1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com
27spec:
28 group: dlp.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: DLPDeidentifyTemplate
33 plural: dlpdeidentifytemplates
34 shortNames:
35 - gcpdlpdeidentifytemplate
36 - gcpdlpdeidentifytemplates
37 singular: dlpdeidentifytemplate
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 oneOf:
74 - required:
75 - organizationRef
76 - required:
77 - projectRef
78 properties:
79 deidentifyConfig:
80 description: The core content of the template.
81 properties:
82 infoTypeTransformations:
83 description: Treat the dataset as free-form text and apply the
84 same free text transformation everywhere.
85 properties:
86 transformations:
87 description: Required. Transformation for each infoType. Cannot
88 specify more than one for a given infoType.
89 items:
90 properties:
91 infoTypes:
92 description: InfoTypes to apply the transformation to.
93 An empty list will cause this transformation to apply
94 to all findings that correspond to infoTypes that
95 were requested in `InspectConfig`.
96 items:
97 properties:
98 name:
99 description: Name of the information type. Either
100 a name of your choosing when creating a CustomInfoType,
101 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
102 when specifying a built-in type. When sending
103 Cloud DLP results to Data Catalog, infoType
104 names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
105 type: string
106 type: object
107 type: array
108 primitiveTransformation:
109 description: Required. Primitive transformation to apply
110 to the infoType.
111 properties:
112 bucketingConfig:
113 description: Bucketing
114 properties:
115 buckets:
116 description: Set of buckets. Ranges must be
117 non-overlapping.
118 items:
119 properties:
120 max:
121 description: Upper bound of the range,
122 exclusive; type must match min.
123 properties:
124 booleanValue:
125 description: boolean
126 type: boolean
127 dateValue:
128 description: date
129 properties:
130 day:
131 description: Day of a month. Must
132 be from 1 to 31 and valid for
133 the year and month, or 0 to
134 specify a year by itself or
135 a year and month where the day
136 isn't significant.
137 format: int64
138 type: integer
139 month:
140 description: Month of a year.
141 Must be from 1 to 12, or 0 to
142 specify a year without a month
143 and day.
144 format: int64
145 type: integer
146 year:
147 description: Year of the date.
148 Must be from 1 to 9999, or 0
149 to specify a date without a
150 year.
151 format: int64
152 type: integer
153 type: object
154 dayOfWeekValue:
155 description: 'day of week Possible
156 values: DAY_OF_WEEK_UNSPECIFIED,
157 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
158 FRIDAY, SATURDAY, SUNDAY'
159 type: string
160 floatValue:
161 description: float
162 format: double
163 type: number
164 integerValue:
165 description: integer
166 format: int64
167 type: integer
168 stringValue:
169 description: string
170 type: string
171 timeValue:
172 description: time of day
173 properties:
174 hours:
175 description: Hours of day in 24
176 hour format. Should be from
177 0 to 23. An API may choose to
178 allow the value "24:00:00" for
179 scenarios like business closing
180 time.
181 format: int64
182 type: integer
183 minutes:
184 description: Minutes of hour of
185 day. Must be from 0 to 59.
186 format: int64
187 type: integer
188 nanos:
189 description: Fractions of seconds
190 in nanoseconds. Must be from
191 0 to 999,999,999.
192 format: int64
193 type: integer
194 seconds:
195 description: Seconds of minutes
196 of the time. Must normally be
197 from 0 to 59. An API may allow
198 the value 60 if it allows leap-seconds.
199 format: int64
200 type: integer
201 type: object
202 timestampValue:
203 description: timestamp
204 format: date-time
205 type: string
206 type: object
207 min:
208 description: Lower bound of the range,
209 inclusive. Type should be the same as
210 max if used.
211 properties:
212 booleanValue:
213 description: boolean
214 type: boolean
215 dateValue:
216 description: date
217 properties:
218 day:
219 description: Day of a month. Must
220 be from 1 to 31 and valid for
221 the year and month, or 0 to
222 specify a year by itself or
223 a year and month where the day
224 isn't significant.
225 format: int64
226 type: integer
227 month:
228 description: Month of a year.
229 Must be from 1 to 12, or 0 to
230 specify a year without a month
231 and day.
232 format: int64
233 type: integer
234 year:
235 description: Year of the date.
236 Must be from 1 to 9999, or 0
237 to specify a date without a
238 year.
239 format: int64
240 type: integer
241 type: object
242 dayOfWeekValue:
243 description: 'day of week Possible
244 values: DAY_OF_WEEK_UNSPECIFIED,
245 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
246 FRIDAY, SATURDAY, SUNDAY'
247 type: string
248 floatValue:
249 description: float
250 format: double
251 type: number
252 integerValue:
253 description: integer
254 format: int64
255 type: integer
256 stringValue:
257 description: string
258 type: string
259 timeValue:
260 description: time of day
261 properties:
262 hours:
263 description: Hours of day in 24
264 hour format. Should be from
265 0 to 23. An API may choose to
266 allow the value "24:00:00" for
267 scenarios like business closing
268 time.
269 format: int64
270 type: integer
271 minutes:
272 description: Minutes of hour of
273 day. Must be from 0 to 59.
274 format: int64
275 type: integer
276 nanos:
277 description: Fractions of seconds
278 in nanoseconds. Must be from
279 0 to 999,999,999.
280 format: int64
281 type: integer
282 seconds:
283 description: Seconds of minutes
284 of the time. Must normally be
285 from 0 to 59. An API may allow
286 the value 60 if it allows leap-seconds.
287 format: int64
288 type: integer
289 type: object
290 timestampValue:
291 description: timestamp
292 format: date-time
293 type: string
294 type: object
295 replacementValue:
296 description: Required. Replacement value
297 for this bucket.
298 properties:
299 booleanValue:
300 description: boolean
301 type: boolean
302 dateValue:
303 description: date
304 properties:
305 day:
306 description: Day of a month. Must
307 be from 1 to 31 and valid for
308 the year and month, or 0 to
309 specify a year by itself or
310 a year and month where the day
311 isn't significant.
312 format: int64
313 type: integer
314 month:
315 description: Month of a year.
316 Must be from 1 to 12, or 0 to
317 specify a year without a month
318 and day.
319 format: int64
320 type: integer
321 year:
322 description: Year of the date.
323 Must be from 1 to 9999, or 0
324 to specify a date without a
325 year.
326 format: int64
327 type: integer
328 type: object
329 dayOfWeekValue:
330 description: 'day of week Possible
331 values: DAY_OF_WEEK_UNSPECIFIED,
332 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
333 FRIDAY, SATURDAY, SUNDAY'
334 type: string
335 floatValue:
336 description: float
337 format: double
338 type: number
339 integerValue:
340 description: integer
341 format: int64
342 type: integer
343 stringValue:
344 description: string
345 type: string
346 timeValue:
347 description: time of day
348 properties:
349 hours:
350 description: Hours of day in 24
351 hour format. Should be from
352 0 to 23. An API may choose to
353 allow the value "24:00:00" for
354 scenarios like business closing
355 time.
356 format: int64
357 type: integer
358 minutes:
359 description: Minutes of hour of
360 day. Must be from 0 to 59.
361 format: int64
362 type: integer
363 nanos:
364 description: Fractions of seconds
365 in nanoseconds. Must be from
366 0 to 999,999,999.
367 format: int64
368 type: integer
369 seconds:
370 description: Seconds of minutes
371 of the time. Must normally be
372 from 0 to 59. An API may allow
373 the value 60 if it allows leap-seconds.
374 format: int64
375 type: integer
376 type: object
377 timestampValue:
378 description: timestamp
379 format: date-time
380 type: string
381 type: object
382 required:
383 - replacementValue
384 type: object
385 type: array
386 type: object
387 characterMaskConfig:
388 description: Mask
389 properties:
390 charactersToIgnore:
391 description: When masking a string, items in
392 this list will be skipped when replacing characters.
393 For example, if the input string is `555-555-5555`
394 and you instruct Cloud DLP to skip `-` and
395 mask 5 characters with `*`, Cloud DLP returns
396 `***-**5-5555`.
397 items:
398 properties:
399 charactersToSkip:
400 description: Characters to not transform
401 when masking.
402 type: string
403 commonCharactersToIgnore:
404 description: 'Common characters to not
405 transform when masking. Useful to avoid
406 removing punctuation. Possible values:
407 COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
408 NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE,
409 PUNCTUATION, WHITESPACE'
410 type: string
411 type: object
412 type: array
413 maskingCharacter:
414 description: Character to use to mask the sensitive
415 values—for example, `*` for an alphabetic
416 string such as a name, or `0` for a numeric
417 string such as ZIP code or credit card number.
