1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com
13spec:
14 group: dlp.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: DLPDeidentifyTemplate
19 plural: dlpdeidentifytemplates
20 shortNames:
21 - gcpdlpdeidentifytemplate
22 - gcpdlpdeidentifytemplates
23 singular: dlpdeidentifytemplate
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 oneOf:
61 - required:
62 - organizationRef
63 - required:
64 - projectRef
65 properties:
66 deidentifyConfig:
67 description: The core content of the template.
68 properties:
69 infoTypeTransformations:
70 description: Treat the dataset as free-form text and apply the
71 same free text transformation everywhere.
72 properties:
73 transformations:
74 description: Required. Transformation for each infoType. Cannot
75 specify more than one for a given infoType.
76 items:
77 properties:
78 infoTypes:
79 description: InfoTypes to apply the transformation to.
80 An empty list will cause this transformation to apply
81 to all findings that correspond to infoTypes that
82 were requested in `InspectConfig`.
83 items:
84 properties:
85 name:
86 description: Name of the information type. Either
87 a name of your choosing when creating a CustomInfoType,
88 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
89 when specifying a built-in type. When sending
90 Cloud DLP results to Data Catalog, infoType
91 names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
92 type: string
93 type: object
94 type: array
95 primitiveTransformation:
96 description: Required. Primitive transformation to apply
97 to the infoType.
98 properties:
99 bucketingConfig:
100 description: Bucketing
101 properties:
102 buckets:
103 description: Set of buckets. Ranges must be
104 non-overlapping.
105 items:
106 properties:
107 max:
108 description: Upper bound of the range,
109 exclusive; type must match min.
110 properties:
111 booleanValue:
112 description: boolean
113 type: boolean
114 dateValue:
115 description: date
116 properties:
117 day:
118 description: Day of a month. Must
119 be from 1 to 31 and valid for
120 the year and month, or 0 to
121 specify a year by itself or
122 a year and month where the day
123 isn't significant.
124 format: int64
125 type: integer
126 month:
127 description: Month of a year.
128 Must be from 1 to 12, or 0 to
129 specify a year without a month
130 and day.
131 format: int64
132 type: integer
133 year:
134 description: Year of the date.
135 Must be from 1 to 9999, or 0
136 to specify a date without a
137 year.
138 format: int64
139 type: integer
140 type: object
141 dayOfWeekValue:
142 description: 'day of week Possible
143 values: DAY_OF_WEEK_UNSPECIFIED,
144 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
145 FRIDAY, SATURDAY, SUNDAY'
146 type: string
147 floatValue:
148 description: float
149 format: double
150 type: number
151 integerValue:
152 description: integer
153 format: int64
154 type: integer
155 stringValue:
156 description: string
157 type: string
158 timeValue:
159 description: time of day
160 properties:
161 hours:
162 description: Hours of day in 24
163 hour format. Should be from
164 0 to 23. An API may choose to
165 allow the value "24:00:00" for
166 scenarios like business closing
167 time.
168 format: int64
169 type: integer
170 minutes:
171 description: Minutes of hour of
172 day. Must be from 0 to 59.
173 format: int64
174 type: integer
175 nanos:
176 description: Fractions of seconds
177 in nanoseconds. Must be from
178 0 to 999,999,999.
179 format: int64
180 type: integer
181 seconds:
182 description: Seconds of minutes
183 of the time. Must normally be
184 from 0 to 59. An API may allow
185 the value 60 if it allows leap-seconds.
186 format: int64
187 type: integer
188 type: object
189 timestampValue:
190 description: timestamp
191 format: date-time
192 type: string
193 type: object
194 min:
195 description: Lower bound of the range,
196 inclusive. Type should be the same as
197 max if used.
198 properties:
199 booleanValue:
200 description: boolean
201 type: boolean
202 dateValue:
203 description: date
204 properties:
205 day:
206 description: Day of a month. Must
207 be from 1 to 31 and valid for
208 the year and month, or 0 to
209 specify a year by itself or
210 a year and month where the day
211 isn't significant.
212 format: int64
213 type: integer
214 month:
215 description: Month of a year.
216 Must be from 1 to 12, or 0 to
217 specify a year without a month
218 and day.
219 format: int64
220 type: integer
221 year:
222 description: Year of the date.
223 Must be from 1 to 9999, or 0
224 to specify a date without a
225 year.
226 format: int64
227 type: integer
228 type: object
229 dayOfWeekValue:
230 description: 'day of week Possible
231 values: DAY_OF_WEEK_UNSPECIFIED,
232 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
233 FRIDAY, SATURDAY, SUNDAY'
234 type: string
235 floatValue:
236 description: float
237 format: double
238 type: number
239 integerValue:
240 description: integer
241 format: int64
242 type: integer
243 stringValue:
244 description: string
245 type: string
246 timeValue:
247 description: time of day
248 properties:
249 hours:
250 description: Hours of day in 24
251 hour format. Should be from
252 0 to 23. An API may choose to
253 allow the value "24:00:00" for
254 scenarios like business closing
255 time.
256 format: int64
257 type: integer
258 minutes:
259 description: Minutes of hour of
260 day. Must be from 0 to 59.
261 format: int64
262 type: integer
263 nanos:
264 description: Fractions of seconds
265 in nanoseconds. Must be from
266 0 to 999,999,999.
267 format: int64
268 type: integer
269 seconds:
270 description: Seconds of minutes
271 of the time. Must normally be
272 from 0 to 59. An API may allow
273 the value 60 if it allows leap-seconds.
274 format: int64
275 type: integer
276 type: object
277 timestampValue:
278 description: timestamp
279 format: date-time
280 type: string
281 type: object
282 replacementValue:
283 description: Required. Replacement value
284 for this bucket.
285 properties:
286 booleanValue:
287 description: boolean
288 type: boolean
289 dateValue:
290 description: date
291 properties:
292 day:
293 description: Day of a month. Must
294 be from 1 to 31 and valid for
295 the year and month, or 0 to
296 specify a year by itself or
297 a year and month where the day
298 isn't significant.
299 format: int64
300 type: integer
301 month:
302 description: Month of a year.
303 Must be from 1 to 12, or 0 to
304 specify a year without a month
305 and day.
306 format: int64
307 type: integer
308 year:
309 description: Year of the date.
310 Must be from 1 to 9999, or 0
311 to specify a date without a
312 year.
313 format: int64
314 type: integer
315 type: object
316 dayOfWeekValue:
317 description: 'day of week Possible
318 values: DAY_OF_WEEK_UNSPECIFIED,
319 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
320 FRIDAY, SATURDAY, SUNDAY'
321 type: string
322 floatValue:
323 description: float
324 format: double
325 type: number
326 integerValue:
327 description: integer
328 format: int64
329 type: integer
330 stringValue:
331 description: string
332 type: string
333 timeValue:
334 description: time of day
335 properties:
336 hours:
337 description: Hours of day in 24
338 hour format. Should be from
339 0 to 23. An API may choose to
340 allow the value "24:00:00" for
341 scenarios like business closing
342 time.
343 format: int64
344 type: integer
345 minutes:
346 description: Minutes of hour of
347 day. Must be from 0 to 59.
348 format: int64
349 type: integer
350 nanos:
351 description: Fractions of seconds
352 in nanoseconds. Must be from
353 0 to 999,999,999.
354 format: int64
355 type: integer
356 seconds:
357 description: Seconds of minutes
358 of the time. Must normally be
359 from 0 to 59. An API may allow
360 the value 60 if it allows leap-seconds.
361 format: int64
362 type: integer
363 type: object
364 timestampValue:
365 description: timestamp
366 format: date-time
367 type: string
368 type: object
369 required:
370 - replacementValue
371 type: object
372 type: array
373 type: object
374 characterMaskConfig:
375 description: Mask
376 properties:
377 charactersToIgnore:
378 description: When masking a string, items in
379 this list will be skipped when replacing characters.
380 For example, if the input string is `555-555-5555`
381 and you instruct Cloud DLP to skip `-` and
382 mask 5 characters with `*`, Cloud DLP returns
383 `***-**5-5555`.
384 items:
385 properties:
386 charactersToSkip:
387 description: Characters to not transform
388 when masking.
389 type: string
390 commonCharactersToIgnore:
391 description: 'Common characters to not
392 transform when masking. Useful to avoid
393 removing punctuation. Possible values:
394 COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
395 NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE,
396 PUNCTUATION, WHITESPACE'
397 type: string
398 type: object
399 type: array
400 maskingCharacter:
401 description: Character to use to mask the sensitive
402 values—for example, `*` for an alphabetic
403 string such as a name, or `0` for a numeric
404 string such as ZIP code or credit card number.
405 This string must have a length of 1. If not
406 supplied, this value defaults to `*` for strings,
407 and `0` for digits.
408 type: string
409 numberToMask:
410 description: Number of characters to mask. If
411 not set, all matching chars will be masked.
412 Skipped characters do not count towards this
413 tally.
414 format: int64
415 type: integer
416 reverseOrder:
417 description: Mask characters in reverse order.
418 For example, if `masking_character` is `0`,
419 `number_to_mask` is `14`, and `reverse_order`
420 is `false`, then the input string `1234-5678-9012-3456`
421 is masked as `00000000000000-3456`. If `masking_character`
422 is `*`, `number_to_mask` is `3`, and `reverse_order`
423 is `true`, then the string `12345` is masked
424 as `12***`.
425 type: boolean
426 type: object
427 cryptoDeterministicConfig:
428 description: Deterministic Crypto
429 properties:
430 context:
431 description: 'A context may be used for higher
432 security and maintaining referential integrity
433 such that the same identifier in two different
434 contexts will be given a distinct surrogate.
435 The context is appended to plaintext value
436 being encrypted. On decryption the provided
437 context is validated against the value used
438 during encryption. If a context was provided
439 during encryption, same context must be provided
440 during decryption as well. If the context
441 is not set, plaintext would be used as is
442 for encryption. If the context is set but:
443 1. there is no record present when transforming
444 a given value or 2. the field is not present
445 when transforming a given value, plaintext
446 would be used as is for encryption. Note that
447 case (1) is expected when an `InfoTypeTransformation`
448 is applied to both structured and non-structured
449 `ContentItem`s.'
450 properties:
451 name:
452 description: Name describing the field.
453 type: string
454 type: object
455 cryptoKey:
456 description: The key used by the encryption
457 function. For deterministic encryption using
458 AES-SIV, the provided key is internally expanded
459 to 64 bytes prior to use.
460 properties:
461 kmsWrapped:
462 description: Key wrapped using Cloud KMS
463 properties:
464 cryptoKeyRef:
465 oneOf:
466 - not:
467 required:
468 - external
469 required:
470 - name
471 - not:
472 anyOf:
473 - required:
474 - name
475 - required:
476 - namespace
477 required:
478 - external
479 properties:
480 external:
481 description: |-
482 Required. The resource name of the KMS CryptoKey to use for unwrapping.
483
484 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
485 type: string
486 name:
487 description: 'Name of the referent.
488 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
489 type: string
490 namespace:
491 description: 'Namespace of the referent.
492 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
493 type: string
494 type: object
495 wrappedKey:
496 description: Required. The wrapped data
497 crypto key.
498 type: string
499 required:
500 - cryptoKeyRef
501 - wrappedKey
502 type: object
503 transient:
504 description: Transient crypto key
505 properties:
506 name:
507 description: 'Required. Name of the
508 key. This is an arbitrary string used
509 to differentiate different keys. A
510 unique key is generated per name:
511 two separate `TransientCryptoKey`
512 protos share the same generated key
513 if their names are the same. When
514 the data crypto key is generated,
515 this name is not used in any way (repeating
516 the api call will result in a different
517 key being generated).'
518 type: string
519 required:
520 - name
521 type: object
522 unwrapped:
523 description: Unwrapped crypto key
524 properties:
525 key:
526 description: Required. A 128/192/256
527 bit key.
528 type: string
529 required:
530 - key
531 type: object
532 type: object
533 surrogateInfoType:
534 description: 'The custom info type to annotate
535 the surrogate with. This annotation will be
536 applied to the surrogate by prefixing it with
537 the name of the custom info type followed
538 by the number of characters comprising the
539 surrogate. The following scheme defines the
540 format: {info type name}({surrogate character
541 count}):{surrogate} For example, if the name
542 of custom info type is ''MY_TOKEN_INFO_TYPE''
543 and the surrogate is ''abc'', the full replacement
544 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
545 This annotation identifies the surrogate when
546 inspecting content using the custom info type
547 ''Surrogate''. This facilitates reversal of
548 the surrogate when it occurs in free text.
549 Note: For record transformations where the
550 entire cell in a table is being transformed,
551 surrogates are not mandatory. Surrogates are
552 used to denote the location of the token and
553 are necessary for re-identification in free
554 form text. In order for inspection to work
555 properly, the name of this info type must
556 not occur naturally anywhere in your data;
557 otherwise, inspection may either - reverse
558 a surrogate that does not correspond to an
559 actual identifier - be unable to parse the
560 surrogate and result in an error Therefore,
561 choose your custom info type name carefully
562 after considering what your data looks like.
563 One way to select a name that has a high chance
564 of yielding reliable detection is to include
565 one or more unicode characters that are highly
566 improbable to exist in your data. For example,
567 assuming your data is entered from a regular
568 ASCII keyboard, the symbol with the hex code
569 point 29DD might be used like so: ⧝MY_TOKEN_TYPE.'
570 properties:
571 name:
572 description: Name of the information type.
