEngine
The database engines that should be profiled.
DiscoveryCloudSqlConditions.Types.DatabaseResourceType
Cloud SQL database resource types. New values can be added at a later time.
DiscoveryCloudSqlFilter.FilterOneofCase
Enum of possible cases for the "filter" oneof.
DiscoveryCloudSqlGenerationCadence.Types.SchemaModifiedCadence.Types.CloudSqlSchemaModification
The type of modification that causes a profile update.
DiscoveryCloudStorageConditions.Types.CloudStorageBucketAttribute
The attribute of a bucket.
DiscoveryCloudStorageConditions.Types.CloudStorageObjectAttribute
The attribute of an object. See https://cloud.google.com/storage/docs/storage-classes for more information on storage classes.
DiscoveryCloudStorageFilter.FilterOneofCase
Enum of possible cases for the "filter" oneof.
DiscoveryConfig.Types.Status
Whether the discovery config is currently active. New options may be added at a later time.
DiscoveryConfigName.ResourceNameType
The possible contents of DiscoveryConfigName.
DiscoveryFileStoreConditions.ConditionsOneofCase
Enum of possible cases for the "conditions" oneof.
DiscoveryOtherCloudConditions.ConditionsOneofCase
Enum of possible cases for the "conditions" oneof.
DiscoveryOtherCloudFilter.FilterOneofCase
Enum of possible cases for the "filter" oneof.
DiscoveryStartingLocation.LocationOneofCase
Enum of possible cases for the "location" oneof.
DiscoveryTarget.TargetOneofCase
Enum of possible cases for the "target" oneof.
DlpContentName.ResourceNameType
The possible contents of DlpContentName.
DlpJob.DetailsOneofCase
Enum of possible cases for the "details" oneof.
DlpJob.Types.JobState
Possible states of a job. New items may be added.
DlpJobName.ResourceNameType
The possible contents of DlpJobName.
DlpJobType
An enum to represent the various types of DLP jobs.
EncryptionStatus
How a resource is encrypted.
Error.Types.ErrorExtraInfo
Additional information about the error.
ExclusionRule.TypeOneofCase
Enum of possible cases for the "type" oneof.
FieldTransformation.TransformationOneofCase
Enum of possible cases for the "transformation" oneof.
FileClusterType.FileClusterTypeOneofCase
Enum of possible cases for the "file_cluster_type" oneof.
FileClusterType.Types.Cluster
Cluster type. Each cluster corresponds to a set of file types. Over time, new types may be added and files may move between clusters.
FileStoreCollection.PatternOneofCase
Enum of possible cases for the "pattern" oneof.
FileStoreDataProfile.Types.State
Possible states of a profile. New items may be added.
FileStoreDataProfileName.ResourceNameType
The possible contents of FileStoreDataProfileName.
FileStoreRegex.ResourceRegexOneofCase
Enum of possible cases for the "resource_regex" oneof.
FileType
Definitions of file type groups to scan. New types will be added to this list.
FindingName.ResourceNameType
The possible contents of FindingName.
ImageTransformations.Types.ImageTransformation.TargetOneofCase
Enum of possible cases for the "target" oneof.
InfoTypeCategory.CategoryOneofCase
Enum of possible cases for the "category" oneof.
InfoTypeCategory.Types.IndustryCategory
Enum of the current industries in the category. We might add more industries in the future.
InfoTypeCategory.Types.LocationCategory
Enum of the current locations. We might add more locations in the future.
InfoTypeCategory.Types.TypeCategory
Enum of the current types in the category. We might add more types in the future.
InfoTypeSupportedBy
Parts of the APIs which use certain infoTypes.
InspectTemplateName.ResourceNameType
The possible contents of InspectTemplateName.
InspectionRule.TypeOneofCase
Enum of possible cases for the "type" oneof.
JobTrigger.JobOneofCase
Enum of possible cases for the "job" oneof.
JobTrigger.Types.Status
Whether the trigger is currently active. If PAUSED or CANCELLED, no jobs will be created with this configuration. The service may automatically pause triggers experiencing frequent errors. To restart a job, set the status to HEALTHY after correcting user errors.
JobTrigger.Types.Trigger.TriggerOneofCase
Enum of possible cases for the "trigger" oneof.
JobTriggerName.ResourceNameType
The possible contents of JobTriggerName.
Key.Types.PathElement.IdTypeOneofCase
Enum of possible cases for the "id_type" oneof.
LargeCustomDictionaryConfig.SourceOneofCase
Enum of possible cases for the "source" oneof.
Likelihood
Coarse-grained confidence level of how well a particular finding satisfies the criteria to match a particular infoType.
Likelihood is calculated based on the number of signals a finding has that implies that the finding matches the infoType. For example, a string that has an '@' and a '.com' is more likely to be a match for an email address than a string that only has an '@'.