418 This string must have a length of 1. If not
419 supplied, this value defaults to `*` for strings,
420 and `0` for digits.
421 type: string
422 numberToMask:
423 description: Number of characters to mask. If
424 not set, all matching chars will be masked.
425 Skipped characters do not count towards this
426 tally.
427 format: int64
428 type: integer
429 reverseOrder:
430 description: Mask characters in reverse order.
431 For example, if `masking_character` is `0`,
432 `number_to_mask` is `14`, and `reverse_order`
433 is `false`, then the input string `1234-5678-9012-3456`
434 is masked as `00000000000000-3456`. If `masking_character`
435 is `*`, `number_to_mask` is `3`, and `reverse_order`
436 is `true`, then the string `12345` is masked
437 as `12***`.
438 type: boolean
439 type: object
440 cryptoDeterministicConfig:
441 description: Deterministic Crypto
442 properties:
443 context:
444 description: 'A context may be used for higher
445 security and maintaining referential integrity
446 such that the same identifier in two different
447 contexts will be given a distinct surrogate.
448 The context is appended to plaintext value
449 being encrypted. On decryption the provided
450 context is validated against the value used
451 during encryption. If a context was provided
452 during encryption, same context must be provided
453 during decryption as well. If the context
454 is not set, plaintext would be used as is
455 for encryption. If the context is set but:
456 1. there is no record present when transforming
457 a given value or 2. the field is not present
458 when transforming a given value, plaintext
459 would be used as is for encryption. Note that
460 case (1) is expected when an `InfoTypeTransformation`
461 is applied to both structured and non-structured
462 `ContentItem`s.'
463 properties:
464 name:
465 description: Name describing the field.
466 type: string
467 type: object
468 cryptoKey:
469 description: The key used by the encryption
470 function. For deterministic encryption using
471 AES-SIV, the provided key is internally expanded
472 to 64 bytes prior to use.
473 properties:
474 kmsWrapped:
475 description: Key wrapped using Cloud KMS
476 properties:
477 cryptoKeyRef:
478 oneOf:
479 - not:
480 required:
481 - external
482 required:
483 - name
484 - not:
485 anyOf:
486 - required:
487 - name
488 - required:
489 - namespace
490 required:
491 - external
492 properties:
493 external:
494 description: |-
495 Required. The resource name of the KMS CryptoKey to use for unwrapping.
496
497 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
498 type: string
499 name:
500 description: 'Name of the referent.
501 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
502 type: string
503 namespace:
504 description: 'Namespace of the referent.
505 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
506 type: string
507 type: object
508 wrappedKey:
509 description: Required. The wrapped data
510 crypto key.
511 type: string
512 required:
513 - cryptoKeyRef
514 - wrappedKey
515 type: object
516 transient:
517 description: Transient crypto key
518 properties:
519 name:
520 description: 'Required. Name of the
521 key. This is an arbitrary string used
522 to differentiate different keys. A
523 unique key is generated per name:
524 two separate `TransientCryptoKey`
525 protos share the same generated key
526 if their names are the same. When
527 the data crypto key is generated,
528 this name is not used in any way (repeating
529 the api call will result in a different
530 key being generated).'
531 type: string
532 required:
533 - name
534 type: object
535 unwrapped:
536 description: Unwrapped crypto key
537 properties:
538 key:
539 description: Required. A 128/192/256
540 bit key.
541 type: string
542 required:
543 - key
544 type: object
545 type: object
546 surrogateInfoType:
547 description: 'The custom info type to annotate
548 the surrogate with. This annotation will be
549 applied to the surrogate by prefixing it with
550 the name of the custom info type followed
551 by the number of characters comprising the
552 surrogate. The following scheme defines the
553 format: {info type name}({surrogate character
554 count}):{surrogate} For example, if the name
555 of custom info type is ''MY_TOKEN_INFO_TYPE''
556 and the surrogate is ''abc'', the full replacement
557 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
558 This annotation identifies the surrogate when
559 inspecting content using the custom info type
560 ''Surrogate''. This facilitates reversal of
561 the surrogate when it occurs in free text.
562 Note: For record transformations where the
563 entire cell in a table is being transformed,
564 surrogates are not mandatory. Surrogates are
565 used to denote the location of the token and
566 are necessary for re-identification in free
567 form text. In order for inspection to work
568 properly, the name of this info type must
569 not occur naturally anywhere in your data;
570 otherwise, inspection may either - reverse
571 a surrogate that does not correspond to an
572 actual identifier - be unable to parse the
573 surrogate and result in an error Therefore,
574 choose your custom info type name carefully
575 after considering what your data looks like.
576 One way to select a name that has a high chance
577 of yielding reliable detection is to include
578 one or more unicode characters that are highly
579 improbable to exist in your data. For example,
580 assuming your data is entered from a regular
581 ASCII keyboard, the symbol with the hex code
582 point 29DD might be used like so: ⧝MY_TOKEN_TYPE.'
583 properties:
584 name:
585 description: Name of the information type.
586 Either a name of your choosing when creating
587 a CustomInfoType, or one of the names
588 listed at https://cloud.google.com/dlp/docs/infotypes-reference
589 when specifying a built-in type. When
590 sending Cloud DLP results to Data Catalog,
591 infoType names should conform to the pattern
592 `[A-Za-z0-9$-_]{1,64}`.
593 type: string
594 type: object
595 type: object
596 cryptoHashConfig:
597 description: Crypto
598 properties:
599 cryptoKey:
600 description: The key used by the hash function.
601 properties:
602 kmsWrapped:
603 description: Key wrapped using Cloud KMS
604 properties:
605 cryptoKeyRef:
606 oneOf:
607 - not:
608 required:
609 - external
610 required:
611 - name
612 - not:
613 anyOf:
614 - required:
615 - name
616 - required:
617 - namespace
618 required:
619 - external
620 properties:
621 external:
622 description: |-
623 Required. The resource name of the KMS CryptoKey to use for unwrapping.
624
625 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
626 type: string
627 name:
628 description: 'Name of the referent.
629 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
630 type: string
631 namespace:
632 description: 'Namespace of the referent.
633 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
634 type: string
635 type: object
636 wrappedKey:
637 description: Required. The wrapped data
638 crypto key.
639 type: string
640 required:
641 - cryptoKeyRef
642 - wrappedKey
643 type: object
644 transient:
645 description: Transient crypto key
646 properties:
647 name:
648 description: 'Required. Name of the
649 key. This is an arbitrary string used
650 to differentiate different keys. A
651 unique key is generated per name:
652 two separate `TransientCryptoKey`
653 protos share the same generated key
654 if their names are the same. When
655 the data crypto key is generated,
656 this name is not used in any way (repeating
657 the api call will result in a different
658 key being generated).'
659 type: string
660 required:
661 - name
662 type: object
663 unwrapped:
664 description: Unwrapped crypto key
665 properties:
666 key:
667 description: Required. A 128/192/256
668 bit key.
669 type: string
670 required:
671 - key
672 type: object
673 type: object
674 type: object
675 cryptoReplaceFfxFpeConfig:
676 description: Ffx-Fpe
677 properties:
678 commonAlphabet:
679 description: 'Common alphabets. Possible values:
680 FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC,
681 HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC'
682 type: string
683 context:
684 description: 'The ''tweak'', a context may be
685 used for higher security since the same identifier
686 in two different contexts won''t be given
687 the same surrogate. If the context is not
688 set, a default tweak will be used. If the
689 context is set but: 1. there is no record
690 present when transforming a given value or
691 1. the field is not present when transforming
692 a given value, a default tweak will be used.
693 Note that case (1) is expected when an `InfoTypeTransformation`
694 is applied to both structured and non-structured
695 `ContentItem`s. Currently, the referenced
696 field may be of value type integer or string.
697 The tweak is constructed as a sequence of
698 bytes in big endian byte order such that:
699 - a 64 bit integer is encoded followed by
700 a single byte of value 1 - a string is encoded
701 in UTF-8 format followed by a single byte
702 of value 2'
703 properties:
704 name:
705 description: Name describing the field.
706 type: string
707 type: object
708 cryptoKey:
709 description: Required. The key used by the encryption
710 algorithm.
711 properties:
712 kmsWrapped:
713 description: Key wrapped using Cloud KMS
714 properties:
715 cryptoKeyRef:
716 oneOf:
717 - not:
718 required:
719 - external
720 required:
721 - name
722 - not:
723 anyOf:
724 - required:
725 - name
726 - required:
727 - namespace
728 required:
729 - external
730 properties:
731 external:
732 description: |-
733 Required. The resource name of the KMS CryptoKey to use for unwrapping.
734
735 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
736 type: string
737 name:
738 description: 'Name of the referent.