573 Either a name of your choosing when creating
574 a CustomInfoType, or one of the names
575 listed at https://cloud.google.com/dlp/docs/infotypes-reference
576 when specifying a built-in type. When
577 sending Cloud DLP results to Data Catalog,
578 infoType names should conform to the pattern
579 `[A-Za-z0-9$-_]{1,64}`.
580 type: string
581 type: object
582 type: object
583 cryptoHashConfig:
584 description: Crypto
585 properties:
586 cryptoKey:
587 description: The key used by the hash function.
588 properties:
589 kmsWrapped:
590 description: Key wrapped using Cloud KMS
591 properties:
592 cryptoKeyRef:
593 oneOf:
594 - not:
595 required:
596 - external
597 required:
598 - name
599 - not:
600 anyOf:
601 - required:
602 - name
603 - required:
604 - namespace
605 required:
606 - external
607 properties:
608 external:
609 description: |-
610 Required. The resource name of the KMS CryptoKey to use for unwrapping.
611
612 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
613 type: string
614 name:
615 description: 'Name of the referent.
616 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
617 type: string
618 namespace:
619 description: 'Namespace of the referent.
620 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
621 type: string
622 type: object
623 wrappedKey:
624 description: Required. The wrapped data
625 crypto key.
626 type: string
627 required:
628 - cryptoKeyRef
629 - wrappedKey
630 type: object
631 transient:
632 description: Transient crypto key
633 properties:
634 name:
635 description: 'Required. Name of the
636 key. This is an arbitrary string used
637 to differentiate different keys. A
638 unique key is generated per name:
639 two separate `TransientCryptoKey`
640 protos share the same generated key
641 if their names are the same. When
642 the data crypto key is generated,
643 this name is not used in any way (repeating
644 the api call will result in a different
645 key being generated).'
646 type: string
647 required:
648 - name
649 type: object
650 unwrapped:
651 description: Unwrapped crypto key
652 properties:
653 key:
654 description: Required. A 128/192/256
655 bit key.
656 type: string
657 required:
658 - key
659 type: object
660 type: object
661 type: object
662 cryptoReplaceFfxFpeConfig:
663 description: Ffx-Fpe
664 properties:
665 commonAlphabet:
666 description: 'Common alphabets. Possible values:
667 FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC,
668 HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC'
669 type: string
670 context:
671 description: 'The ''tweak'', a context may be
672 used for higher security since the same identifier
673 in two different contexts won''t be given
674 the same surrogate. If the context is not
675 set, a default tweak will be used. If the
676 context is set but: 1. there is no record
677 present when transforming a given value or
678 1. the field is not present when transforming
679 a given value, a default tweak will be used.
680 Note that case (1) is expected when an `InfoTypeTransformation`
681 is applied to both structured and non-structured
682 `ContentItem`s. Currently, the referenced
683 field may be of value type integer or string.
684 The tweak is constructed as a sequence of
685 bytes in big endian byte order such that:
686 - a 64 bit integer is encoded followed by
687 a single byte of value 1 - a string is encoded
688 in UTF-8 format followed by a single byte
689 of value 2'
690 properties:
691 name:
692 description: Name describing the field.
693 type: string
694 type: object
695 cryptoKey:
696 description: Required. The key used by the encryption
697 algorithm.
698 properties:
699 kmsWrapped:
700 description: Key wrapped using Cloud KMS
701 properties:
702 cryptoKeyRef:
703 oneOf:
704 - not:
705 required:
706 - external
707 required:
708 - name
709 - not:
710 anyOf:
711 - required:
712 - name
713 - required:
714 - namespace
715 required:
716 - external
717 properties:
718 external:
719 description: |-
720 Required. The resource name of the KMS CryptoKey to use for unwrapping.
721
722 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
723 type: string
724 name:
725 description: 'Name of the referent.
726 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
727 type: string
728 namespace:
729 description: 'Namespace of the referent.
730 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
731 type: string
732 type: object
733 wrappedKey:
734 description: Required. The wrapped data
735 crypto key.
736 type: string
737 required:
738 - cryptoKeyRef
739 - wrappedKey
740 type: object
741 transient:
742 description: Transient crypto key
743 properties:
744 name:
745 description: 'Required. Name of the
746 key. This is an arbitrary string used
747 to differentiate different keys. A
748 unique key is generated per name:
749 two separate `TransientCryptoKey`
750 protos share the same generated key
751 if their names are the same. When
752 the data crypto key is generated,
753 this name is not used in any way (repeating
754 the api call will result in a different
755 key being generated).'
756 type: string
757 required:
758 - name
759 type: object
760 unwrapped:
761 description: Unwrapped crypto key
762 properties:
763 key:
764 description: Required. A 128/192/256
765 bit key.
766 type: string
767 required:
768 - key
769 type: object
770 type: object
771 customAlphabet:
772 description: 'This is supported by mapping these
773 to the alphanumeric characters that the FFX
774 mode natively supports. This happens before/after
775 encryption/decryption. Each character listed
776 must appear only once. Number of characters
777 must be in the range [2, 95]. This must be
778 encoded as ASCII. The order of characters
779 does not matter. The full list of allowed
780 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
781 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
782 type: string
783 radix:
784 description: The native way to select the alphabet.
785 Must be in the range [2, 95].
786 format: int64
787 type: integer
788 surrogateInfoType:
789 description: 'The custom infoType to annotate
790 the surrogate with. This annotation will be
791 applied to the surrogate by prefixing it with
792 the name of the custom infoType followed by
793 the number of characters comprising the surrogate.
794 The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
795 For example, if the name of custom infoType
796 is ''MY_TOKEN_INFO_TYPE'' and the surrogate
797 is ''abc'', the full replacement value will
798 be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation
799 identifies the surrogate when inspecting content
800 using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
801 This facilitates reversal of the surrogate
802 when it occurs in free text. In order for
803 inspection to work properly, the name of this
804 infoType must not occur naturally anywhere
805 in your data; otherwise, inspection may find
806 a surrogate that does not correspond to an
807 actual identifier. Therefore, choose your
808 custom infoType name carefully after considering
809 what your data looks like. One way to select
810 a name that has a high chance of yielding
811 reliable detection is to include one or more
812 unicode characters that are highly improbable
813 to exist in your data. For example, assuming
814 your data is entered from a regular ASCII
815 keyboard, the symbol with the hex code point
816 29DD might be used like so: ⧝MY_TOKEN_TYPE'
817 properties:
818 name:
819 description: Name of the information type.
820 Either a name of your choosing when creating
821 a CustomInfoType, or one of the names
822 listed at https://cloud.google.com/dlp/docs/infotypes-reference
823 when specifying a built-in type. When
824 sending Cloud DLP results to Data Catalog,
825 infoType names should conform to the pattern
826 `[A-Za-z0-9$-_]{1,64}`.
827 type: string
828 type: object
829 required:
830 - cryptoKey
831 type: object
832 dateShiftConfig:
833 description: Date Shift
834 properties:
835 context:
836 description: Points to the field that contains
837 the context, for example, an entity id. If
838 set, must also set cryptoKey. If set, shift
839 will be consistent for the given context.
840 properties:
841 name:
842 description: Name describing the field.
843 type: string
844 type: object
845 cryptoKey:
846 description: Causes the shift to be computed
847 based on this key and the context. This results
848 in the same shift for the same context and
849 crypto_key. If set, must also set context.
850 Can only be applied to table items.
851 properties:
852 kmsWrapped:
853 description: Key wrapped using Cloud KMS
854 properties:
855 cryptoKeyRef:
856 oneOf:
857 - not:
858 required:
859 - external
860 required:
861 - name
862 - not:
863 anyOf:
864 - required:
865 - name
866 - required:
867 - namespace
868 required:
869 - external
870 properties:
871 external:
872 description: |-
873 Required. The resource name of the KMS CryptoKey to use for unwrapping.
874
875 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
876 type: string
877 name:
878 description: 'Name of the referent.
879 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
880 type: string
881 namespace:
882 description: 'Namespace of the referent.
883 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
884 type: string
885 type: object
886 wrappedKey:
887 description: Required. The wrapped data
888 crypto key.
889 type: string
890 required:
891 - cryptoKeyRef
892 - wrappedKey
893 type: object
894 transient:
895 description: Transient crypto key
896 properties:
897 name:
898 description: 'Required. Name of the
899 key. This is an arbitrary string used
900 to differentiate different keys. A
901 unique key is generated per name:
902 two separate `TransientCryptoKey`
903 protos share the same generated key
904 if their names are the same. When
905 the data crypto key is generated,
906 this name is not used in any way (repeating
907 the api call will result in a different
908 key being generated).'
909 type: string
910 required:
911 - name
912 type: object
913 unwrapped:
914 description: Unwrapped crypto key
915 properties:
916 key:
917 description: Required. A 128/192/256
918 bit key.
919 type: string
920 required:
921 - key
922 type: object
923 type: object
924 lowerBoundDays:
925 description: Required. For example, -5 means
926 shift date to at most 5 days back in the past.
927 format: int64
928 type: integer
929 upperBoundDays:
930 description: Required. Range of shift in days.
931 Actual shift will be selected at random within
932 this range (inclusive ends). Negative means
933 shift to earlier in time. Must not be more
934 than 365250 days (1000 years) each direction.
935 For example, 3 means shift date to at most
936 3 days into the future.
937 format: int64
938 type: integer
939 required:
940 - lowerBoundDays
941 - upperBoundDays
942 type: object
943 fixedSizeBucketingConfig:
944 description: Fixed size bucketing
945 properties:
946 bucketSize:
947 description: 'Required. Size of each bucket
948 (except for minimum and maximum buckets).
949 So if `lower_bound` = 10, `upper_bound` =
950 89, and `bucket_size` = 10, then the following
951 buckets would be used: -10, 10-20, 20-30,
952 30-40, 40-50, 50-60, 60-70, 70-80, 80-89,
953 89+. Precision up to 2 decimals works.'
954 format: double
955 type: number
956 lowerBound:
957 description: Required. Lower bound value of
958 buckets. All values less than `lower_bound`
959 are grouped together into a single bucket;
960 for example if `lower_bound` = 10, then all
961 values less than 10 are replaced with the
962 value "-10".
963 properties:
964 booleanValue:
965 description: boolean
966 type: boolean
967 dateValue:
968 description: date
969 properties:
970 day:
971 description: Day of a month. Must be
972 from 1 to 31 and valid for the year
973 and month, or 0 to specify a year
974 by itself or a year and month where
975 the day isn't significant.
976 format: int64
977 type: integer
978 month:
979 description: Month of a year. Must be
980 from 1 to 12, or 0 to specify a year
981 without a month and day.
982 format: int64
983 type: integer
984 year:
985 description: Year of the date. Must
986 be from 1 to 9999, or 0 to specify
987 a date without a year.
988 format: int64
989 type: integer
990 type: object
991 dayOfWeekValue:
992 description: 'day of week Possible values:
993 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
994 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
995 SUNDAY'
996 type: string
997 floatValue:
998 description: float
999 format: double
1000 type: number
1001 integerValue:
1002 description: integer
1003 format: int64
1004 type: integer
1005 stringValue:
1006 description: string
1007 type: string
1008 timeValue:
1009 description: time of day
1010 properties:
1011 hours:
1012 description: Hours of day in 24 hour
1013 format. Should be from 0 to 23. An
1014 API may choose to allow the value
1015 "24:00:00" for scenarios like business
1016 closing time.
1017 format: int64
1018 type: integer
1019 minutes:
1020 description: Minutes of hour of day.
1021 Must be from 0 to 59.
1022 format: int64
1023 type: integer
1024 nanos:
1025 description: Fractions of seconds in
1026 nanoseconds. Must be from 0 to 999,999,999.
1027 format: int64
1028 type: integer
1029 seconds:
1030 description: Seconds of minutes of the
1031 time. Must normally be from 0 to 59.
1032 An API may allow the value 60 if it
1033 allows leap-seconds.
1034 format: int64
1035 type: integer
1036 type: object
1037 timestampValue:
1038 description: timestamp
1039 format: date-time
1040 type: string
1041 type: object
1042 upperBound:
1043 description: Required. Upper bound value of
1044 buckets. All values greater than upper_bound
1045 are grouped together into a single bucket;
1046 for example if `upper_bound` = 89, then all
1047 values greater than 89 are replaced with the
1048 value "89+".
1049 properties:
1050 booleanValue:
1051 description: boolean
1052 type: boolean
1053 dateValue:
1054 description: date
1055 properties:
1056 day:
1057 description: Day of a month. Must be
1058 from 1 to 31 and valid for the year
1059 and month, or 0 to specify a year
1060 by itself or a year and month where
1061 the day isn't significant.
1062 format: int64
1063 type: integer
1064 month:
1065 description: Month of a year. Must be
1066 from 1 to 12, or 0 to specify a year
1067 without a month and day.
1068 format: int64
1069 type: integer
1070 year:
1071 description: Year of the date. Must
1072 be from 1 to 9999, or 0 to specify
1073 a date without a year.
1074 format: int64
1075 type: integer
1076 type: object
1077 dayOfWeekValue:
1078 description: 'day of week Possible values:
1079 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
1080 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
1081 SUNDAY'
1082 type: string
1083 floatValue:
1084 description: float
1085 format: double
1086 type: number
1087 integerValue:
1088 description: integer
1089 format: int64
1090 type: integer
1091 stringValue:
1092 description: string
1093 type: string
1094 timeValue:
1095 description: time of day
1096 properties:
1097 hours:
1098 description: Hours of day in 24 hour
1099 format. Should be from 0 to 23. An
1100 API may choose to allow the value
1101 "24:00:00" for scenarios like business
1102 closing time.
1103 format: int64
1104 type: integer
1105 minutes:
1106 description: Minutes of hour of day.