In general, the highest likelihood level has the strongest signals that indicate a match. That is, a finding with a high likelihood has a low chance of being a false positive.
For more information about each likelihood level and how likelihood works, see Match likelihood.
MatchingType
Type of the match which can be applied to different ways of matching, like Dictionary, regular expression and intersecting with findings of another info type.
MetadataLocation.LabelOneofCase
Enum of possible cases for the "label" oneof.
MetadataType
Type of metadata containing the finding.
NullPercentageLevel
Bucketized nullness percentage levels. A higher level means a higher percentage of the column is null.
OrganizationLocationName.ResourceNameType
The possible contents of OrganizationLocationName.
OtherCloudDiscoveryStartingLocation.LocationOneofCase
Enum of possible cases for the "location" oneof.
OtherCloudDiscoveryStartingLocation.Types.AwsDiscoveryStartingLocation.ScopeOneofCase
Enum of possible cases for the "scope" oneof.
OtherCloudDiscoveryTarget.CadenceOneofCase
Enum of possible cases for the "cadence" oneof.
OtherCloudResourceCollection.PatternOneofCase
Enum of possible cases for the "pattern" oneof.
OtherCloudResourceRegex.ResourceRegexOneofCase
Enum of possible cases for the "resource_regex" oneof.
OtherCloudSingleResourceReference.ResourceOneofCase
Enum of possible cases for the "resource" oneof.
OutputStorageConfig.TypeOneofCase
Enum of possible cases for the "type" oneof.
OutputStorageConfig.Types.OutputSchema
Predefined schemas for storing findings. Only for use with external storage.
PrimitiveTransformation.TransformationOneofCase
Enum of possible cases for the "transformation" oneof.
PrivacyMetric.TypeOneofCase
Enum of possible cases for the "type" oneof.
PrivacyMetric.Types.KMapEstimationConfig.Types.TaggedField.TagOneofCase
Enum of possible cases for the "tag" oneof.
ProfileGeneration
Whether a profile being created is the first generation or an update.
ProjectDataProfileName.ResourceNameType
The possible contents of ProjectDataProfileName.
QuasiId.TagOneofCase
Enum of possible cases for the "tag" oneof.
QuoteInfo.ParsedQuoteOneofCase
Enum of possible cases for the "parsed_quote" oneof.
RecordCondition.Types.Expressions.TypeOneofCase
Enum of possible cases for the "type" oneof.
RecordCondition.Types.Expressions.Types.LogicalOperator
Logical operators for conditional checks.
RecordKey.TypeOneofCase
Enum of possible cases for the "type" oneof.
RedactImageRequest.Types.ImageRedactionConfig.TargetOneofCase
Enum of possible cases for the "target" oneof.
RelationalOperator
Operators available for comparing the value of fields.
ReplaceDictionaryConfig.TypeOneofCase
Enum of possible cases for the "type" oneof.
ResourceVisibility
How broadly the data in the resource has been shared. New items may be added over time. A higher number means more restricted.
Schedule.OptionOneofCase
Enum of possible cases for the "option" oneof.
SensitivityScore.Types.SensitivityScoreLevel
Various sensitivity score levels for resources.
StorageConfig.TypeOneofCase
Enum of possible cases for the "type" oneof.
StoredInfoTypeConfig.TypeOneofCase
Enum of possible cases for the "type" oneof.
StoredInfoTypeName.ResourceNameType
The possible contents of StoredInfoTypeName.
StoredInfoTypeState
State of a StoredInfoType version.
StoredInfoTypeStats.TypeOneofCase
Enum of possible cases for the "type" oneof.
TableDataProfile.Types.State
Possible states of a profile. New items may be added.
TableDataProfileName.ResourceNameType
The possible contents of TableDataProfileName.
TimePartConfig.Types.TimePart
Components that make up time.
TransformationContainerType
Describes functionality of a given container in its original format.
TransformationDetailsStorageConfig.TypeOneofCase
Enum of possible cases for the "type" oneof.
TransformationErrorHandling.ModeOneofCase
Enum of possible cases for the "mode" oneof.
TransformationLocation.LocationTypeOneofCase
Enum of possible cases for the "location_type" oneof.
TransformationResultStatusType
Enum of possible outcomes of transformations. SUCCESS if transformation and storing of transformation was successful, otherwise, reason for not transforming.
TransformationSummary.Types.TransformationResultCode
Possible outcomes of transformations.
TransformationType
An enum of rules that can be used to transform a value. Can be a
record suppression, or one of the transformation rules specified under
PrimitiveTransformation
.
UniquenessScoreLevel
Bucketized uniqueness score levels. A higher uniqueness score is a strong signal that the column may contain a unique identifier like user id. A low value indicates that the column contains few unique values like booleans or other classifiers.
Value.TypeOneofCase
Enum of possible cases for the "type" oneof.