739 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
740 type: string
741 namespace:
742 description: 'Namespace of the referent.
743 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
744 type: string
745 type: object
746 wrappedKey:
747 description: Required. The wrapped data
748 crypto key.
749 type: string
750 required:
751 - cryptoKeyRef
752 - wrappedKey
753 type: object
754 transient:
755 description: Transient crypto key
756 properties:
757 name:
758 description: 'Required. Name of the
759 key. This is an arbitrary string used
760 to differentiate different keys. A
761 unique key is generated per name:
762 two separate `TransientCryptoKey`
763 protos share the same generated key
764 if their names are the same. When
765 the data crypto key is generated,
766 this name is not used in any way (repeating
767 the api call will result in a different
768 key being generated).'
769 type: string
770 required:
771 - name
772 type: object
773 unwrapped:
774 description: Unwrapped crypto key
775 properties:
776 key:
777 description: Required. A 128/192/256
778 bit key.
779 type: string
780 required:
781 - key
782 type: object
783 type: object
784 customAlphabet:
785 description: 'This is supported by mapping these
786 to the alphanumeric characters that the FFX
787 mode natively supports. This happens before/after
788 encryption/decryption. Each character listed
789 must appear only once. Number of characters
790 must be in the range [2, 95]. This must be
791 encoded as ASCII. The order of characters
792 does not matter. The full list of allowed
793 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
794 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
795 type: string
796 radix:
797 description: The native way to select the alphabet.
798 Must be in the range [2, 95].
799 format: int64
800 type: integer
801 surrogateInfoType:
802 description: 'The custom infoType to annotate
803 the surrogate with. This annotation will be
804 applied to the surrogate by prefixing it with
805 the name of the custom infoType followed by
806 the number of characters comprising the surrogate.
807 The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
808 For example, if the name of custom infoType
809 is ''MY_TOKEN_INFO_TYPE'' and the surrogate
810 is ''abc'', the full replacement value will
811 be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation
812 identifies the surrogate when inspecting content
813 using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
814 This facilitates reversal of the surrogate
815 when it occurs in free text. In order for
816 inspection to work properly, the name of this
817 infoType must not occur naturally anywhere
818 in your data; otherwise, inspection may find
819 a surrogate that does not correspond to an
820 actual identifier. Therefore, choose your
821 custom infoType name carefully after considering
822 what your data looks like. One way to select
823 a name that has a high chance of yielding
824 reliable detection is to include one or more
825 unicode characters that are highly improbable
826 to exist in your data. For example, assuming
827 your data is entered from a regular ASCII
828 keyboard, the symbol with the hex code point
829 29DD might be used like so: ⧝MY_TOKEN_TYPE'
830 properties:
831 name:
832 description: Name of the information type.
833 Either a name of your choosing when creating
834 a CustomInfoType, or one of the names
835 listed at https://cloud.google.com/dlp/docs/infotypes-reference
836 when specifying a built-in type. When
837 sending Cloud DLP results to Data Catalog,
838 infoType names should conform to the pattern
839 `[A-Za-z0-9$-_]{1,64}`.
840 type: string
841 type: object
842 required:
843 - cryptoKey
844 type: object
845 dateShiftConfig:
846 description: Date Shift
847 properties:
848 context:
849 description: Points to the field that contains
850 the context, for example, an entity id. If
851 set, must also set cryptoKey. If set, shift
852 will be consistent for the given context.
853 properties:
854 name:
855 description: Name describing the field.
856 type: string
857 type: object
858 cryptoKey:
859 description: Causes the shift to be computed
860 based on this key and the context. This results
861 in the same shift for the same context and
862 crypto_key. If set, must also set context.
863 Can only be applied to table items.
864 properties:
865 kmsWrapped:
866 description: Key wrapped using Cloud KMS
867 properties:
868 cryptoKeyRef:
869 oneOf:
870 - not:
871 required:
872 - external
873 required:
874 - name
875 - not:
876 anyOf:
877 - required:
878 - name
879 - required:
880 - namespace
881 required:
882 - external
883 properties:
884 external:
885 description: |-
886 Required. The resource name of the KMS CryptoKey to use for unwrapping.
887
888 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
889 type: string
890 name:
891 description: 'Name of the referent.
892 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
893 type: string
894 namespace:
895 description: 'Namespace of the referent.
896 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
897 type: string
898 type: object
899 wrappedKey:
900 description: Required. The wrapped data
901 crypto key.
902 type: string
903 required:
904 - cryptoKeyRef
905 - wrappedKey
906 type: object
907 transient:
908 description: Transient crypto key
909 properties:
910 name:
911 description: 'Required. Name of the
912 key. This is an arbitrary string used
913 to differentiate different keys. A
914 unique key is generated per name:
915 two separate `TransientCryptoKey`
916 protos share the same generated key
917 if their names are the same. When
918 the data crypto key is generated,
919 this name is not used in any way (repeating
920 the api call will result in a different
921 key being generated).'
922 type: string
923 required:
924 - name
925 type: object
926 unwrapped:
927 description: Unwrapped crypto key
928 properties:
929 key:
930 description: Required. A 128/192/256
931 bit key.
932 type: string
933 required:
934 - key
935 type: object
936 type: object
937 lowerBoundDays:
938 description: Required. For example, -5 means
939 shift date to at most 5 days back in the past.
940 format: int64
941 type: integer
942 upperBoundDays:
943 description: Required. Range of shift in days.
944 Actual shift will be selected at random within
945 this range (inclusive ends). Negative means
946 shift to earlier in time. Must not be more
947 than 365250 days (1000 years) each direction.
948 For example, 3 means shift date to at most
949 3 days into the future.
950 format: int64
951 type: integer
952 required:
953 - lowerBoundDays
954 - upperBoundDays
955 type: object
956 fixedSizeBucketingConfig:
957 description: Fixed size bucketing
958 properties:
959 bucketSize:
960 description: 'Required. Size of each bucket
961 (except for minimum and maximum buckets).
962 So if `lower_bound` = 10, `upper_bound` =
963 89, and `bucket_size` = 10, then the following
964 buckets would be used: -10, 10-20, 20-30,
965 30-40, 40-50, 50-60, 60-70, 70-80, 80-89,
966 89+. Precision up to 2 decimals works.'
967 format: double
968 type: number
969 lowerBound:
970 description: Required. Lower bound value of
971 buckets. All values less than `lower_bound`
972 are grouped together into a single bucket;
973 for example if `lower_bound` = 10, then all
974 values less than 10 are replaced with the
975 value "-10".
976 properties:
977 booleanValue:
978 description: boolean
979 type: boolean
980 dateValue:
981 description: date
982 properties:
983 day:
984 description: Day of a month. Must be
985 from 1 to 31 and valid for the year
986 and month, or 0 to specify a year
987 by itself or a year and month where
988 the day isn't significant.
989 format: int64
990 type: integer
991 month:
992 description: Month of a year. Must be
993 from 1 to 12, or 0 to specify a year
994 without a month and day.
995 format: int64
996 type: integer
997 year:
998 description: Year of the date. Must
999 be from 1 to 9999, or 0 to specify
1000 a date without a year.
1001 format: int64
1002 type: integer
1003 type: object
1004 dayOfWeekValue:
1005 description: 'day of week Possible values:
1006 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
1007 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
1008 SUNDAY'
1009 type: string
1010 floatValue:
1011 description: float
1012 format: double
1013 type: number
1014 integerValue:
1015 description: integer
1016 format: int64
1017 type: integer
1018 stringValue:
1019 description: string
1020 type: string
1021 timeValue:
1022 description: time of day
1023 properties:
1024 hours:
1025 description: Hours of day in 24 hour
1026 format. Should be from 0 to 23. An
1027 API may choose to allow the value
1028 "24:00:00" for scenarios like business
1029 closing time.
1030 format: int64
1031 type: integer
1032 minutes:
1033 description: Minutes of hour of day.
1034 Must be from 0 to 59.
1035 format: int64
1036 type: integer
1037 nanos:
1038 description: Fractions of seconds in
1039 nanoseconds. Must be from 0 to 999,999,999.
1040 format: int64
1041 type: integer
1042 seconds:
1043 description: Seconds of minutes of the
1044 time. Must normally be from 0 to 59.
1045 An API may allow the value 60 if it
1046 allows leap-seconds.