1107 Must be from 0 to 59.
1108 format: int64
1109 type: integer
1110 nanos:
1111 description: Fractions of seconds in
1112 nanoseconds. Must be from 0 to 999,999,999.
1113 format: int64
1114 type: integer
1115 seconds:
1116 description: Seconds of minutes of the
1117 time. Must normally be from 0 to 59.
1118 An API may allow the value 60 if it
1119 allows leap-seconds.
1120 format: int64
1121 type: integer
1122 type: object
1123 timestampValue:
1124 description: timestamp
1125 format: date-time
1126 type: string
1127 type: object
1128 required:
1129 - bucketSize
1130 - lowerBound
1131 - upperBound
1132 type: object
1133 redactConfig:
1134 description: Redact
1135 type: object
1136 x-kubernetes-preserve-unknown-fields: true
1137 replaceConfig:
1138 description: Replace with a specified value.
1139 properties:
1140 newValue:
1141 description: Value to replace it with.
1142 properties:
1143 booleanValue:
1144 description: boolean
1145 type: boolean
1146 dateValue:
1147 description: date
1148 properties:
1149 day:
1150 description: Day of a month. Must be
1151 from 1 to 31 and valid for the year
1152 and month, or 0 to specify a year
1153 by itself or a year and month where
1154 the day isn't significant.
1155 format: int64
1156 type: integer
1157 month:
1158 description: Month of a year. Must be
1159 from 1 to 12, or 0 to specify a year
1160 without a month and day.
1161 format: int64
1162 type: integer
1163 year:
1164 description: Year of the date. Must
1165 be from 1 to 9999, or 0 to specify
1166 a date without a year.
1167 format: int64
1168 type: integer
1169 type: object
1170 dayOfWeekValue:
1171 description: 'day of week Possible values:
1172 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
1173 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
1174 SUNDAY'
1175 type: string
1176 floatValue:
1177 description: float
1178 format: double
1179 type: number
1180 integerValue:
1181 description: integer
1182 format: int64
1183 type: integer
1184 stringValue:
1185 description: string
1186 type: string
1187 timeValue:
1188 description: time of day
1189 properties:
1190 hours:
1191 description: Hours of day in 24 hour
1192 format. Should be from 0 to 23. An
1193 API may choose to allow the value
1194 "24:00:00" for scenarios like business
1195 closing time.
1196 format: int64
1197 type: integer
1198 minutes:
1199 description: Minutes of hour of day.
1200 Must be from 0 to 59.
1201 format: int64
1202 type: integer
1203 nanos:
1204 description: Fractions of seconds in
1205 nanoseconds. Must be from 0 to 999,999,999.
1206 format: int64
1207 type: integer
1208 seconds:
1209 description: Seconds of minutes of the
1210 time. Must normally be from 0 to 59.
1211 An API may allow the value 60 if it
1212 allows leap-seconds.
1213 format: int64
1214 type: integer
1215 type: object
1216 timestampValue:
1217 description: timestamp
1218 format: date-time
1219 type: string
1220 type: object
1221 type: object
1222 replaceWithInfoTypeConfig:
1223 description: Replace with infotype
1224 type: object
1225 x-kubernetes-preserve-unknown-fields: true
1226 timePartConfig:
1227 description: Time extraction
1228 properties:
1229 partToExtract:
1230 description: 'The part of the time to keep.
1231 Possible values: TIME_PART_UNSPECIFIED, YEAR,
1232 MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR,
1233 HOUR_OF_DAY'
1234 type: string
1235 type: object
1236 type: object
1237 required:
1238 - primitiveTransformation
1239 type: object
1240 type: array
1241 required:
1242 - transformations
1243 type: object
1244 recordTransformations:
1245 description: Treat the dataset as structured. Transformations
1246 can be applied to specific locations within structured datasets,
1247 such as transforming a column within a table.
1248 properties:
1249 fieldTransformations:
1250 description: Transform the record by applying various field
1251 transformations.
1252 items:
1253 properties:
1254 condition:
1255 description: 'Only apply the transformation if the condition
1256 evaluates to true for the given `RecordCondition`.
1257 The conditions are allowed to reference fields that
1258 are not used in the actual transformation. Example
1259 Use Cases: - Apply a different bucket transformation
1260 to an age column if the zip code column for the same
1261 record is within a specific range. - Redact a field
1262 if the date of birth field is greater than 85.'
1263 properties:
1264 expressions:
1265 description: An expression.
1266 properties:
1267 conditions:
1268 description: Conditions to apply to the expression.
1269 properties:
1270 conditions:
1271 description: A collection of conditions.
1272 items:
1273 properties:
1274 field:
1275 description: Required. Field within
1276 the record this condition is evaluated
1277 against.
1278 properties:
1279 name:
1280 description: Name describing the
1281 field.
1282 type: string
1283 type: object
1284 operator:
1285 description: 'Required. Operator used
1286 to compare the field or infoType
1287 to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED,
1288 AND'
1289 type: string
1290 value:
1291 description: Value to compare against.
1292 [Mandatory, except for `EXISTS`
1293 tests.]
1294 properties:
1295 booleanValue:
1296 description: boolean
1297 type: boolean
1298 dateValue:
1299 description: date
1300 properties:
1301 day:
1302 description: Day of a month.
1303 Must be from 1 to 31 and
1304 valid for the year and month,
1305 or 0 to specify a year by
1306 itself or a year and month
1307 where the day isn't significant.
1308 format: int64
1309 type: integer
1310 month:
1311 description: Month of a year.
1312 Must be from 1 to 12, or
1313 0 to specify a year without
1314 a month and day.
1315 format: int64
1316 type: integer
1317 year:
1318 description: Year of the date.
1319 Must be from 1 to 9999,
1320 or 0 to specify a date without
1321 a year.
1322 format: int64
1323 type: integer
1324 type: object
1325 dayOfWeekValue:
1326 description: 'day of week Possible
1327 values: DAY_OF_WEEK_UNSPECIFIED,
1328 MONDAY, TUESDAY, WEDNESDAY,
1329 THURSDAY, FRIDAY, SATURDAY,
1330 SUNDAY'
1331 type: string
1332 floatValue:
1333 description: float
1334 format: double
1335 type: number
1336 integerValue:
1337 description: integer
1338 format: int64
1339 type: integer
1340 stringValue:
1341 description: string
1342 type: string
1343 timeValue:
1344 description: time of day
1345 properties:
1346 hours:
1347 description: Hours of day
1348 in 24 hour format. Should
1349 be from 0 to 23. An API
1350 may choose to allow the
1351 value "24:00:00" for scenarios
1352 like business closing time.
1353 format: int64
1354 type: integer
1355 minutes:
1356 description: Minutes of hour
1357 of day. Must be from 0 to
1358 59.
1359 format: int64
1360 type: integer
1361 nanos:
1362 description: Fractions of
1363 seconds in nanoseconds.
1364 Must be from 0 to 999,999,999.
1365 format: int64
1366 type: integer
1367 seconds:
1368 description: Seconds of minutes
1369 of the time. Must normally
1370 be from 0 to 59. An API
1371 may allow the value 60 if
1372 it allows leap-seconds.
1373 format: int64
1374 type: integer
1375 type: object
1376 timestampValue:
1377 description: timestamp
1378 format: date-time
1379 type: string
1380 type: object
1381 required:
1382 - field
1383 - operator
1384 type: object
1385 type: array
1386 type: object
1387 logicalOperator:
1388 description: 'The operator to apply to the result
1389 of conditions. Default and currently only
1390 supported value is `AND`. Possible values:
1391 LOGICAL_OPERATOR_UNSPECIFIED, AND'
1392 type: string
1393 type: object
1394 type: object
1395 fields:
1396 description: Required. Input field(s) to apply the transformation
1397 to. When you have columns that reference their position
1398 within a list, omit the index from the FieldId. FieldId
1399 name matching ignores the index. For example, instead
1400 of "contact.nums[0].type", use "contact.nums.type".
1401 items:
1402 properties:
1403 name:
1404 description: Name describing the field.
1405 type: string
1406 type: object
1407 type: array
1408 infoTypeTransformations:
1409 description: Treat the contents of the field as free
1410 text, and selectively transform content that matches
1411 an `InfoType`.
1412 properties:
1413 transformations:
1414 description: Required. Transformation for each infoType.
1415 Cannot specify more than one for a given infoType.
1416 items:
1417 properties:
1418 infoTypes:
1419 description: InfoTypes to apply the transformation
1420 to. An empty list will cause this transformation
1421 to apply to all findings that correspond
1422 to infoTypes that were requested in `InspectConfig`.
1423 items:
1424 properties:
1425 name:
1426 description: Name of the information
1427 type. Either a name of your choosing
1428 when creating a CustomInfoType, or
1429 one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
1430 when specifying a built-in type. When
1431 sending Cloud DLP results to Data
1432 Catalog, infoType names should conform
1433 to the pattern `[A-Za-z0-9$-_]{1,64}`.
1434 type: string
1435 type: object
1436 type: array
1437 primitiveTransformation:
1438 description: Required. Primitive transformation
1439 to apply to the infoType.
1440 properties:
1441 bucketingConfig:
1442 description: Bucketing
1443 properties:
1444 buckets:
1445 description: Set of buckets. Ranges
1446 must be non-overlapping.
1447 items:
1448 properties:
1449 max:
1450 description: Upper bound of
1451 the range, exclusive; type
1452 must match min.
1453 properties:
1454 booleanValue:
1455 description: boolean
1456 type: boolean
1457 dateValue:
1458 description: date
1459 properties:
1460 day:
1461 description: Day of
1462 a month. Must be from
1463 1 to 31 and valid
1464 for the year and month,
1465 or 0 to specify a
1466 year by itself or
1467 a year and month where
1468 the day isn't significant.
1469 format: int64
1470 type: integer
1471 month:
1472 description: Month of
1473 a year. Must be from
1474 1 to 12, or 0 to specify
1475 a year without a month
1476 and day.
1477 format: int64
1478 type: integer
1479 year:
1480 description: Year of
1481 the date. Must be
1482 from 1 to 9999, or
1483 0 to specify a date
1484 without a year.
1485 format: int64
1486 type: integer
1487 type: object
1488 dayOfWeekValue:
1489 description: 'day of week
1490 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1491 MONDAY, TUESDAY, WEDNESDAY,
1492 THURSDAY, FRIDAY, SATURDAY,
1493 SUNDAY'
1494 type: string
1495 floatValue:
1496 description: float
1497 format: double
1498 type: number
1499 integerValue:
1500 description: integer
1501 format: int64
1502 type: integer
1503 stringValue:
1504 description: string
1505 type: string
1506 timeValue:
1507 description: time of day
1508 properties:
1509 hours:
1510 description: Hours of
1511 day in 24 hour format.
1512 Should be from 0 to
1513 23. An API may choose
1514 to allow the value
1515 "24:00:00" for scenarios
1516 like business closing
1517 time.
1518 format: int64
1519 type: integer
1520 minutes:
1521 description: Minutes
1522 of hour of day. Must
1523 be from 0 to 59.
1524 format: int64
1525 type: integer
1526 nanos:
1527 description: Fractions
1528 of seconds in nanoseconds.
1529 Must be from 0 to
1530 999,999,999.
1531 format: int64
1532 type: integer
1533 seconds:
1534 description: Seconds
1535 of minutes of the
1536 time. Must normally
1537 be from 0 to 59. An
1538 API may allow the
1539 value 60 if it allows
1540 leap-seconds.
1541 format: int64
1542 type: integer
1543 type: object
1544 timestampValue:
1545 description: timestamp
1546 format: date-time
1547 type: string
1548 type: object
1549 min:
1550 description: Lower bound of
1551 the range, inclusive. Type
1552 should be the same as max
1553 if used.
1554 properties:
1555 booleanValue:
1556 description: boolean
1557 type: boolean
1558 dateValue:
1559 description: date
1560 properties:
1561 day:
1562 description: Day of
1563 a month. Must be from
1564 1 to 31 and valid
1565 for the year and month,
1566 or 0 to specify a
1567 year by itself or
1568 a year and month where
1569 the day isn't significant.
1570 format: int64
1571 type: integer
1572 month:
1573 description: Month of
1574 a year. Must be from
1575 1 to 12, or 0 to specify
1576 a year without a month
1577 and day.
1578 format: int64
1579 type: integer
1580 year:
1581 description: Year of
1582 the date. Must be
1583 from 1 to 9999, or
1584 0 to specify a date
1585 without a year.
1586 format: int64
1587 type: integer
1588 type: object
1589 dayOfWeekValue:
1590 description: 'day of week
1591 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1592 MONDAY, TUESDAY, WEDNESDAY,
1593 THURSDAY, FRIDAY, SATURDAY,
1594 SUNDAY'
1595 type: string
1596 floatValue:
1597 description: float
1598 format: double
1599 type: number
1600 integerValue:
1601 description: integer
1602 format: int64
1603 type: integer
1604 stringValue:
1605 description: string
1606 type: string
1607 timeValue:
1608 description: time of day
1609 properties:
1610 hours:
1611 description: Hours of
1612 day in 24 hour format.
1613 Should be from 0 to
1614 23. An API may choose
1615 to allow the value
1616 "24:00:00" for scenarios
1617 like business closing
1618 time.
1619 format: int64
1620 type: integer
1621 minutes:
1622 description: Minutes
1623 of hour of day. Must
1624 be from 0 to 59.
1625 format: int64
1626 type: integer
1627 nanos:
1628 description: Fractions
1629 of seconds in nanoseconds.
1630 Must be from 0 to
1631 999,999,999.