1047 format: int64
1048 type: integer
1049 type: object
1050 timestampValue:
1051 description: timestamp
1052 format: date-time
1053 type: string
1054 type: object
1055 upperBound:
1056 description: Required. Upper bound value of
1057 buckets. All values greater than upper_bound
1058 are grouped together into a single bucket;
1059 for example if `upper_bound` = 89, then all
1060 values greater than 89 are replaced with the
1061 value "89+".
1062 properties:
1063 booleanValue:
1064 description: boolean
1065 type: boolean
1066 dateValue:
1067 description: date
1068 properties:
1069 day:
1070 description: Day of a month. Must be
1071 from 1 to 31 and valid for the year
1072 and month, or 0 to specify a year
1073 by itself or a year and month where
1074 the day isn't significant.
1075 format: int64
1076 type: integer
1077 month:
1078 description: Month of a year. Must be
1079 from 1 to 12, or 0 to specify a year
1080 without a month and day.
1081 format: int64
1082 type: integer
1083 year:
1084 description: Year of the date. Must
1085 be from 1 to 9999, or 0 to specify
1086 a date without a year.
1087 format: int64
1088 type: integer
1089 type: object
1090 dayOfWeekValue:
1091 description: 'day of week Possible values:
1092 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
1093 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
1094 SUNDAY'
1095 type: string
1096 floatValue:
1097 description: float
1098 format: double
1099 type: number
1100 integerValue:
1101 description: integer
1102 format: int64
1103 type: integer
1104 stringValue:
1105 description: string
1106 type: string
1107 timeValue:
1108 description: time of day
1109 properties:
1110 hours:
1111 description: Hours of day in 24 hour
1112 format. Should be from 0 to 23. An
1113 API may choose to allow the value
1114 "24:00:00" for scenarios like business
1115 closing time.
1116 format: int64
1117 type: integer
1118 minutes:
1119 description: Minutes of hour of day.
1120 Must be from 0 to 59.
1121 format: int64
1122 type: integer
1123 nanos:
1124 description: Fractions of seconds in
1125 nanoseconds. Must be from 0 to 999,999,999.
1126 format: int64
1127 type: integer
1128 seconds:
1129 description: Seconds of minutes of the
1130 time. Must normally be from 0 to 59.
1131 An API may allow the value 60 if it
1132 allows leap-seconds.
1133 format: int64
1134 type: integer
1135 type: object
1136 timestampValue:
1137 description: timestamp
1138 format: date-time
1139 type: string
1140 type: object
1141 required:
1142 - bucketSize
1143 - lowerBound
1144 - upperBound
1145 type: object
1146 redactConfig:
1147 description: Redact
1148 type: object
1149 x-kubernetes-preserve-unknown-fields: true
1150 replaceConfig:
1151 description: Replace with a specified value.
1152 properties:
1153 newValue:
1154 description: Value to replace it with.
1155 properties:
1156 booleanValue:
1157 description: boolean
1158 type: boolean
1159 dateValue:
1160 description: date
1161 properties:
1162 day:
1163 description: Day of a month. Must be
1164 from 1 to 31 and valid for the year
1165 and month, or 0 to specify a year
1166 by itself or a year and month where
1167 the day isn't significant.
1168 format: int64
1169 type: integer
1170 month:
1171 description: Month of a year. Must be
1172 from 1 to 12, or 0 to specify a year
1173 without a month and day.
1174 format: int64
1175 type: integer
1176 year:
1177 description: Year of the date. Must
1178 be from 1 to 9999, or 0 to specify
1179 a date without a year.
1180 format: int64
1181 type: integer
1182 type: object
1183 dayOfWeekValue:
1184 description: 'day of week Possible values:
1185 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
1186 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
1187 SUNDAY'
1188 type: string
1189 floatValue:
1190 description: float
1191 format: double
1192 type: number
1193 integerValue:
1194 description: integer
1195 format: int64
1196 type: integer
1197 stringValue:
1198 description: string
1199 type: string
1200 timeValue:
1201 description: time of day
1202 properties:
1203 hours:
1204 description: Hours of day in 24 hour
1205 format. Should be from 0 to 23. An
1206 API may choose to allow the value
1207 "24:00:00" for scenarios like business
1208 closing time.
1209 format: int64
1210 type: integer
1211 minutes:
1212 description: Minutes of hour of day.
1213 Must be from 0 to 59.
1214 format: int64
1215 type: integer
1216 nanos:
1217 description: Fractions of seconds in
1218 nanoseconds. Must be from 0 to 999,999,999.
1219 format: int64
1220 type: integer
1221 seconds:
1222 description: Seconds of minutes of the
1223 time. Must normally be from 0 to 59.
1224 An API may allow the value 60 if it
1225 allows leap-seconds.
1226 format: int64
1227 type: integer
1228 type: object
1229 timestampValue:
1230 description: timestamp
1231 format: date-time
1232 type: string
1233 type: object
1234 type: object
1235 replaceWithInfoTypeConfig:
1236 description: Replace with infotype
1237 type: object
1238 x-kubernetes-preserve-unknown-fields: true
1239 timePartConfig:
1240 description: Time extraction
1241 properties:
1242 partToExtract:
1243 description: 'The part of the time to keep.
1244 Possible values: TIME_PART_UNSPECIFIED, YEAR,
1245 MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR,
1246 HOUR_OF_DAY'
1247 type: string
1248 type: object
1249 type: object
1250 required:
1251 - primitiveTransformation
1252 type: object
1253 type: array
1254 required:
1255 - transformations
1256 type: object
1257 recordTransformations:
1258 description: Treat the dataset as structured. Transformations
1259 can be applied to specific locations within structured datasets,
1260 such as transforming a column within a table.
1261 properties:
1262 fieldTransformations:
1263 description: Transform the record by applying various field
1264 transformations.
1265 items:
1266 properties:
1267 condition:
1268 description: 'Only apply the transformation if the condition
1269 evaluates to true for the given `RecordCondition`.
1270 The conditions are allowed to reference fields that
1271 are not used in the actual transformation. Example
1272 Use Cases: - Apply a different bucket transformation
1273 to an age column if the zip code column for the same
1274 record is within a specific range. - Redact a field
1275 if the date of birth field is greater than 85.'
1276 properties:
1277 expressions:
1278 description: An expression.
1279 properties:
1280 conditions:
1281 description: Conditions to apply to the expression.
1282 properties:
1283 conditions:
1284 description: A collection of conditions.
1285 items:
1286 properties:
1287 field:
1288 description: Required. Field within
1289 the record this condition is evaluated
1290 against.
1291 properties:
1292 name:
1293 description: Name describing the
1294 field.
1295 type: string
1296 type: object
1297 operator:
1298 description: 'Required. Operator used
1299 to compare the field or infoType
1300 to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED,
1301 AND'
1302 type: string
1303 value:
1304 description: Value to compare against.
1305 [Mandatory, except for `EXISTS`
1306 tests.]
1307 properties:
1308 booleanValue:
1309 description: boolean
1310 type: boolean
1311 dateValue:
1312 description: date
1313 properties:
1314 day:
1315 description: Day of a month.
1316 Must be from 1 to 31 and
1317 valid for the year and month,
1318 or 0 to specify a year by
1319 itself or a year and month
1320 where the day isn't significant.
1321 format: int64
1322 type: integer
1323 month:
1324 description: Month of a year.
1325 Must be from 1 to 12, or
1326 0 to specify a year without
1327 a month and day.
1328 format: int64
1329 type: integer
1330 year:
1331 description: Year of the date.
1332 Must be from 1 to 9999,
1333 or 0 to specify a date without
1334 a year.
1335 format: int64
1336 type: integer
1337 type: object
1338 dayOfWeekValue:
1339 description: 'day of week Possible
1340 values: DAY_OF_WEEK_UNSPECIFIED,
1341 MONDAY, TUESDAY, WEDNESDAY,
1342 THURSDAY, FRIDAY, SATURDAY,
1343 SUNDAY'
1344 type: string
1345 floatValue:
1346 description: float
1347 format: double
1348 type: number
1349 integerValue:
1350 description: integer
1351 format: int64
1352 type: integer
1353 stringValue:
1354 description: string
1355 type: string
1356 timeValue:
1357 description: time of day
1358 properties:
1359 hours:
1360 description: Hours of day
1361 in 24 hour format. Should
1362 be from 0 to 23. An API
1363 may choose to allow the
1364 value "24:00:00" for scenarios
1365 like business closing time.
1366 format: int64
1367 type: integer
1368 minutes:
1369 description: Minutes of hour
1370 of day. Must be from 0 to
1371 59.
1372 format: int64
1373 type: integer
1374 nanos:
1375 description: Fractions of
1376 seconds in nanoseconds.
1377 Must be from 0 to 999,999,999.
1378 format: int64
1379 type: integer
1380 seconds:
1381 description: Seconds of minutes
1382 of the time. Must normally
1383 be from 0 to 59. An API
1384 may allow the value 60 if
1385 it allows leap-seconds.
1386 format: int64
1387 type: integer
1388 type: object
1389 timestampValue:
1390 description: timestamp
1391 format: date-time
1392 type: string
1393 type: object
1394 required:
1395 - field
1396 - operator
1397 type: object
1398 type: array
1399 type: object
1400 logicalOperator:
1401 description: 'The operator to apply to the result
1402 of conditions. Default and currently only
1403 supported value is `AND`. Possible values:
1404 LOGICAL_OPERATOR_UNSPECIFIED, AND'
1405 type: string
1406 type: object
1407 type: object
1408 fields:
1409 description: Required. Input field(s) to apply the transformation
1410 to. When you have columns that reference their position
1411 within a list, omit the index from the FieldId. FieldId
1412 name matching ignores the index. For example, instead
1413 of "contact.nums[0].type", use "contact.nums.type".
1414 items:
1415 properties:
1416 name:
1417 description: Name describing the field.
1418 type: string
1419 type: object
1420 type: array
1421 infoTypeTransformations:
1422 description: Treat the contents of the field as free
1423 text, and selectively transform content that matches
1424 an `InfoType`.
1425 properties:
1426 transformations:
1427 description: Required. Transformation for each infoType.
1428 Cannot specify more than one for a given infoType.
1429 items:
1430 properties:
1431 infoTypes:
1432 description: InfoTypes to apply the transformation
1433 to. An empty list will cause this transformation
1434 to apply to all findings that correspond
1435 to infoTypes that were requested in `InspectConfig`.
1436 items:
1437 properties:
1438 name:
1439 description: Name of the information
1440 type. Either a name of your choosing
1441 when creating a CustomInfoType, or
1442 one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
1443 when specifying a built-in type. When
1444 sending Cloud DLP results to Data
1445 Catalog, infoType names should conform
1446 to the pattern `[A-Za-z0-9$-_]{1,64}`.
1447 type: string
1448 type: object
1449 type: array
1450 primitiveTransformation:
1451 description: Required. Primitive transformation
1452 to apply to the infoType.
1453 properties:
1454 bucketingConfig:
1455 description: Bucketing
1456 properties:
1457 buckets:
1458 description: Set of buckets. Ranges
1459 must be non-overlapping.
1460 items:
1461 properties:
1462 max:
1463 description: Upper bound of
1464 the range, exclusive; type
1465 must match min.
1466 properties:
1467 booleanValue:
1468 description: boolean
1469 type: boolean
1470 dateValue:
1471 description: date
1472 properties:
1473 day:
1474 description: Day of
1475 a month. Must be from
1476 1 to 31 and valid
1477 for the year and month,
1478 or 0 to specify a
1479 year by itself or
1480 a year and month where
1481 the day isn't significant.
1482 format: int64
1483 type: integer
1484 month:
1485 description: Month of
1486 a year. Must be from
1487 1 to 12, or 0 to specify
1488 a year without a month
1489 and day.
1490 format: int64
1491 type: integer
1492 year:
1493 description: Year of
1494 the date. Must be
1495 from 1 to 9999, or
1496 0 to specify a date
1497 without a year.
1498 format: int64
1499 type: integer
1500 type: object
1501 dayOfWeekValue:
1502 description: 'day of week
1503 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1504 MONDAY, TUESDAY, WEDNESDAY,
1505 THURSDAY, FRIDAY, SATURDAY,
1506 SUNDAY'
1507 type: string
1508 floatValue:
1509 description: float
1510 format: double
1511 type: number
1512 integerValue:
1513 description: integer
1514 format: int64
1515 type: integer
1516 stringValue:
1517 description: string
1518 type: string
1519 timeValue:
1520 description: time of day
1521 properties:
1522 hours:
1523 description: Hours of
1524 day in 24 hour format.
1525 Should be from 0 to
1526 23. An API may choose
1527 to allow the value
1528 "24:00:00" for scenarios
1529 like business closing
1530 time.
1531 format: int64
1532 type: integer
1533 minutes:
1534 description: Minutes
1535 of hour of day. Must
1536 be from 0 to 59.
1537 format: int64
1538 type: integer
1539 nanos:
1540 description: Fractions
1541 of seconds in nanoseconds.
1542 Must be from 0 to
1543 999,999,999.
1544 format: int64
1545 type: integer
1546 seconds:
1547 description: Seconds
1548 of minutes of the
1549 time. Must normally
1550 be from 0 to 59. An
1551 API may allow the
1552 value 60 if it allows
1553 leap-seconds.
1554 format: int64
1555 type: integer
1556 type: object
1557 timestampValue:
1558 description: timestamp
1559 format: date-time
1560 type: string
1561 type: object
1562 min:
1563 description: Lower bound of
1564 the range, inclusive. Type
1565 should be the same as max
1566 if used.
1567 properties:
1568 booleanValue:
1569 description: boolean
1570 type: boolean
1571 dateValue:
1572 description: date
1573 properties:
1574 day:
1575 description: Day of
1576 a month. Must be from
1577 1 to 31 and valid
1578 for the year and month,
1579 or 0 to specify a
1580 year by itself or
1581 a year and month where
1582 the day isn't significant.
1583 format: int64
1584 type: integer
1585 month:
1586 description: Month of
1587 a year. Must be from
1588 1 to 12, or 0 to specify
1589 a year without a month
1590 and day.
1591 format: int64
1592 type: integer
1593 year:
1594 description: Year of
1595 the date. Must be
1596 from 1 to 9999, or
1597 0 to specify a date
1598 without a year.
1599 format: int64
1600 type: integer
1601 type: object
1602 dayOfWeekValue:
1603 description: 'day of week
1604 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1605 MONDAY, TUESDAY, WEDNESDAY,
1606 THURSDAY, FRIDAY, SATURDAY,
1607 SUNDAY'
1608 type: string
1609 floatValue:
1610 description: float
1611 format: double
1612 type: number
1613 integerValue:
1614 description: integer
1615 format: int64
1616 type: integer
1617 stringValue:
1618 description: string
1619 type: string
1620 timeValue:
1621 description: time of day
1622 properties:
1623 hours:
1624 description: Hours of
1625 day in 24 hour format.
1626 Should be from 0 to
1627 23. An API may choose
1628 to allow the value
1629 "24:00:00" for scenarios
1630 like business closing
1631 time.
1632 format: int64
1633 type: integer
1634 minutes:
1635 description: Minutes
1636 of hour of day. Must
1637 be from 0 to 59.
1638 format: int64
1639 type: integer
1640 nanos:
1641 description: Fractions
1642 of seconds in nanoseconds.
1643 Must be from 0 to
1644 999,999,999.
1645 format: int64
1646 type: integer
1647 seconds:
1648 description: Seconds
1649 of minutes of the
1650 time. Must normally
1651 be from 0 to 59. An
1652 API may allow the
1653 value 60 if it allows
1654 leap-seconds.
1655 format: int64
1656 type: integer
1657 type: object
1658 timestampValue:
1659 description: timestamp
1660 format: date-time
1661 type: string
1662 type: object
1663 replacementValue:
1664 description: Required. Replacement
1665 value for this bucket.
1666 properties:
1667 booleanValue:
1668 description: boolean
1669 type: boolean
1670 dateValue:
1671 description: date
1672 properties:
1673 day:
1674 description: Day of
1675 a month. Must be from
1676 1 to 31 and valid
1677 for the year and month,
1678 or 0 to specify a
1679 year by itself or
1680 a year and month where
1681 the day isn't significant.
1682 format: int64
1683 type: integer
1684 month:
1685 description: Month of
1686 a year. Must be from
1687 1 to 12, or 0 to specify
1688 a year without a month
1689 and day.
1690 format: int64
1691 type: integer
1692 year:
1693 description: Year of
1694 the date. Must be
1695 from 1 to 9999, or
1696 0 to specify a date
1697 without a year.