1632 format: int64
1633 type: integer
1634 seconds:
1635 description: Seconds
1636 of minutes of the
1637 time. Must normally
1638 be from 0 to 59. An
1639 API may allow the
1640 value 60 if it allows
1641 leap-seconds.
1642 format: int64
1643 type: integer
1644 type: object
1645 timestampValue:
1646 description: timestamp
1647 format: date-time
1648 type: string
1649 type: object
1650 replacementValue:
1651 description: Required. Replacement
1652 value for this bucket.
1653 properties:
1654 booleanValue:
1655 description: boolean
1656 type: boolean
1657 dateValue:
1658 description: date
1659 properties:
1660 day:
1661 description: Day of
1662 a month. Must be from
1663 1 to 31 and valid
1664 for the year and month,
1665 or 0 to specify a
1666 year by itself or
1667 a year and month where
1668 the day isn't significant.
1669 format: int64
1670 type: integer
1671 month:
1672 description: Month of
1673 a year. Must be from
1674 1 to 12, or 0 to specify
1675 a year without a month
1676 and day.
1677 format: int64
1678 type: integer
1679 year:
1680 description: Year of
1681 the date. Must be
1682 from 1 to 9999, or
1683 0 to specify a date
1684 without a year.
1685 format: int64
1686 type: integer
1687 type: object
1688 dayOfWeekValue:
1689 description: 'day of week
1690 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1691 MONDAY, TUESDAY, WEDNESDAY,
1692 THURSDAY, FRIDAY, SATURDAY,
1693 SUNDAY'
1694 type: string
1695 floatValue:
1696 description: float
1697 format: double
1698 type: number
1699 integerValue:
1700 description: integer
1701 format: int64
1702 type: integer
1703 stringValue:
1704 description: string
1705 type: string
1706 timeValue:
1707 description: time of day
1708 properties:
1709 hours:
1710 description: Hours of
1711 day in 24 hour format.
1712 Should be from 0 to
1713 23. An API may choose
1714 to allow the value
1715 "24:00:00" for scenarios
1716 like business closing
1717 time.
1718 format: int64
1719 type: integer
1720 minutes:
1721 description: Minutes
1722 of hour of day. Must
1723 be from 0 to 59.
1724 format: int64
1725 type: integer
1726 nanos:
1727 description: Fractions
1728 of seconds in nanoseconds.
1729 Must be from 0 to
1730 999,999,999.
1731 format: int64
1732 type: integer
1733 seconds:
1734 description: Seconds
1735 of minutes of the
1736 time. Must normally
1737 be from 0 to 59. An
1738 API may allow the
1739 value 60 if it allows
1740 leap-seconds.
1741 format: int64
1742 type: integer
1743 type: object
1744 timestampValue:
1745 description: timestamp
1746 format: date-time
1747 type: string
1748 type: object
1749 required:
1750 - replacementValue
1751 type: object
1752 type: array
1753 type: object
1754 characterMaskConfig:
1755 description: Mask
1756 properties:
1757 charactersToIgnore:
1758 description: When masking a string,
1759 items in this list will be skipped
1760 when replacing characters. For example,
1761 if the input string is `555-555-5555`
1762 and you instruct Cloud DLP to skip
1763 `-` and mask 5 characters with `*`,
1764 Cloud DLP returns `***-**5-5555`.
1765 items:
1766 properties:
1767 charactersToSkip:
1768 description: Characters to not
1769 transform when masking.
1770 type: string
1771 commonCharactersToIgnore:
1772 description: 'Common characters
1773 to not transform when masking.
1774 Useful to avoid removing punctuation.
1775 Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
1776 NUMERIC, ALPHA_UPPER_CASE,
1777 ALPHA_LOWER_CASE, PUNCTUATION,
1778 WHITESPACE'
1779 type: string
1780 type: object
1781 type: array
1782 maskingCharacter:
1783 description: Character to use to mask
1784 the sensitive values—for example,
1785 `*` for an alphabetic string such
1786 as a name, or `0` for a numeric
1787 string such as ZIP code or credit
1788 card number. This string must have
1789 a length of 1. If not supplied,
1790 this value defaults to `*` for strings,
1791 and `0` for digits.
1792 type: string
1793 numberToMask:
1794 description: Number of characters
1795 to mask. If not set, all matching
1796 chars will be masked. Skipped characters
1797 do not count towards this tally.
1798 format: int64
1799 type: integer
1800 reverseOrder:
1801 description: Mask characters in reverse
1802 order. For example, if `masking_character`
1803 is `0`, `number_to_mask` is `14`,
1804 and `reverse_order` is `false`,
1805 then the input string `1234-5678-9012-3456`
1806 is masked as `00000000000000-3456`.
1807 If `masking_character` is `*`, `number_to_mask`
1808 is `3`, and `reverse_order` is `true`,
1809 then the string `12345` is masked
1810 as `12***`.
1811 type: boolean
1812 type: object
1813 cryptoDeterministicConfig:
1814 description: Deterministic Crypto
1815 properties:
1816 context:
1817 description: 'A context may be used
1818 for higher security and maintaining
1819 referential integrity such that
1820 the same identifier in two different
1821 contexts will be given a distinct
1822 surrogate. The context is appended
1823 to plaintext value being encrypted.
1824 On decryption the provided context
1825 is validated against the value used
1826 during encryption. If a context
1827 was provided during encryption,
1828 same context must be provided during
1829 decryption as well. If the context
1830 is not set, plaintext would be used
1831 as is for encryption. If the context
1832 is set but: 1. there is no record
1833 present when transforming a given
1834 value or 2. the field is not present
1835 when transforming a given value,
1836 plaintext would be used as is for
1837 encryption. Note that case (1) is
1838 expected when an `InfoTypeTransformation`
1839 is applied to both structured and
1840 non-structured `ContentItem`s.'
1841 properties:
1842 name:
1843 description: Name describing the
1844 field.
1845 type: string
1846 type: object
1847 cryptoKey:
1848 description: The key used by the encryption
1849 function. For deterministic encryption
1850 using AES-SIV, the provided key
1851 is internally expanded to 64 bytes
1852 prior to use.
1853 properties:
1854 kmsWrapped:
1855 description: Key wrapped using
1856 Cloud KMS
1857 properties:
1858 cryptoKeyRef:
1859 oneOf:
1860 - not:
1861 required:
1862 - external
1863 required:
1864 - name
1865 - not:
1866 anyOf:
1867 - required:
1868 - name
1869 - required:
1870 - namespace
1871 required:
1872 - external
1873 properties:
1874 external:
1875 description: |-
1876 Required. The resource name of the KMS CryptoKey to use for unwrapping.
1877
1878 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
1879 type: string
1880 name:
1881 description: 'Name of
1882 the referent. More info:
1883 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1884 type: string
1885 namespace:
1886 description: 'Namespace
1887 of the referent. More
1888 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1889 type: string
1890 type: object
1891 wrappedKey:
1892 description: Required. The
1893 wrapped data crypto key.
1894 type: string
1895 required:
1896 - cryptoKeyRef
1897 - wrappedKey
1898 type: object
1899 transient:
1900 description: Transient crypto
1901 key
1902 properties:
1903 name:
1904 description: 'Required. Name
1905 of the key. This is an arbitrary
1906 string used to differentiate
1907 different keys. A unique
1908 key is generated per name:
1909 two separate `TransientCryptoKey`
1910 protos share the same generated
1911 key if their names are the
1912 same. When the data crypto
1913 key is generated, this name
1914 is not used in any way (repeating
1915 the api call will result
1916 in a different key being
1917 generated).'
1918 type: string
1919 required:
1920 - name
1921 type: object
1922 unwrapped:
1923 description: Unwrapped crypto
1924 key
1925 properties:
1926 key:
1927 description: Required. A 128/192/256
1928 bit key.
1929 type: string
1930 required:
1931 - key
1932 type: object
1933 type: object
1934 surrogateInfoType:
1935 description: 'The custom info type
1936 to annotate the surrogate with.
1937 This annotation will be applied
1938 to the surrogate by prefixing it
1939 with the name of the custom info
1940 type followed by the number of characters
1941 comprising the surrogate. The following
1942 scheme defines the format: {info
1943 type name}({surrogate character
1944 count}):{surrogate} For example,
1945 if the name of custom info type
1946 is ''MY_TOKEN_INFO_TYPE'' and the
1947 surrogate is ''abc'', the full replacement
1948 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
1949 This annotation identifies the surrogate
1950 when inspecting content using the
1951 custom info type ''Surrogate''.
1952 This facilitates reversal of the
1953 surrogate when it occurs in free
1954 text. Note: For record transformations
1955 where the entire cell in a table
1956 is being transformed, surrogates
1957 are not mandatory. Surrogates are
1958 used to denote the location of the
1959 token and are necessary for re-identification
1960 in free form text. In order for
1961 inspection to work properly, the
1962 name of this info type must not
1963 occur naturally anywhere in your
1964 data; otherwise, inspection may
1965 either - reverse a surrogate that
1966 does not correspond to an actual
1967 identifier - be unable to parse
1968 the surrogate and result in an error
1969 Therefore, choose your custom info
1970 type name carefully after considering
1971 what your data looks like. One way
1972 to select a name that has a high
1973 chance of yielding reliable detection
1974 is to include one or more unicode
1975 characters that are highly improbable
1976 to exist in your data. For example,
1977 assuming your data is entered from
1978 a regular ASCII keyboard, the symbol
1979 with the hex code point 29DD might
1980 be used like so: ⧝MY_TOKEN_TYPE.'
1981 properties:
1982 name:
1983 description: Name of the information
1984 type. Either a name of your
1985 choosing when creating a CustomInfoType,
1986 or one of the names listed at
1987 https://cloud.google.com/dlp/docs/infotypes-reference
1988 when specifying a built-in type.
1989 When sending Cloud DLP results
1990 to Data Catalog, infoType names
1991 should conform to the pattern
1992 `[A-Za-z0-9$-_]{1,64}`.
1993 type: string
1994 type: object
1995 type: object
1996 cryptoHashConfig:
1997 description: Crypto
1998 properties:
1999 cryptoKey:
2000 description: The key used by the hash
2001 function.
2002 properties:
2003 kmsWrapped:
2004 description: Key wrapped using
2005 Cloud KMS
2006 properties:
2007 cryptoKeyRef:
2008 oneOf:
2009 - not:
2010 required:
2011 - external
2012 required:
2013 - name
2014 - not:
2015 anyOf:
2016 - required:
2017 - name
2018 - required:
2019 - namespace
2020 required:
2021 - external
2022 properties:
2023 external:
2024 description: |-
2025 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2026
2027 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2028 type: string
2029 name:
2030 description: 'Name of
2031 the referent. More info:
2032 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2033 type: string
2034 namespace:
2035 description: 'Namespace
2036 of the referent. More
2037 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2038 type: string
2039 type: object
2040 wrappedKey:
2041 description: Required. The
2042 wrapped data crypto key.
2043 type: string
2044 required:
2045 - cryptoKeyRef
2046 - wrappedKey
2047 type: object
2048 transient:
2049 description: Transient crypto
2050 key
2051 properties:
2052 name:
2053 description: 'Required. Name
2054 of the key. This is an arbitrary
2055 string used to differentiate
2056 different keys. A unique
2057 key is generated per name:
2058 two separate `TransientCryptoKey`
2059 protos share the same generated
2060 key if their names are the
2061 same. When the data crypto
2062 key is generated, this name
2063 is not used in any way (repeating
2064 the api call will result
2065 in a different key being
2066 generated).'
2067 type: string
2068 required:
2069 - name
2070 type: object
2071 unwrapped:
2072 description: Unwrapped crypto
2073 key
2074 properties:
2075 key:
2076 description: Required. A 128/192/256
2077 bit key.
2078 type: string
2079 required:
2080 - key
2081 type: object
2082 type: object
2083 type: object
2084 cryptoReplaceFfxFpeConfig:
2085 description: Ffx-Fpe
2086 properties:
2087 commonAlphabet:
2088 description: 'Common alphabets. Possible
2089 values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED,
2090 NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC,
2091 ALPHA_NUMERIC'
2092 type: string
2093 context:
2094 description: 'The ''tweak'', a context
2095 may be used for higher security
2096 since the same identifier in two
2097 different contexts won''t be given
2098 the same surrogate. If the context
2099 is not set, a default tweak will
2100 be used. If the context is set but:
2101 1. there is no record present when
2102 transforming a given value or 1.
2103 the field is not present when transforming
2104 a given value, a default tweak will
2105 be used. Note that case (1) is expected
2106 when an `InfoTypeTransformation`
2107 is applied to both structured and
2108 non-structured `ContentItem`s. Currently,
2109 the referenced field may be of value
2110 type integer or string. The tweak
2111 is constructed as a sequence of
2112 bytes in big endian byte order such
2113 that: - a 64 bit integer is encoded
2114 followed by a single byte of value
2115 1 - a string is encoded in UTF-8
2116 format followed by a single byte
2117 of value 2'
2118 properties:
2119 name:
2120 description: Name describing the
2121 field.
2122 type: string
2123 type: object
2124 cryptoKey:
2125 description: Required. The key used
2126 by the encryption algorithm.
2127 properties:
2128 kmsWrapped:
2129 description: Key wrapped using
2130 Cloud KMS
2131 properties:
2132 cryptoKeyRef:
2133 oneOf:
2134 - not:
2135 required:
2136 - external
2137 required:
2138 - name
2139 - not:
2140 anyOf:
2141 - required:
2142 - name
2143 - required:
2144 - namespace
2145 required:
2146 - external
2147 properties:
2148 external:
2149 description: |-
2150 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2151
2152 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2153 type: string
2154 name:
2155 description: 'Name of
2156 the referent. More info:
2157 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2158 type: string
2159 namespace:
2160 description: 'Namespace
2161 of the referent. More
2162 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2163 type: string
2164 type: object
2165 wrappedKey:
2166 description: Required. The
2167 wrapped data crypto key.