1698 format: int64
1699 type: integer
1700 type: object
1701 dayOfWeekValue:
1702 description: 'day of week
1703 Possible values: DAY_OF_WEEK_UNSPECIFIED,
1704 MONDAY, TUESDAY, WEDNESDAY,
1705 THURSDAY, FRIDAY, SATURDAY,
1706 SUNDAY'
1707 type: string
1708 floatValue:
1709 description: float
1710 format: double
1711 type: number
1712 integerValue:
1713 description: integer
1714 format: int64
1715 type: integer
1716 stringValue:
1717 description: string
1718 type: string
1719 timeValue:
1720 description: time of day
1721 properties:
1722 hours:
1723 description: Hours of
1724 day in 24 hour format.
1725 Should be from 0 to
1726 23. An API may choose
1727 to allow the value
1728 "24:00:00" for scenarios
1729 like business closing
1730 time.
1731 format: int64
1732 type: integer
1733 minutes:
1734 description: Minutes
1735 of hour of day. Must
1736 be from 0 to 59.
1737 format: int64
1738 type: integer
1739 nanos:
1740 description: Fractions
1741 of seconds in nanoseconds.
1742 Must be from 0 to
1743 999,999,999.
1744 format: int64
1745 type: integer
1746 seconds:
1747 description: Seconds
1748 of minutes of the
1749 time. Must normally
1750 be from 0 to 59. An
1751 API may allow the
1752 value 60 if it allows
1753 leap-seconds.
1754 format: int64
1755 type: integer
1756 type: object
1757 timestampValue:
1758 description: timestamp
1759 format: date-time
1760 type: string
1761 type: object
1762 required:
1763 - replacementValue
1764 type: object
1765 type: array
1766 type: object
1767 characterMaskConfig:
1768 description: Mask
1769 properties:
1770 charactersToIgnore:
1771 description: When masking a string,
1772 items in this list will be skipped
1773 when replacing characters. For example,
1774 if the input string is `555-555-5555`
1775 and you instruct Cloud DLP to skip
1776 `-` and mask 5 characters with `*`,
1777 Cloud DLP returns `***-**5-5555`.
1778 items:
1779 properties:
1780 charactersToSkip:
1781 description: Characters to not
1782 transform when masking.
1783 type: string
1784 commonCharactersToIgnore:
1785 description: 'Common characters
1786 to not transform when masking.
1787 Useful to avoid removing punctuation.
1788 Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
1789 NUMERIC, ALPHA_UPPER_CASE,
1790 ALPHA_LOWER_CASE, PUNCTUATION,
1791 WHITESPACE'
1792 type: string
1793 type: object
1794 type: array
1795 maskingCharacter:
1796 description: Character to use to mask
1797 the sensitive values—for example,
1798 `*` for an alphabetic string such
1799 as a name, or `0` for a numeric
1800 string such as ZIP code or credit
1801 card number. This string must have
1802 a length of 1. If not supplied,
1803 this value defaults to `*` for strings,
1804 and `0` for digits.
1805 type: string
1806 numberToMask:
1807 description: Number of characters
1808 to mask. If not set, all matching
1809 chars will be masked. Skipped characters
1810 do not count towards this tally.
1811 format: int64
1812 type: integer
1813 reverseOrder:
1814 description: Mask characters in reverse
1815 order. For example, if `masking_character`
1816 is `0`, `number_to_mask` is `14`,
1817 and `reverse_order` is `false`,
1818 then the input string `1234-5678-9012-3456`
1819 is masked as `00000000000000-3456`.
1820 If `masking_character` is `*`, `number_to_mask`
1821 is `3`, and `reverse_order` is `true`,
1822 then the string `12345` is masked
1823 as `12***`.
1824 type: boolean
1825 type: object
1826 cryptoDeterministicConfig:
1827 description: Deterministic Crypto
1828 properties:
1829 context:
1830 description: 'A context may be used
1831 for higher security and maintaining
1832 referential integrity such that
1833 the same identifier in two different
1834 contexts will be given a distinct
1835 surrogate. The context is appended
1836 to plaintext value being encrypted.
1837 On decryption the provided context
1838 is validated against the value used
1839 during encryption. If a context
1840 was provided during encryption,
1841 same context must be provided during
1842 decryption as well. If the context
1843 is not set, plaintext would be used
1844 as is for encryption. If the context
1845 is set but: 1. there is no record
1846 present when transforming a given
1847 value or 2. the field is not present
1848 when transforming a given value,
1849 plaintext would be used as is for
1850 encryption. Note that case (1) is
1851 expected when an `InfoTypeTransformation`
1852 is applied to both structured and
1853 non-structured `ContentItem`s.'
1854 properties:
1855 name:
1856 description: Name describing the
1857 field.
1858 type: string
1859 type: object
1860 cryptoKey:
1861 description: The key used by the encryption
1862 function. For deterministic encryption
1863 using AES-SIV, the provided key
1864 is internally expanded to 64 bytes
1865 prior to use.
1866 properties:
1867 kmsWrapped:
1868 description: Key wrapped using
1869 Cloud KMS
1870 properties:
1871 cryptoKeyRef:
1872 oneOf:
1873 - not:
1874 required:
1875 - external
1876 required:
1877 - name
1878 - not:
1879 anyOf:
1880 - required:
1881 - name
1882 - required:
1883 - namespace
1884 required:
1885 - external
1886 properties:
1887 external:
1888 description: |-
1889 Required. The resource name of the KMS CryptoKey to use for unwrapping.
1890
1891 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
1892 type: string
1893 name:
1894 description: 'Name of
1895 the referent. More info:
1896 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1897 type: string
1898 namespace:
1899 description: 'Namespace
1900 of the referent. More
1901 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
1902 type: string
1903 type: object
1904 wrappedKey:
1905 description: Required. The
1906 wrapped data crypto key.
1907 type: string
1908 required:
1909 - cryptoKeyRef
1910 - wrappedKey
1911 type: object
1912 transient:
1913 description: Transient crypto
1914 key
1915 properties:
1916 name:
1917 description: 'Required. Name
1918 of the key. This is an arbitrary
1919 string used to differentiate
1920 different keys. A unique
1921 key is generated per name:
1922 two separate `TransientCryptoKey`
1923 protos share the same generated
1924 key if their names are the
1925 same. When the data crypto
1926 key is generated, this name
1927 is not used in any way (repeating
1928 the api call will result
1929 in a different key being
1930 generated).'
1931 type: string
1932 required:
1933 - name
1934 type: object
1935 unwrapped:
1936 description: Unwrapped crypto
1937 key
1938 properties:
1939 key:
1940 description: Required. A 128/192/256
1941 bit key.
1942 type: string
1943 required:
1944 - key
1945 type: object
1946 type: object
1947 surrogateInfoType:
1948 description: 'The custom info type
1949 to annotate the surrogate with.
1950 This annotation will be applied
1951 to the surrogate by prefixing it
1952 with the name of the custom info
1953 type followed by the number of characters
1954 comprising the surrogate. The following
1955 scheme defines the format: {info
1956 type name}({surrogate character
1957 count}):{surrogate} For example,
1958 if the name of custom info type
1959 is ''MY_TOKEN_INFO_TYPE'' and the
1960 surrogate is ''abc'', the full replacement
1961 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
1962 This annotation identifies the surrogate
1963 when inspecting content using the
1964 custom info type ''Surrogate''.
1965 This facilitates reversal of the
1966 surrogate when it occurs in free
1967 text. Note: For record transformations
1968 where the entire cell in a table
1969 is being transformed, surrogates
1970 are not mandatory. Surrogates are
1971 used to denote the location of the
1972 token and are necessary for re-identification
1973 in free form text. In order for
1974 inspection to work properly, the
1975 name of this info type must not
1976 occur naturally anywhere in your
1977 data; otherwise, inspection may
1978 either - reverse a surrogate that
1979 does not correspond to an actual
1980 identifier - be unable to parse
1981 the surrogate and result in an error
1982 Therefore, choose your custom info
1983 type name carefully after considering
1984 what your data looks like. One way
1985 to select a name that has a high
1986 chance of yielding reliable detection
1987 is to include one or more unicode
1988 characters that are highly improbable
1989 to exist in your data. For example,
1990 assuming your data is entered from
1991 a regular ASCII keyboard, the symbol
1992 with the hex code point 29DD might
1993 be used like so: ⧝MY_TOKEN_TYPE.'
1994 properties:
1995 name:
1996 description: Name of the information
1997 type. Either a name of your
1998 choosing when creating a CustomInfoType,
1999 or one of the names listed at
2000 https://cloud.google.com/dlp/docs/infotypes-reference
2001 when specifying a built-in type.
2002 When sending Cloud DLP results
2003 to Data Catalog, infoType names
2004 should conform to the pattern
2005 `[A-Za-z0-9$-_]{1,64}`.
2006 type: string
2007 type: object
2008 type: object
2009 cryptoHashConfig:
2010 description: Crypto
2011 properties:
2012 cryptoKey:
2013 description: The key used by the hash
2014 function.
2015 properties:
2016 kmsWrapped:
2017 description: Key wrapped using
2018 Cloud KMS
2019 properties:
2020 cryptoKeyRef:
2021 oneOf:
2022 - not:
2023 required:
2024 - external
2025 required:
2026 - name
2027 - not:
2028 anyOf:
2029 - required:
2030 - name
2031 - required:
2032 - namespace
2033 required:
2034 - external
2035 properties:
2036 external:
2037 description: |-
2038 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2039
2040 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2041 type: string
2042 name:
2043 description: 'Name of
2044 the referent. More info:
2045 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2046 type: string
2047 namespace:
2048 description: 'Namespace
2049 of the referent. More
2050 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2051 type: string
2052 type: object
2053 wrappedKey:
2054 description: Required. The
2055 wrapped data crypto key.
2056 type: string
2057 required:
2058 - cryptoKeyRef
2059 - wrappedKey
2060 type: object
2061 transient:
2062 description: Transient crypto
2063 key
2064 properties:
2065 name:
2066 description: 'Required. Name
2067 of the key. This is an arbitrary
2068 string used to differentiate
2069 different keys. A unique
2070 key is generated per name:
2071 two separate `TransientCryptoKey`
2072 protos share the same generated
2073 key if their names are the
2074 same. When the data crypto
2075 key is generated, this name
2076 is not used in any way (repeating
2077 the api call will result
2078 in a different key being
2079 generated).'
2080 type: string
2081 required:
2082 - name
2083 type: object
2084 unwrapped:
2085 description: Unwrapped crypto
2086 key
2087 properties:
2088 key:
2089 description: Required. A 128/192/256
2090 bit key.
2091 type: string
2092 required:
2093 - key
2094 type: object
2095 type: object
2096 type: object
2097 cryptoReplaceFfxFpeConfig:
2098 description: Ffx-Fpe
2099 properties:
2100 commonAlphabet:
2101 description: 'Common alphabets. Possible
2102 values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED,
2103 NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC,
2104 ALPHA_NUMERIC'
2105 type: string
2106 context:
2107 description: 'The ''tweak'', a context
2108 may be used for higher security
2109 since the same identifier in two
2110 different contexts won''t be given
2111 the same surrogate. If the context
2112 is not set, a default tweak will
2113 be used. If the context is set but:
2114 1. there is no record present when
2115 transforming a given value or 1.
2116 the field is not present when transforming
2117 a given value, a default tweak will
2118 be used. Note that case (1) is expected
2119 when an `InfoTypeTransformation`
2120 is applied to both structured and
2121 non-structured `ContentItem`s. Currently,
2122 the referenced field may be of value
2123 type integer or string. The tweak
2124 is constructed as a sequence of
2125 bytes in big endian byte order such
2126 that: - a 64 bit integer is encoded
2127 followed by a single byte of value
2128 1 - a string is encoded in UTF-8
2129 format followed by a single byte
2130 of value 2'
2131 properties:
2132 name:
2133 description: Name describing the
2134 field.
2135 type: string
2136 type: object
2137 cryptoKey:
2138 description: Required. The key used
2139 by the encryption algorithm.
2140 properties:
2141 kmsWrapped:
2142 description: Key wrapped using
2143 Cloud KMS
2144 properties:
2145 cryptoKeyRef:
2146 oneOf:
2147 - not:
2148 required:
2149 - external
2150 required:
2151 - name
2152 - not:
2153 anyOf:
2154 - required:
2155 - name
2156 - required:
2157 - namespace
2158 required:
2159 - external
2160 properties:
2161 external:
2162 description: |-
2163 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2164
2165 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2166 type: string
2167 name:
2168 description: 'Name of
2169 the referent. More info:
2170 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2171 type: string
2172 namespace:
2173 description: 'Namespace
2174 of the referent. More
2175 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2176 type: string
2177 type: object
2178 wrappedKey:
2179 description: Required. The
2180 wrapped data crypto key.
2181 type: string
2182 required:
2183 - cryptoKeyRef
2184 - wrappedKey
2185 type: object
2186 transient:
2187 description: Transient crypto
2188 key
2189 properties:
2190 name:
2191 description: 'Required. Name
2192 of the key. This is an arbitrary
2193 string used to differentiate
2194 different keys. A unique
2195 key is generated per name:
2196 two separate `TransientCryptoKey`
2197 protos share the same generated
2198 key if their names are the
2199 same. When the data crypto
2200 key is generated, this name
2201 is not used in any way (repeating
2202 the api call will result
2203 in a different key being
2204 generated).'
2205 type: string
2206 required:
2207 - name
2208 type: object
2209 unwrapped:
2210 description: Unwrapped crypto
2211 key
2212 properties:
2213 key:
2214 description: Required. A 128/192/256
2215 bit key.
2216 type: string
2217 required:
2218 - key
2219 type: object
2220 type: object
2221 customAlphabet:
2222 description: 'This is supported by
2223 mapping these to the alphanumeric
2224 characters that the FFX mode natively
2225 supports. This happens before/after
2226 encryption/decryption. Each character
2227 listed must appear only once. Number
2228 of characters must be in the range
2229 [2, 95]. This must be encoded as
2230 ASCII. The order of characters does
2231 not matter. The full list of allowed
2232 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
2233 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
2234 type: string
2235 radix:
2236 description: The native way to select
2237 the alphabet. Must be in the range
2238 [2, 95].
2239 format: int64
2240 type: integer
2241 surrogateInfoType:
2242 description: 'The custom infoType
2243 to annotate the surrogate with.
2244 This annotation will be applied
2245 to the surrogate by prefixing it
2246 with the name of the custom infoType
2247 followed by the number of characters
2248 comprising the surrogate. The following
2249 scheme defines the format: info_type_name(surrogate_character_count):surrogate
2250 For example, if the name of custom
2251 infoType is ''MY_TOKEN_INFO_TYPE''
2252 and the surrogate is ''abc'', the
2253 full replacement value will be:
2254 ''MY_TOKEN_INFO_TYPE(3):abc'' This
2255 annotation identifies the surrogate
2256 when inspecting content using the
2257 custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
2258 This facilitates reversal of the
2259 surrogate when it occurs in free
2260 text. In order for inspection to
2261 work properly, the name of this
2262 infoType must not occur naturally
2263 anywhere in your data; otherwise,
2264 inspection may find a surrogate
2265 that does not correspond to an actual
2266 identifier. Therefore, choose your
2267 custom infoType name carefully after
2268 considering what your data looks
2269 like. One way to select a name that
2270 has a high chance of yielding reliable
2271 detection is to include one or more
2272 unicode characters that are highly
2273 improbable to exist in your data.
2274 For example, assuming your data
2275 is entered from a regular ASCII
2276 keyboard, the symbol with the hex
2277 code point 29DD might be used like
2278 so: ⧝MY_TOKEN_TYPE'
2279 properties:
2280 name:
2281 description: Name of the information
2282 type. Either a name of your
2283 choosing when creating a CustomInfoType,
2284 or one of the names listed at
2285 https://cloud.google.com/dlp/docs/infotypes-reference
2286 when specifying a built-in type.
2287 When sending Cloud DLP results
2288 to Data Catalog, infoType names
2289 should conform to the pattern
2290 `[A-Za-z0-9$-_]{1,64}`.
2291 type: string
2292 type: object
2293 required:
2294 - cryptoKey
2295 type: object
2296 dateShiftConfig:
2297 description: Date Shift
2298 properties:
2299 context:
2300 description: Points to the field that
2301 contains the context, for example,
2302 an entity id. If set, must also
2303 set cryptoKey. If set, shift will
2304 be consistent for the given context.
2305 properties:
2306 name:
2307 description: Name describing the
2308 field.
2309 type: string
2310 type: object
2311 cryptoKey:
2312 description: Causes the shift to be
2313 computed based on this key and the
2314 context. This results in the same
2315 shift for the same context and crypto_key.
2316 If set, must also set context. Can
2317 only be applied to table items.