2168 type: string
2169 required:
2170 - cryptoKeyRef
2171 - wrappedKey
2172 type: object
2173 transient:
2174 description: Transient crypto
2175 key
2176 properties:
2177 name:
2178 description: 'Required. Name
2179 of the key. This is an arbitrary
2180 string used to differentiate
2181 different keys. A unique
2182 key is generated per name:
2183 two separate `TransientCryptoKey`
2184 protos share the same generated
2185 key if their names are the
2186 same. When the data crypto
2187 key is generated, this name
2188 is not used in any way (repeating
2189 the api call will result
2190 in a different key being
2191 generated).'
2192 type: string
2193 required:
2194 - name
2195 type: object
2196 unwrapped:
2197 description: Unwrapped crypto
2198 key
2199 properties:
2200 key:
2201 description: Required. A 128/192/256
2202 bit key.
2203 type: string
2204 required:
2205 - key
2206 type: object
2207 type: object
2208 customAlphabet:
2209 description: 'This is supported by
2210 mapping these to the alphanumeric
2211 characters that the FFX mode natively
2212 supports. This happens before/after
2213 encryption/decryption. Each character
2214 listed must appear only once. Number
2215 of characters must be in the range
2216 [2, 95]. This must be encoded as
2217 ASCII. The order of characters does
2218 not matter. The full list of allowed
2219 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
2220 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
2221 type: string
2222 radix:
2223 description: The native way to select
2224 the alphabet. Must be in the range
2225 [2, 95].
2226 format: int64
2227 type: integer
2228 surrogateInfoType:
2229 description: 'The custom infoType
2230 to annotate the surrogate with.
2231 This annotation will be applied
2232 to the surrogate by prefixing it
2233 with the name of the custom infoType
2234 followed by the number of characters
2235 comprising the surrogate. The following
2236 scheme defines the format: info_type_name(surrogate_character_count):surrogate
2237 For example, if the name of custom
2238 infoType is ''MY_TOKEN_INFO_TYPE''
2239 and the surrogate is ''abc'', the
2240 full replacement value will be:
2241 ''MY_TOKEN_INFO_TYPE(3):abc'' This
2242 annotation identifies the surrogate
2243 when inspecting content using the
2244 custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
2245 This facilitates reversal of the
2246 surrogate when it occurs in free
2247 text. In order for inspection to
2248 work properly, the name of this
2249 infoType must not occur naturally
2250 anywhere in your data; otherwise,
2251 inspection may find a surrogate
2252 that does not correspond to an actual
2253 identifier. Therefore, choose your
2254 custom infoType name carefully after
2255 considering what your data looks
2256 like. One way to select a name that
2257 has a high chance of yielding reliable
2258 detection is to include one or more
2259 unicode characters that are highly
2260 improbable to exist in your data.
2261 For example, assuming your data
2262 is entered from a regular ASCII
2263 keyboard, the symbol with the hex
2264 code point 29DD might be used like
2265 so: ⧝MY_TOKEN_TYPE'
2266 properties:
2267 name:
2268 description: Name of the information
2269 type. Either a name of your
2270 choosing when creating a CustomInfoType,
2271 or one of the names listed at
2272 https://cloud.google.com/dlp/docs/infotypes-reference
2273 when specifying a built-in type.
2274 When sending Cloud DLP results
2275 to Data Catalog, infoType names
2276 should conform to the pattern
2277 `[A-Za-z0-9$-_]{1,64}`.
2278 type: string
2279 type: object
2280 required:
2281 - cryptoKey
2282 type: object
2283 dateShiftConfig:
2284 description: Date Shift
2285 properties:
2286 context:
2287 description: Points to the field that
2288 contains the context, for example,
2289 an entity id. If set, must also
2290 set cryptoKey. If set, shift will
2291 be consistent for the given context.
2292 properties:
2293 name:
2294 description: Name describing the
2295 field.
2296 type: string
2297 type: object
2298 cryptoKey:
2299 description: Causes the shift to be
2300 computed based on this key and the
2301 context. This results in the same
2302 shift for the same context and crypto_key.
2303 If set, must also set context. Can
2304 only be applied to table items.
2305 properties:
2306 kmsWrapped:
2307 description: Key wrapped using
2308 Cloud KMS
2309 properties:
2310 cryptoKeyRef:
2311 oneOf:
2312 - not:
2313 required:
2314 - external
2315 required:
2316 - name
2317 - not:
2318 anyOf:
2319 - required:
2320 - name
2321 - required:
2322 - namespace
2323 required:
2324 - external
2325 properties:
2326 external:
2327 description: |-
2328 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2329
2330 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2331 type: string
2332 name:
2333 description: 'Name of
2334 the referent. More info:
2335 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2336 type: string
2337 namespace:
2338 description: 'Namespace
2339 of the referent. More
2340 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2341 type: string
2342 type: object
2343 wrappedKey:
2344 description: Required. The
2345 wrapped data crypto key.
2346 type: string
2347 required:
2348 - cryptoKeyRef
2349 - wrappedKey
2350 type: object
2351 transient:
2352 description: Transient crypto
2353 key
2354 properties:
2355 name:
2356 description: 'Required. Name
2357 of the key. This is an arbitrary
2358 string used to differentiate
2359 different keys. A unique
2360 key is generated per name:
2361 two separate `TransientCryptoKey`
2362 protos share the same generated
2363 key if their names are the
2364 same. When the data crypto
2365 key is generated, this name
2366 is not used in any way (repeating
2367 the api call will result
2368 in a different key being
2369 generated).'
2370 type: string
2371 required:
2372 - name
2373 type: object
2374 unwrapped:
2375 description: Unwrapped crypto
2376 key
2377 properties:
2378 key:
2379 description: Required. A 128/192/256
2380 bit key.
2381 type: string
2382 required:
2383 - key
2384 type: object
2385 type: object
2386 lowerBoundDays:
2387 description: Required. For example,
2388 -5 means shift date to at most 5
2389 days back in the past.
2390 format: int64
2391 type: integer
2392 upperBoundDays:
2393 description: Required. Range of shift
2394 in days. Actual shift will be selected
2395 at random within this range (inclusive
2396 ends). Negative means shift to earlier
2397 in time. Must not be more than 365250
2398 days (1000 years) each direction.
2399 For example, 3 means shift date
2400 to at most 3 days into the future.
2401 format: int64
2402 type: integer
2403 required:
2404 - lowerBoundDays
2405 - upperBoundDays
2406 type: object
2407 fixedSizeBucketingConfig:
2408 description: Fixed size bucketing
2409 properties:
2410 bucketSize:
2411 description: 'Required. Size of each
2412 bucket (except for minimum and maximum
2413 buckets). So if `lower_bound` =
2414 10, `upper_bound` = 89, and `bucket_size`
2415 = 10, then the following buckets
2416 would be used: -10, 10-20, 20-30,
2417 30-40, 40-50, 50-60, 60-70, 70-80,
2418 80-89, 89+. Precision up to 2 decimals
2419 works.'
2420 format: double
2421 type: number
2422 lowerBound:
2423 description: Required. Lower bound
2424 value of buckets. All values less
2425 than `lower_bound` are grouped together
2426 into a single bucket; for example
2427 if `lower_bound` = 10, then all
2428 values less than 10 are replaced
2429 with the value "-10".
2430 properties:
2431 booleanValue:
2432 description: boolean
2433 type: boolean
2434 dateValue:
2435 description: date
2436 properties:
2437 day:
2438 description: Day of a month.
2439 Must be from 1 to 31 and
2440 valid for the year and month,
2441 or 0 to specify a year by
2442 itself or a year and month
2443 where the day isn't significant.
2444 format: int64
2445 type: integer
2446 month:
2447 description: Month of a year.
2448 Must be from 1 to 12, or
2449 0 to specify a year without
2450 a month and day.
2451 format: int64
2452 type: integer
2453 year:
2454 description: Year of the date.
2455 Must be from 1 to 9999,
2456 or 0 to specify a date without
2457 a year.
2458 format: int64
2459 type: integer
2460 type: object
2461 dayOfWeekValue:
2462 description: 'day of week Possible
2463 values: DAY_OF_WEEK_UNSPECIFIED,
2464 MONDAY, TUESDAY, WEDNESDAY,
2465 THURSDAY, FRIDAY, SATURDAY,
2466 SUNDAY'
2467 type: string
2468 floatValue:
2469 description: float
2470 format: double
2471 type: number
2472 integerValue:
2473 description: integer
2474 format: int64
2475 type: integer
2476 stringValue:
2477 description: string
2478 type: string
2479 timeValue:
2480 description: time of day
2481 properties:
2482 hours:
2483 description: Hours of day
2484 in 24 hour format. Should
2485 be from 0 to 23. An API
2486 may choose to allow the
2487 value "24:00:00" for scenarios
2488 like business closing time.
2489 format: int64
2490 type: integer
2491 minutes:
2492 description: Minutes of hour
2493 of day. Must be from 0 to
2494 59.
2495 format: int64
2496 type: integer
2497 nanos:
2498 description: Fractions of
2499 seconds in nanoseconds.
2500 Must be from 0 to 999,999,999.
2501 format: int64
2502 type: integer
2503 seconds:
2504 description: Seconds of minutes
2505 of the time. Must normally
2506 be from 0 to 59. An API
2507 may allow the value 60 if
2508 it allows leap-seconds.
2509 format: int64
2510 type: integer
2511 type: object
2512 timestampValue:
2513 description: timestamp
2514 format: date-time
2515 type: string
2516 type: object
2517 upperBound:
2518 description: Required. Upper bound
2519 value of buckets. All values greater
2520 than upper_bound are grouped together
2521 into a single bucket; for example
2522 if `upper_bound` = 89, then all
2523 values greater than 89 are replaced
2524 with the value "89+".
2525 properties:
2526 booleanValue:
2527 description: boolean
2528 type: boolean
2529 dateValue:
2530 description: date
2531 properties:
2532 day:
2533 description: Day of a month.
2534 Must be from 1 to 31 and
2535 valid for the year and month,
2536 or 0 to specify a year by
2537 itself or a year and month
2538 where the day isn't significant.
2539 format: int64
2540 type: integer
2541 month:
2542 description: Month of a year.
2543 Must be from 1 to 12, or
2544 0 to specify a year without
2545 a month and day.
2546 format: int64
2547 type: integer
2548 year:
2549 description: Year of the date.
2550 Must be from 1 to 9999,
2551 or 0 to specify a date without
2552 a year.
2553 format: int64
2554 type: integer
2555 type: object
2556 dayOfWeekValue:
2557 description: 'day of week Possible
2558 values: DAY_OF_WEEK_UNSPECIFIED,
2559 MONDAY, TUESDAY, WEDNESDAY,
2560 THURSDAY, FRIDAY, SATURDAY,
2561 SUNDAY'
2562 type: string
2563 floatValue:
2564 description: float
2565 format: double
2566 type: number
2567 integerValue:
2568 description: integer
2569 format: int64
2570 type: integer
2571 stringValue:
2572 description: string
2573 type: string
2574 timeValue:
2575 description: time of day
2576 properties:
2577 hours:
2578 description: Hours of day
2579 in 24 hour format. Should
2580 be from 0 to 23. An API
2581 may choose to allow the
2582 value "24:00:00" for scenarios
2583 like business closing time.
2584 format: int64
2585 type: integer
2586 minutes:
2587 description: Minutes of hour
2588 of day. Must be from 0 to
2589 59.
2590 format: int64
2591 type: integer
2592 nanos:
2593 description: Fractions of
2594 seconds in nanoseconds.
2595 Must be from 0 to 999,999,999.
2596 format: int64
2597 type: integer
2598 seconds:
2599 description: Seconds of minutes
2600 of the time. Must normally
2601 be from 0 to 59. An API
2602 may allow the value 60 if
2603 it allows leap-seconds.
2604 format: int64
2605 type: integer
2606 type: object
2607 timestampValue:
2608 description: timestamp
2609 format: date-time
2610 type: string
2611 type: object
2612 required:
2613 - bucketSize
2614 - lowerBound
2615 - upperBound
2616 type: object
2617 redactConfig:
2618 description: Redact
2619 type: object
2620 x-kubernetes-preserve-unknown-fields: true
2621 replaceConfig:
2622 description: Replace with a specified
2623 value.
2624 properties:
2625 newValue:
2626 description: Value to replace it with.
2627 properties:
2628 booleanValue:
2629 description: boolean
2630 type: boolean
2631 dateValue:
2632 description: date
2633 properties:
2634 day:
2635 description: Day of a month.
2636 Must be from 1 to 31 and
2637 valid for the year and month,
2638 or 0 to specify a year by
2639 itself or a year and month
2640 where the day isn't significant.
2641 format: int64
2642 type: integer
2643 month:
2644 description: Month of a year.
2645 Must be from 1 to 12, or
2646 0 to specify a year without
2647 a month and day.
2648 format: int64
2649 type: integer
2650 year:
2651 description: Year of the date.
2652 Must be from 1 to 9999,
2653 or 0 to specify a date without
2654 a year.
2655 format: int64
2656 type: integer
2657 type: object
2658 dayOfWeekValue:
2659 description: 'day of week Possible
2660 values: DAY_OF_WEEK_UNSPECIFIED,
2661 MONDAY, TUESDAY, WEDNESDAY,
2662 THURSDAY, FRIDAY, SATURDAY,
2663 SUNDAY'
2664 type: string
2665 floatValue:
2666 description: float
2667 format: double
2668 type: number
2669 integerValue:
2670 description: integer
2671 format: int64
2672 type: integer
2673 stringValue:
2674 description: string
2675 type: string
2676 timeValue:
2677 description: time of day
2678 properties:
2679 hours:
2680 description: Hours of day
2681 in 24 hour format. Should
2682 be from 0 to 23. An API
2683 may choose to allow the
2684 value "24:00:00" for scenarios
2685 like business closing time.
2686 format: int64
2687 type: integer
2688 minutes:
2689 description: Minutes of hour
2690 of day. Must be from 0 to
2691 59.
2692 format: int64
2693 type: integer
2694 nanos:
2695 description: Fractions of
2696 seconds in nanoseconds.
2697 Must be from 0 to 999,999,999.
2698 format: int64
2699 type: integer
2700 seconds:
2701 description: Seconds of minutes
2702 of the time. Must normally
2703 be from 0 to 59. An API
2704 may allow the value 60 if
2705 it allows leap-seconds.
2706 format: int64
2707 type: integer
2708 type: object
2709 timestampValue:
2710 description: timestamp
2711 format: date-time
2712 type: string
2713 type: object
2714 type: object
2715 replaceWithInfoTypeConfig:
2716 description: Replace with infotype
2717 type: object
2718 x-kubernetes-preserve-unknown-fields: true
2719 timePartConfig:
2720 description: Time extraction
2721 properties:
2722 partToExtract:
2723 description: 'The part of the time
2724 to keep. Possible values: TIME_PART_UNSPECIFIED,
2725 YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK,
2726 WEEK_OF_YEAR, HOUR_OF_DAY'
2727 type: string
2728 type: object
2729 type: object
2730 required:
2731 - primitiveTransformation
2732 type: object
2733 type: array
2734 required:
2735 - transformations
2736 type: object
2737 primitiveTransformation:
2738 description: Apply the transformation to the entire
2739 field.
2740 properties:
2741 bucketingConfig:
2742 description: Bucketing
2743 properties:
2744 buckets:
2745 description: Set of buckets. Ranges must be
2746 non-overlapping.
2747 items:
2748 properties:
2749 max:
2750 description: Upper bound of the range,
2751 exclusive; type must match min.
2752 properties:
2753 booleanValue:
2754 description: boolean
2755 type: boolean
2756 dateValue:
2757 description: date
2758 properties:
2759 day:
2760 description: Day of a month. Must
2761 be from 1 to 31 and valid for
2762 the year and month, or 0 to
2763 specify a year by itself or
2764 a year and month where the day
2765 isn't significant.
2766 format: int64
2767 type: integer
2768 month:
2769 description: Month of a year.
2770 Must be from 1 to 12, or 0 to
2771 specify a year without a month
2772 and day.
2773 format: int64
2774 type: integer
2775 year:
2776 description: Year of the date.
2777 Must be from 1 to 9999, or 0
2778 to specify a date without a
2779 year.
2780 format: int64
2781 type: integer
2782 type: object
2783 dayOfWeekValue:
2784 description: 'day of week Possible
2785 values: DAY_OF_WEEK_UNSPECIFIED,
2786 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2787 FRIDAY, SATURDAY, SUNDAY'
2788 type: string
2789 floatValue:
2790 description: float
2791 format: double
2792 type: number
2793 integerValue:
2794 description: integer
2795 format: int64
2796 type: integer
2797 stringValue:
2798 description: string
2799 type: string
2800 timeValue:
2801 description: time of day
2802 properties:
2803 hours:
2804 description: Hours of day in 24
2805 hour format. Should be from
2806 0 to 23. An API may choose to
2807 allow the value "24:00:00" for
2808 scenarios like business closing
2809 time.
2810 format: int64
2811 type: integer
2812 minutes:
2813 description: Minutes of hour of
2814 day. Must be from 0 to 59.
2815 format: int64
2816 type: integer
2817 nanos:
2818 description: Fractions of seconds
2819 in nanoseconds. Must be from
2820 0 to 999,999,999.
2821 format: int64
2822 type: integer
2823 seconds:
2824 description: Seconds of minutes
2825 of the time. Must normally be
2826 from 0 to 59. An API may allow
2827 the value 60 if it allows leap-seconds.
2828 format: int64
2829 type: integer
2830 type: object
2831 timestampValue:
2832 description: timestamp
2833 format: date-time
2834 type: string
2835 type: object
2836 min:
2837 description: Lower bound of the range,
2838 inclusive. Type should be the same as
2839 max if used.
2840 properties:
2841 booleanValue:
2842 description: boolean
2843 type: boolean
2844 dateValue:
2845 description: date
2846 properties:
2847 day:
2848 description: Day of a month. Must
2849 be from 1 to 31 and valid for
2850 the year and month, or 0 to
2851 specify a year by itself or
2852 a year and month where the day
2853 isn't significant.
2854 format: int64
2855 type: integer
2856 month:
2857 description: Month of a year.
2858 Must be from 1 to 12, or 0 to
2859 specify a year without a month
2860 and day.
2861 format: int64
2862 type: integer
2863 year:
2864 description: Year of the date.
2865 Must be from 1 to 9999, or 0
2866 to specify a date without a
2867 year.
2868 format: int64
2869 type: integer
2870 type: object
2871 dayOfWeekValue:
2872 description: 'day of week Possible
2873 values: DAY_OF_WEEK_UNSPECIFIED,
2874 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2875 FRIDAY, SATURDAY, SUNDAY'
2876 type: string
2877 floatValue:
2878 description: float
2879 format: double
2880 type: number
2881 integerValue:
2882 description: integer
2883 format: int64
2884 type: integer
2885 stringValue:
2886 description: string
2887 type: string
2888 timeValue:
2889 description: time of day
2890 properties:
2891 hours:
2892 description: Hours of day in 24
2893 hour format. Should be from
2894 0 to 23. An API may choose to
2895 allow the value "24:00:00" for
2896 scenarios like business closing
2897 time.
2898 format: int64
2899 type: integer
2900 minutes:
2901 description: Minutes of hour of
2902 day. Must be from 0 to 59.
2903 format: int64
2904 type: integer
2905 nanos:
2906 description: Fractions of seconds
2907 in nanoseconds. Must be from
2908 0 to 999,999,999.
2909 format: int64
2910 type: integer
2911 seconds:
2912 description: Seconds of minutes
2913 of the time. Must normally be
2914 from 0 to 59. An API may allow
2915 the value 60 if it allows leap-seconds.
2916 format: int64
2917 type: integer
2918 type: object
2919 timestampValue:
2920 description: timestamp
2921 format: date-time
2922 type: string
2923 type: object
2924 replacementValue:
2925 description: Required. Replacement value
2926 for this bucket.
2927 properties:
2928 booleanValue:
2929 description: boolean
2930 type: boolean
2931 dateValue:
2932 description: date
2933 properties:
2934 day:
2935 description: Day of a month. Must
2936 be from 1 to 31 and valid for
2937 the year and month, or 0 to
2938 specify a year by itself or
2939 a year and month where the day
2940 isn't significant.
2941 format: int64
2942 type: integer
2943 month:
2944 description: Month of a year.
2945 Must be from 1 to 12, or 0 to
2946 specify a year without a month
2947 and day.
2948 format: int64
2949 type: integer
2950 year:
2951 description: Year of the date.
2952 Must be from 1 to 9999, or 0
2953 to specify a date without a
2954 year.
2955 format: int64
2956 type: integer
2957 type: object
2958 dayOfWeekValue:
2959 description: 'day of week Possible
2960 values: DAY_OF_WEEK_UNSPECIFIED,
2961 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2962 FRIDAY, SATURDAY, SUNDAY'
2963 type: string
2964 floatValue:
2965 description: float
2966 format: double
2967 type: number
2968 integerValue:
2969 description: integer
2970 format: int64
2971 type: integer
2972 stringValue:
2973 description: string
2974 type: string
2975 timeValue:
2976 description: time of day
2977 properties:
2978 hours:
2979 description: Hours of day in 24
2980 hour format. Should be from
2981 0 to 23. An API may choose to
2982 allow the value "24:00:00" for
2983 scenarios like business closing
2984 time.
2985 format: int64
2986 type: integer
2987 minutes:
2988 description: Minutes of hour of
2989 day. Must be from 0 to 59.
2990 format: int64
2991 type: integer
2992 nanos:
2993 description: Fractions of seconds
2994 in nanoseconds. Must be from
2995 0 to 999,999,999.
2996 format: int64
2997 type: integer
2998 seconds:
2999 description: Seconds of minutes
3000 of the time. Must normally be
3001 from 0 to 59. An API may allow
3002 the value 60 if it allows leap-seconds.
3003 format: int64
3004 type: integer
3005 type: object
3006 timestampValue:
3007 description: timestamp
3008 format: date-time
3009 type: string
3010 type: object
3011 required:
3012 - replacementValue
3013 type: object
3014 type: array
3015 type: object
3016 characterMaskConfig:
3017 description: Mask
3018 properties:
3019 charactersToIgnore:
3020 description: When masking a string, items in
3021 this list will be skipped when replacing characters.
3022 For example, if the input string is `555-555-5555`
3023 and you instruct Cloud DLP to skip `-` and
3024 mask 5 characters with `*`, Cloud DLP returns
3025 `***-**5-5555`.
3026 items:
3027 properties:
3028 charactersToSkip:
3029 description: Characters to not transform
3030 when masking.
3031 type: string
3032 commonCharactersToIgnore:
3033 description: 'Common characters to not
3034 transform when masking. Useful to avoid
3035 removing punctuation. Possible values:
3036 COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
3037 NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE,
3038 PUNCTUATION, WHITESPACE'
3039 type: string
3040 type: object
3041 type: array
3042 maskingCharacter:
3043 description: Character to use to mask the sensitive
3044 values—for example, `*` for an alphabetic
3045 string such as a name, or `0` for a numeric
3046 string such as ZIP code or credit card number.
3047 This string must have a length of 1. If not
3048 supplied, this value defaults to `*` for strings,
3049 and `0` for digits.
3050 type: string
3051 numberToMask:
3052 description: Number of characters to mask. If
3053 not set, all matching chars will be masked.
3054 Skipped characters do not count towards this
3055 tally.
3056 format: int64
3057 type: integer
3058 reverseOrder:
3059 description: Mask characters in reverse order.
3060 For example, if `masking_character` is `0`,
3061 `number_to_mask` is `14`, and `reverse_order`
3062 is `false`, then the input string `1234-5678-9012-3456`
3063 is masked as `00000000000000-3456`. If `masking_character`
3064 is `*`, `number_to_mask` is `3`, and `reverse_order`
3065 is `true`, then the string `12345` is masked
3066 as `12***`.
3067 type: boolean
3068 type: object
3069 cryptoDeterministicConfig:
3070 description: Deterministic Crypto
3071 properties:
3072 context:
3073 description: 'A context may be used for higher
3074 security and maintaining referential integrity
3075 such that the same identifier in two different
3076 contexts will be given a distinct surrogate.
3077 The context is appended to plaintext value
3078 being encrypted. On decryption the provided
3079 context is validated against the value used
3080 during encryption. If a context was provided
3081 during encryption, same context must be provided
3082 during decryption as well. If the context
3083 is not set, plaintext would be used as is
3084 for encryption. If the context is set but:
3085 1. there is no record present when transforming
3086 a given value or 2. the field is not present
3087 when transforming a given value, plaintext
3088 would be used as is for encryption. Note that
3089 case (1) is expected when an `InfoTypeTransformation`
3090 is applied to both structured and non-structured
3091 `ContentItem`s.'
3092 properties:
3093 name:
3094 description: Name describing the field.
3095 type: string
3096 type: object
3097 cryptoKey:
3098 description: The key used by the encryption
3099 function. For deterministic encryption using
3100 AES-SIV, the provided key is internally expanded
3101 to 64 bytes prior to use.
3102 properties:
3103 kmsWrapped:
3104 description: Key wrapped using Cloud KMS
3105 properties:
3106 cryptoKeyRef:
3107 oneOf:
3108 - not:
3109 required:
3110 - external
3111 required:
3112 - name
3113 - not:
3114 anyOf:
3115 - required:
3116 - name
3117 - required:
3118 - namespace
3119 required:
3120 - external
3121 properties:
3122 external:
3123 description: |-
3124 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3125
3126 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3127 type: string
3128 name:
3129 description: 'Name of the referent.
3130 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3131 type: string
3132 namespace:
3133 description: 'Namespace of the referent.
3134 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3135 type: string
3136 type: object
3137 wrappedKey:
3138 description: Required. The wrapped data
3139 crypto key.
3140 type: string
3141 required:
3142 - cryptoKeyRef
3143 - wrappedKey
3144 type: object
3145 transient:
3146 description: Transient crypto key
3147 properties:
3148 name:
3149 description: 'Required. Name of the
3150 key. This is an arbitrary string used
3151 to differentiate different keys. A
3152 unique key is generated per name:
3153 two separate `TransientCryptoKey`
3154 protos share the same generated key
3155 if their names are the same. When
3156 the data crypto key is generated,
3157 this name is not used in any way (repeating
3158 the api call will result in a different
3159 key being generated).'
3160 type: string
3161 required:
3162 - name
3163 type: object
3164 unwrapped:
3165 description: Unwrapped crypto key
3166 properties:
3167 key:
3168 description: Required. A 128/192/256
3169 bit key.
3170 type: string
3171 required:
3172 - key
3173 type: object
3174 type: object
3175 surrogateInfoType:
3176 description: 'The custom info type to annotate
3177 the surrogate with. This annotation will be
3178 applied to the surrogate by prefixing it with
3179 the name of the custom info type followed
3180 by the number of characters comprising the
3181 surrogate. The following scheme defines the
3182 format: {info type name}({surrogate character
3183 count}):{surrogate} For example, if the name
3184 of custom info type is ''MY_TOKEN_INFO_TYPE''
3185 and the surrogate is ''abc'', the full replacement
3186 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
3187 This annotation identifies the surrogate when
3188 inspecting content using the custom info type
3189 ''Surrogate''. This facilitates reversal of
3190 the surrogate when it occurs in free text.
3191 Note: For record transformations where the
3192 entire cell in a table is being transformed,
3193 surrogates are not mandatory. Surrogates are
3194 used to denote the location of the token and
3195 are necessary for re-identification in free
3196 form text. In order for inspection to work
3197 properly, the name of this info type must
3198 not occur naturally anywhere in your data;
3199 otherwise, inspection may either - reverse
3200 a surrogate that does not correspond to an
3201 actual identifier - be unable to parse the
3202 surrogate and result in an error Therefore,
3203 choose your custom info type name carefully
3204 after considering what your data looks like.
3205 One way to select a name that has a high chance
3206 of yielding reliable detection is to include
3207 one or more unicode characters that are highly
3208 improbable to exist in your data. For example,
3209 assuming your data is entered from a regular
3210 ASCII keyboard, the symbol with the hex code
3211 point 29DD might be used like so: ⧝MY_TOKEN_TYPE.'
3212 properties:
3213 name:
3214 description: Name of the information type.
3215 Either a name of your choosing when creating
3216 a CustomInfoType, or one of the names
3217 listed at https://cloud.google.com/dlp/docs/infotypes-reference
3218 when specifying a built-in type. When
3219 sending Cloud DLP results to Data Catalog,
3220 infoType names should conform to the pattern
3221 `[A-Za-z0-9$-_]{1,64}`.
3222 type: string
3223 type: object
3224 type: object
3225 cryptoHashConfig:
3226 description: Crypto
3227 properties:
3228 cryptoKey:
3229 description: The key used by the hash function.
3230 properties:
3231 kmsWrapped:
3232 description: Key wrapped using Cloud KMS
3233 properties:
3234 cryptoKeyRef:
3235 oneOf:
3236 - not:
3237 required:
3238 - external
3239 required:
3240 - name
3241 - not:
3242 anyOf:
3243 - required:
3244 - name
3245 - required:
3246 - namespace
3247 required:
3248 - external
3249 properties:
3250 external:
3251 description: |-
3252 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3253
3254 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3255 type: string
3256 name:
3257 description: 'Name of the referent.
3258 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3259 type: string
3260 namespace:
3261 description: 'Namespace of the referent.
3262 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3263 type: string
3264 type: object
3265 wrappedKey:
3266 description: Required. The wrapped data
3267 crypto key.
3268 type: string
3269 required:
3270 - cryptoKeyRef
3271 - wrappedKey
3272 type: object
3273 transient:
3274 description: Transient crypto key
3275 properties:
3276 name:
3277 description: 'Required. Name of the
3278 key. This is an arbitrary string used
3279 to differentiate different keys. A
3280 unique key is generated per name:
3281 two separate `TransientCryptoKey`
3282 protos share the same generated key
3283 if their names are the same. When
3284 the data crypto key is generated,
3285 this name is not used in any way (repeating
3286 the api call will result in a different
3287 key being generated).'
3288 type: string
3289 required:
3290 - name
3291 type: object
3292 unwrapped:
3293 description: Unwrapped crypto key
3294 properties:
3295 key:
3296 description: Required. A 128/192/256
3297 bit key.
3298 type: string
3299 required:
3300 - key
3301 type: object
3302 type: object
3303 type: object
3304 cryptoReplaceFfxFpeConfig:
3305 description: Ffx-Fpe
3306 properties:
3307 commonAlphabet:
3308 description: 'Common alphabets. Possible values:
3309 FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC,
3310 HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC'
3311 type: string
3312 context:
3313 description: 'The ''tweak'', a context may be
3314 used for higher security since the same identifier
3315 in two different contexts won''t be given
3316 the same surrogate. If the context is not
3317 set, a default tweak will be used. If the
3318 context is set but: 1. there is no record
3319 present when transforming a given value or
3320 1. the field is not present when transforming
3321 a given value, a default tweak will be used.
3322 Note that case (1) is expected when an `InfoTypeTransformation`
3323 is applied to both structured and non-structured
3324 `ContentItem`s. Currently, the referenced
3325 field may be of value type integer or string.
3326 The tweak is constructed as a sequence of
3327 bytes in big endian byte order such that:
3328 - a 64 bit integer is encoded followed by
3329 a single byte of value 1 - a string is encoded
3330 in UTF-8 format followed by a single byte
3331 of value 2'
3332 properties:
3333 name:
3334 description: Name describing the field.
3335 type: string
3336 type: object
3337 cryptoKey:
3338 description: Required. The key used by the encryption
3339 algorithm.
3340 properties:
3341 kmsWrapped:
3342 description: Key wrapped using Cloud KMS
3343 properties:
3344 cryptoKeyRef:
3345 oneOf:
3346 - not:
3347 required:
3348 - external
3349 required:
3350 - name
3351 - not:
3352 anyOf:
3353 - required:
3354 - name
3355 - required:
3356 - namespace
3357 required:
3358 - external
3359 properties:
3360 external:
3361 description: |-
3362 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3363
3364 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3365 type: string
3366 name:
3367 description: 'Name of the referent.
3368 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3369 type: string
3370 namespace:
3371 description: 'Namespace of the referent.
3372 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3373 type: string
3374 type: object
3375 wrappedKey:
3376 description: Required. The wrapped data
3377 crypto key.
3378 type: string
3379 required:
3380 - cryptoKeyRef
3381 - wrappedKey
3382 type: object
3383 transient:
3384 description: Transient crypto key
3385 properties:
3386 name:
3387 description: 'Required. Name of the
3388 key. This is an arbitrary string used
3389 to differentiate different keys. A
3390 unique key is generated per name:
3391 two separate `TransientCryptoKey`
3392 protos share the same generated key
3393 if their names are the same. When
3394 the data crypto key is generated,
3395 this name is not used in any way (repeating
3396 the api call will result in a different
3397 key being generated).'
3398 type: string
3399 required:
3400 - name
3401 type: object
3402 unwrapped:
3403 description: Unwrapped crypto key
3404 properties:
3405 key:
3406 description: Required. A 128/192/256
3407 bit key.
3408 type: string
3409 required:
3410 - key
3411 type: object
3412 type: object
3413 customAlphabet:
3414 description: 'This is supported by mapping these
3415 to the alphanumeric characters that the FFX
3416 mode natively supports. This happens before/after
3417 encryption/decryption. Each character listed
3418 must appear only once. Number of characters
3419 must be in the range [2, 95]. This must be
3420 encoded as ASCII. The order of characters
3421 does not matter. The full list of allowed
3422 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
3423 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
3424 type: string
3425 radix:
3426 description: The native way to select the alphabet.
3427 Must be in the range [2, 95].
3428 format: int64
3429 type: integer
3430 surrogateInfoType:
3431 description: 'The custom infoType to annotate
3432 the surrogate with. This annotation will be
3433 applied to the surrogate by prefixing it with
3434 the name of the custom infoType followed by
3435 the number of characters comprising the surrogate.
3436 The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
3437 For example, if the name of custom infoType
3438 is ''MY_TOKEN_INFO_TYPE'' and the surrogate
3439 is ''abc'', the full replacement value will
3440 be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation
3441 identifies the surrogate when inspecting content
3442 using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
3443 This facilitates reversal of the surrogate
3444 when it occurs in free text. In order for
3445 inspection to work properly, the name of this
3446 infoType must not occur naturally anywhere
3447 in your data; otherwise, inspection may find
3448 a surrogate that does not correspond to an
3449 actual identifier. Therefore, choose your
3450 custom infoType name carefully after considering
3451 what your data looks like. One way to select
3452 a name that has a high chance of yielding
3453 reliable detection is to include one or more
3454 unicode characters that are highly improbable
3455 to exist in your data. For example, assuming
3456 your data is entered from a regular ASCII
3457 keyboard, the symbol with the hex code point
3458 29DD might be used like so: ⧝MY_TOKEN_TYPE'
3459 properties:
3460 name:
3461 description: Name of the information type.
3462 Either a name of your choosing when creating
3463 a CustomInfoType, or one of the names
3464 listed at https://cloud.google.com/dlp/docs/infotypes-reference
3465 when specifying a built-in type. When
3466 sending Cloud DLP results to Data Catalog,
3467 infoType names should conform to the pattern
3468 `[A-Za-z0-9$-_]{1,64}`.
3469 type: string
3470 type: object
3471 required:
3472 - cryptoKey
3473 type: object
3474 dateShiftConfig:
3475 description: Date Shift
3476 properties:
3477 context:
3478 description: Points to the field that contains
3479 the context, for example, an entity id. If
3480 set, must also set cryptoKey. If set, shift
3481 will be consistent for the given context.
3482 properties:
3483 name:
3484 description: Name describing the field.
3485 type: string
3486 type: object
3487 cryptoKey:
3488 description: Causes the shift to be computed
3489 based on this key and the context. This results
3490 in the same shift for the same context and
3491 crypto_key. If set, must also set context.
3492 Can only be applied to table items.
3493 properties:
3494 kmsWrapped:
3495 description: Key wrapped using Cloud KMS
3496 properties:
3497 cryptoKeyRef:
3498 oneOf:
3499 - not:
3500 required:
3501 - external
3502 required:
3503 - name
3504 - not:
3505 anyOf:
3506 - required:
3507 - name
3508 - required:
3509 - namespace
3510 required:
3511 - external
3512 properties:
3513 external:
3514 description: |-
3515 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3516
3517 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3518 type: string
3519 name:
3520 description: 'Name of the referent.
3521 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3522 type: string
3523 namespace:
3524 description: 'Namespace of the referent.
3525 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3526 type: string
3527 type: object
3528 wrappedKey:
3529 description: Required. The wrapped data
3530 crypto key.
3531 type: string
3532 required:
3533 - cryptoKeyRef
3534 - wrappedKey
3535 type: object
3536 transient:
3537 description: Transient crypto key
3538 properties:
3539 name:
3540 description: 'Required. Name of the
3541 key. This is an arbitrary string used
3542 to differentiate different keys. A
3543 unique key is generated per name:
3544 two separate `TransientCryptoKey`
3545 protos share the same generated key
3546 if their names are the same. When
3547 the data crypto key is generated,
3548 this name is not used in any way (repeating
3549 the api call will result in a different
3550 key being generated).'
3551 type: string
3552 required:
3553 - name
3554 type: object
3555 unwrapped:
3556 description: Unwrapped crypto key
3557 properties:
3558 key:
3559 description: Required. A 128/192/256
3560 bit key.
3561 type: string
3562 required:
3563 - key
3564 type: object
3565 type: object
3566 lowerBoundDays:
3567 description: Required. For example, -5 means
3568 shift date to at most 5 days back in the past.
3569 format: int64
3570 type: integer
3571 upperBoundDays:
3572 description: Required. Range of shift in days.
3573 Actual shift will be selected at random within
3574 this range (inclusive ends). Negative means
3575 shift to earlier in time. Must not be more
3576 than 365250 days (1000 years) each direction.
3577 For example, 3 means shift date to at most
3578 3 days into the future.
3579 format: int64
3580 type: integer
3581 required:
3582 - lowerBoundDays
3583 - upperBoundDays
3584 type: object
3585 fixedSizeBucketingConfig:
3586 description: Fixed size bucketing
3587 properties:
3588 bucketSize:
3589 description: 'Required. Size of each bucket
3590 (except for minimum and maximum buckets).
3591 So if `lower_bound` = 10, `upper_bound` =
3592 89, and `bucket_size` = 10, then the following
3593 buckets would be used: -10, 10-20, 20-30,
3594 30-40, 40-50, 50-60, 60-70, 70-80, 80-89,
3595 89+. Precision up to 2 decimals works.'
3596 format: double
3597 type: number
3598 lowerBound:
3599 description: Required. Lower bound value of
3600 buckets. All values less than `lower_bound`
3601 are grouped together into a single bucket;
3602 for example if `lower_bound` = 10, then all
3603 values less than 10 are replaced with the
3604 value "-10".
3605 properties:
3606 booleanValue:
3607 description: boolean
3608 type: boolean
3609 dateValue:
3610 description: date
3611 properties:
3612 day:
3613 description: Day of a month. Must be
3614 from 1 to 31 and valid for the year
3615 and month, or 0 to specify a year
3616 by itself or a year and month where
3617 the day isn't significant.
3618 format: int64
3619 type: integer
3620 month:
3621 description: Month of a year. Must be
3622 from 1 to 12, or 0 to specify a year
3623 without a month and day.
3624 format: int64
3625 type: integer
3626 year:
3627 description: Year of the date. Must
3628 be from 1 to 9999, or 0 to specify
3629 a date without a year.
3630 format: int64
3631 type: integer
3632 type: object
3633 dayOfWeekValue:
3634 description: 'day of week Possible values:
3635 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3636 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3637 SUNDAY'
3638 type: string
3639 floatValue:
3640 description: float
3641 format: double
3642 type: number
3643 integerValue:
3644 description: integer
3645 format: int64
3646 type: integer
3647 stringValue:
3648 description: string
3649 type: string
3650 timeValue:
3651 description: time of day
3652 properties:
3653 hours:
3654 description: Hours of day in 24 hour
3655 format. Should be from 0 to 23. An
3656 API may choose to allow the value
3657 "24:00:00" for scenarios like business
3658 closing time.
3659 format: int64
3660 type: integer
3661 minutes:
3662 description: Minutes of hour of day.
3663 Must be from 0 to 59.
3664 format: int64
3665 type: integer
3666 nanos:
3667 description: Fractions of seconds in
3668 nanoseconds. Must be from 0 to 999,999,999.
3669 format: int64
3670 type: integer
3671 seconds:
3672 description: Seconds of minutes of the
3673 time. Must normally be from 0 to 59.
3674 An API may allow the value 60 if it
3675 allows leap-seconds.
3676 format: int64
3677 type: integer
3678 type: object
3679 timestampValue:
3680 description: timestamp
3681 format: date-time
3682 type: string
3683 type: object
3684 upperBound:
3685 description: Required. Upper bound value of
3686 buckets. All values greater than upper_bound
3687 are grouped together into a single bucket;
3688 for example if `upper_bound` = 89, then all
3689 values greater than 89 are replaced with the
3690 value "89+".
3691 properties:
3692 booleanValue:
3693 description: boolean
3694 type: boolean
3695 dateValue:
3696 description: date
3697 properties:
3698 day:
3699 description: Day of a month. Must be
3700 from 1 to 31 and valid for the year
3701 and month, or 0 to specify a year
3702 by itself or a year and month where
3703 the day isn't significant.
3704 format: int64
3705 type: integer
3706 month:
3707 description: Month of a year. Must be
3708 from 1 to 12, or 0 to specify a year
3709 without a month and day.
3710 format: int64
3711 type: integer
3712 year:
3713 description: Year of the date. Must
3714 be from 1 to 9999, or 0 to specify
3715 a date without a year.
3716 format: int64
3717 type: integer
3718 type: object
3719 dayOfWeekValue:
3720 description: 'day of week Possible values:
3721 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3722 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3723 SUNDAY'
3724 type: string
3725 floatValue:
3726 description: float
3727 format: double
3728 type: number
3729 integerValue:
3730 description: integer
3731 format: int64
3732 type: integer
3733 stringValue:
3734 description: string
3735 type: string
3736 timeValue:
3737 description: time of day
3738 properties:
3739 hours:
3740 description: Hours of day in 24 hour
3741 format. Should be from 0 to 23. An
3742 API may choose to allow the value
3743 "24:00:00" for scenarios like business
3744 closing time.
3745 format: int64
3746 type: integer
3747 minutes:
3748 description: Minutes of hour of day.
3749 Must be from 0 to 59.
3750 format: int64
3751 type: integer
3752 nanos:
3753 description: Fractions of seconds in
3754 nanoseconds. Must be from 0 to 999,999,999.
3755 format: int64
3756 type: integer
3757 seconds:
3758 description: Seconds of minutes of the
3759 time. Must normally be from 0 to 59.
3760 An API may allow the value 60 if it
3761 allows leap-seconds.
3762 format: int64
3763 type: integer
3764 type: object
3765 timestampValue:
3766 description: timestamp
3767 format: date-time
3768 type: string
3769 type: object
3770 required:
3771 - bucketSize
3772 - lowerBound
3773 - upperBound
3774 type: object
3775 redactConfig:
3776 description: Redact
3777 type: object
3778 x-kubernetes-preserve-unknown-fields: true
3779 replaceConfig:
3780 description: Replace with a specified value.
3781 properties:
3782 newValue:
3783 description: Value to replace it with.
3784 properties:
3785 booleanValue:
3786 description: boolean
3787 type: boolean
3788 dateValue:
3789 description: date
3790 properties:
3791 day:
3792 description: Day of a month. Must be
3793 from 1 to 31 and valid for the year
3794 and month, or 0 to specify a year
3795 by itself or a year and month where
3796 the day isn't significant.
3797 format: int64
3798 type: integer
3799 month:
3800 description: Month of a year. Must be
3801 from 1 to 12, or 0 to specify a year
3802 without a month and day.
3803 format: int64
3804 type: integer
3805 year:
3806 description: Year of the date. Must
3807 be from 1 to 9999, or 0 to specify
3808 a date without a year.
3809 format: int64
3810 type: integer
3811 type: object
3812 dayOfWeekValue:
3813 description: 'day of week Possible values:
3814 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3815 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3816 SUNDAY'
3817 type: string
3818 floatValue:
3819 description: float
3820 format: double
3821 type: number
3822 integerValue:
3823 description: integer
3824 format: int64
3825 type: integer
3826 stringValue:
3827 description: string
3828 type: string
3829 timeValue:
3830 description: time of day
3831 properties:
3832 hours:
3833 description: Hours of day in 24 hour
3834 format. Should be from 0 to 23. An
3835 API may choose to allow the value
3836 "24:00:00" for scenarios like business
3837 closing time.
3838 format: int64
3839 type: integer
3840 minutes:
3841 description: Minutes of hour of day.
3842 Must be from 0 to 59.
3843 format: int64
3844 type: integer
3845 nanos:
3846 description: Fractions of seconds in
3847 nanoseconds. Must be from 0 to 999,999,999.
3848 format: int64
3849 type: integer
3850 seconds:
3851 description: Seconds of minutes of the
3852 time. Must normally be from 0 to 59.
3853 An API may allow the value 60 if it
3854 allows leap-seconds.
3855 format: int64
3856 type: integer
3857 type: object
3858 timestampValue:
3859 description: timestamp
3860 format: date-time
3861 type: string
3862 type: object
3863 type: object
3864 replaceWithInfoTypeConfig:
3865 description: Replace with infotype
3866 type: object
3867 x-kubernetes-preserve-unknown-fields: true
3868 timePartConfig:
3869 description: Time extraction
3870 properties:
3871 partToExtract:
3872 description: 'The part of the time to keep.
3873 Possible values: TIME_PART_UNSPECIFIED, YEAR,
3874 MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR,
3875 HOUR_OF_DAY'
3876 type: string
3877 type: object
3878 type: object
3879 required:
3880 - fields
3881 type: object
3882 type: array
3883 recordSuppressions:
3884 description: Configuration defining which records get suppressed
3885 entirely. Records that match any suppression rule are omitted
3886 from the output.
3887 items:
3888 properties:
3889 condition:
3890 description: A condition that when it evaluates to true
3891 will result in the record being evaluated to be suppressed
3892 from the transformed content.
3893 properties:
3894 expressions:
3895 description: An expression.
3896 properties:
3897 conditions:
3898 description: Conditions to apply to the expression.
3899 properties:
3900 conditions:
3901 description: A collection of conditions.
3902 items:
3903 properties:
3904 field:
3905 description: Required. Field within
3906 the record this condition is evaluated
3907 against.
3908 properties:
3909 name:
3910 description: Name describing the
3911 field.
3912 type: string
3913 type: object
3914 operator:
3915 description: 'Required. Operator used
3916 to compare the field or infoType
3917 to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED,
3918 AND'
3919 type: string
3920 value:
3921 description: Value to compare against.
3922 [Mandatory, except for `EXISTS`
3923 tests.]
3924 properties:
3925 booleanValue:
3926 description: boolean
3927 type: boolean
3928 dateValue:
3929 description: date
3930 properties:
3931 day:
3932 description: Day of a month.
3933 Must be from 1 to 31 and
3934 valid for the year and month,
3935 or 0 to specify a year by
3936 itself or a year and month
3937 where the day isn't significant.
3938 format: int64
3939 type: integer
3940 month:
3941 description: Month of a year.
3942 Must be from 1 to 12, or
3943 0 to specify a year without
3944 a month and day.
3945 format: int64
3946 type: integer
3947 year:
3948 description: Year of the date.
3949 Must be from 1 to 9999,
3950 or 0 to specify a date without
3951 a year.
3952 format: int64
3953 type: integer
3954 type: object
3955 dayOfWeekValue:
3956 description: 'day of week Possible
3957 values: DAY_OF_WEEK_UNSPECIFIED,
3958 MONDAY, TUESDAY, WEDNESDAY,
3959 THURSDAY, FRIDAY, SATURDAY,
3960 SUNDAY'
3961 type: string
3962 floatValue:
3963 description: float
3964 format: double
3965 type: number
3966 integerValue:
3967 description: integer
3968 format: int64
3969 type: integer
3970 stringValue:
3971 description: string
3972 type: string
3973 timeValue:
3974 description: time of day
3975 properties:
3976 hours:
3977 description: Hours of day
3978 in 24 hour format. Should
3979 be from 0 to 23. An API
3980 may choose to allow the
3981 value "24:00:00" for scenarios
3982 like business closing time.
3983 format: int64
3984 type: integer
3985 minutes:
3986 description: Minutes of hour
3987 of day. Must be from 0 to
3988 59.
3989 format: int64
3990 type: integer
3991 nanos:
3992 description: Fractions of
3993 seconds in nanoseconds.
3994 Must be from 0 to 999,999,999.
3995 format: int64
3996 type: integer
3997 seconds:
3998 description: Seconds of minutes
3999 of the time. Must normally
4000 be from 0 to 59. An API
4001 may allow the value 60 if
4002 it allows leap-seconds.
4003 format: int64
4004 type: integer
4005 type: object
4006 timestampValue:
4007 description: timestamp
4008 format: date-time
4009 type: string
4010 type: object
4011 required:
4012 - field
4013 - operator
4014 type: object
4015 type: array
4016 type: object
4017 logicalOperator:
4018 description: 'The operator to apply to the result
4019 of conditions. Default and currently only
4020 supported value is `AND`. Possible values:
4021 LOGICAL_OPERATOR_UNSPECIFIED, AND'
4022 type: string
4023 type: object
4024 type: object
4025 type: object
4026 type: array
4027 type: object
4028 transformationErrorHandling:
4029 description: Mode for handling transformation errors. If left
4030 unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
4031 properties:
4032 leaveUntransformed:
4033 description: Ignore errors
4034 type: object
4035 x-kubernetes-preserve-unknown-fields: true
4036 throwError:
4037 description: Throw an error
4038 type: object
4039 x-kubernetes-preserve-unknown-fields: true
4040 type: object
4041 type: object
4042 description:
4043 description: Short description (max 256 chars).
4044 type: string
4045 displayName:
4046 description: Display name (max 256 chars).
4047 type: string
4048 location:
4049 description: Immutable. The location of the resource
4050 type: string
4051 organizationRef:
4052 description: Immutable. The Organization that this resource belongs
4053 to. Only one of [organizationRef, projectRef] may be specified.
4054 oneOf:
4055 - not:
4056 required:
4057 - external
4058 required:
4059 - name
4060 - not:
4061 anyOf:
4062 - required:
4063 - name
4064 - required:
4065 - namespace
4066 required:
4067 - external
4068 properties:
4069 external:
4070 description: 'Allowed value: The Google Cloud resource name of
4071 a Google Cloud Organization (format: `organizations/{{name}}`).'
4072 type: string
4073 name:
4074 description: |-
4075 [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.
4076 Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4077 type: string
4078 namespace:
4079 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
4080 type: string
4081 type: object
4082 projectRef:
4083 description: Immutable. The Project that this resource belongs to.
4084 Only one of [organizationRef, projectRef] may be specified.
4085 oneOf:
4086 - not:
4087 required:
4088 - external
4089 required:
4090 - name
4091 - not:
4092 anyOf:
4093 - required:
4094 - name
4095 - required:
4096 - namespace
4097 required:
4098 - external
4099 properties:
4100 external:
4101 description: 'Allowed value: The Google Cloud resource name of
4102 a `Project` resource (format: `projects/{{name}}`).'
4103 type: string
4104 name:
4105 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
4106 type: string
4107 namespace:
4108 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
4109 type: string
4110 type: object
4111 resourceID:
4112 description: Immutable. Optional. The service-generated name of the
4113 resource. Used for acquisition only. Leave unset to create a new
4114 resource.
4115 type: string
4116 type: object
4117 status:
4118 properties:
4119 conditions:
4120 description: Conditions represent the latest available observation
4121 of the resource's current state.
4122 items:
4123 properties:
4124 lastTransitionTime:
4125 description: Last time the condition transitioned from one status
4126 to another.
4127 type: string
4128 message:
4129 description: Human-readable message indicating details about
4130 last transition.
4131 type: string
4132 reason:
4133 description: Unique, one-word, CamelCase reason for the condition's
4134 last transition.
4135 type: string
4136 status:
4137 description: Status is the status of the condition. Can be True,
4138 False, Unknown.
4139 type: string
4140 type:
4141 description: Type is the type of the condition.
4142 type: string
4143 type: object
4144 type: array
4145 createTime:
4146 description: Output only. The creation timestamp of an inspectTemplate.
4147 format: date-time
4148 type: string
4149 locationId:
4150 description: Output only. The geographic location where this resource
4151 is stored.
4152 type: string
4153 observedGeneration:
4154 description: ObservedGeneration is the generation of the resource
4155 that was most recently observed by the Config Connector controller.
4156 If this is equal to metadata.generation, then that means that the
4157 current reported status reflects the most recent desired state of
4158 the resource.
4159 type: integer
4160 updateTime:
4161 description: Output only. The last update timestamp of an inspectTemplate.
4162 format: date-time
4163 type: string
4164 type: object
4165 type: object
4166 served: true
4167 storage: true
4168 subresources:
4169 status: {}
4170status:
4171 acceptedNames:
4172 kind: ""
4173 plural: ""
4174 conditions: []
4175 storedVersions: []
View as plain text