2318 properties:
2319 kmsWrapped:
2320 description: Key wrapped using
2321 Cloud KMS
2322 properties:
2323 cryptoKeyRef:
2324 oneOf:
2325 - not:
2326 required:
2327 - external
2328 required:
2329 - name
2330 - not:
2331 anyOf:
2332 - required:
2333 - name
2334 - required:
2335 - namespace
2336 required:
2337 - external
2338 properties:
2339 external:
2340 description: |-
2341 Required. The resource name of the KMS CryptoKey to use for unwrapping.
2342
2343 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
2344 type: string
2345 name:
2346 description: 'Name of
2347 the referent. More info:
2348 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
2349 type: string
2350 namespace:
2351 description: 'Namespace
2352 of the referent. More
2353 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
2354 type: string
2355 type: object
2356 wrappedKey:
2357 description: Required. The
2358 wrapped data crypto key.
2359 type: string
2360 required:
2361 - cryptoKeyRef
2362 - wrappedKey
2363 type: object
2364 transient:
2365 description: Transient crypto
2366 key
2367 properties:
2368 name:
2369 description: 'Required. Name
2370 of the key. This is an arbitrary
2371 string used to differentiate
2372 different keys. A unique
2373 key is generated per name:
2374 two separate `TransientCryptoKey`
2375 protos share the same generated
2376 key if their names are the
2377 same. When the data crypto
2378 key is generated, this name
2379 is not used in any way (repeating
2380 the api call will result
2381 in a different key being
2382 generated).'
2383 type: string
2384 required:
2385 - name
2386 type: object
2387 unwrapped:
2388 description: Unwrapped crypto
2389 key
2390 properties:
2391 key:
2392 description: Required. A 128/192/256
2393 bit key.
2394 type: string
2395 required:
2396 - key
2397 type: object
2398 type: object
2399 lowerBoundDays:
2400 description: Required. For example,
2401 -5 means shift date to at most 5
2402 days back in the past.
2403 format: int64
2404 type: integer
2405 upperBoundDays:
2406 description: Required. Range of shift
2407 in days. Actual shift will be selected
2408 at random within this range (inclusive
2409 ends). Negative means shift to earlier
2410 in time. Must not be more than 365250
2411 days (1000 years) each direction.
2412 For example, 3 means shift date
2413 to at most 3 days into the future.
2414 format: int64
2415 type: integer
2416 required:
2417 - lowerBoundDays
2418 - upperBoundDays
2419 type: object
2420 fixedSizeBucketingConfig:
2421 description: Fixed size bucketing
2422 properties:
2423 bucketSize:
2424 description: 'Required. Size of each
2425 bucket (except for minimum and maximum
2426 buckets). So if `lower_bound` =
2427 10, `upper_bound` = 89, and `bucket_size`
2428 = 10, then the following buckets
2429 would be used: -10, 10-20, 20-30,
2430 30-40, 40-50, 50-60, 60-70, 70-80,
2431 80-89, 89+. Precision up to 2 decimals
2432 works.'
2433 format: double
2434 type: number
2435 lowerBound:
2436 description: Required. Lower bound
2437 value of buckets. All values less
2438 than `lower_bound` are grouped together
2439 into a single bucket; for example
2440 if `lower_bound` = 10, then all
2441 values less than 10 are replaced
2442 with the value "-10".
2443 properties:
2444 booleanValue:
2445 description: boolean
2446 type: boolean
2447 dateValue:
2448 description: date
2449 properties:
2450 day:
2451 description: Day of a month.
2452 Must be from 1 to 31 and
2453 valid for the year and month,
2454 or 0 to specify a year by
2455 itself or a year and month
2456 where the day isn't significant.
2457 format: int64
2458 type: integer
2459 month:
2460 description: Month of a year.
2461 Must be from 1 to 12, or
2462 0 to specify a year without
2463 a month and day.
2464 format: int64
2465 type: integer
2466 year:
2467 description: Year of the date.
2468 Must be from 1 to 9999,
2469 or 0 to specify a date without
2470 a year.
2471 format: int64
2472 type: integer
2473 type: object
2474 dayOfWeekValue:
2475 description: 'day of week Possible
2476 values: DAY_OF_WEEK_UNSPECIFIED,
2477 MONDAY, TUESDAY, WEDNESDAY,
2478 THURSDAY, FRIDAY, SATURDAY,
2479 SUNDAY'
2480 type: string
2481 floatValue:
2482 description: float
2483 format: double
2484 type: number
2485 integerValue:
2486 description: integer
2487 format: int64
2488 type: integer
2489 stringValue:
2490 description: string
2491 type: string
2492 timeValue:
2493 description: time of day
2494 properties:
2495 hours:
2496 description: Hours of day
2497 in 24 hour format. Should
2498 be from 0 to 23. An API
2499 may choose to allow the
2500 value "24:00:00" for scenarios
2501 like business closing time.
2502 format: int64
2503 type: integer
2504 minutes:
2505 description: Minutes of hour
2506 of day. Must be from 0 to
2507 59.
2508 format: int64
2509 type: integer
2510 nanos:
2511 description: Fractions of
2512 seconds in nanoseconds.
2513 Must be from 0 to 999,999,999.
2514 format: int64
2515 type: integer
2516 seconds:
2517 description: Seconds of minutes
2518 of the time. Must normally
2519 be from 0 to 59. An API
2520 may allow the value 60 if
2521 it allows leap-seconds.
2522 format: int64
2523 type: integer
2524 type: object
2525 timestampValue:
2526 description: timestamp
2527 format: date-time
2528 type: string
2529 type: object
2530 upperBound:
2531 description: Required. Upper bound
2532 value of buckets. All values greater
2533 than upper_bound are grouped together
2534 into a single bucket; for example
2535 if `upper_bound` = 89, then all
2536 values greater than 89 are replaced
2537 with the value "89+".
2538 properties:
2539 booleanValue:
2540 description: boolean
2541 type: boolean
2542 dateValue:
2543 description: date
2544 properties:
2545 day:
2546 description: Day of a month.
2547 Must be from 1 to 31 and
2548 valid for the year and month,
2549 or 0 to specify a year by
2550 itself or a year and month
2551 where the day isn't significant.
2552 format: int64
2553 type: integer
2554 month:
2555 description: Month of a year.
2556 Must be from 1 to 12, or
2557 0 to specify a year without
2558 a month and day.
2559 format: int64
2560 type: integer
2561 year:
2562 description: Year of the date.
2563 Must be from 1 to 9999,
2564 or 0 to specify a date without
2565 a year.
2566 format: int64
2567 type: integer
2568 type: object
2569 dayOfWeekValue:
2570 description: 'day of week Possible
2571 values: DAY_OF_WEEK_UNSPECIFIED,
2572 MONDAY, TUESDAY, WEDNESDAY,
2573 THURSDAY, FRIDAY, SATURDAY,
2574 SUNDAY'
2575 type: string
2576 floatValue:
2577 description: float
2578 format: double
2579 type: number
2580 integerValue:
2581 description: integer
2582 format: int64
2583 type: integer
2584 stringValue:
2585 description: string
2586 type: string
2587 timeValue:
2588 description: time of day
2589 properties:
2590 hours:
2591 description: Hours of day
2592 in 24 hour format. Should
2593 be from 0 to 23. An API
2594 may choose to allow the
2595 value "24:00:00" for scenarios
2596 like business closing time.
2597 format: int64
2598 type: integer
2599 minutes:
2600 description: Minutes of hour
2601 of day. Must be from 0 to
2602 59.
2603 format: int64
2604 type: integer
2605 nanos:
2606 description: Fractions of
2607 seconds in nanoseconds.
2608 Must be from 0 to 999,999,999.
2609 format: int64
2610 type: integer
2611 seconds:
2612 description: Seconds of minutes
2613 of the time. Must normally
2614 be from 0 to 59. An API
2615 may allow the value 60 if
2616 it allows leap-seconds.
2617 format: int64
2618 type: integer
2619 type: object
2620 timestampValue:
2621 description: timestamp
2622 format: date-time
2623 type: string
2624 type: object
2625 required:
2626 - bucketSize
2627 - lowerBound
2628 - upperBound
2629 type: object
2630 redactConfig:
2631 description: Redact
2632 type: object
2633 x-kubernetes-preserve-unknown-fields: true
2634 replaceConfig:
2635 description: Replace with a specified
2636 value.
2637 properties:
2638 newValue:
2639 description: Value to replace it with.
2640 properties:
2641 booleanValue:
2642 description: boolean
2643 type: boolean
2644 dateValue:
2645 description: date
2646 properties:
2647 day:
2648 description: Day of a month.
2649 Must be from 1 to 31 and
2650 valid for the year and month,
2651 or 0 to specify a year by
2652 itself or a year and month
2653 where the day isn't significant.
2654 format: int64
2655 type: integer
2656 month:
2657 description: Month of a year.
2658 Must be from 1 to 12, or
2659 0 to specify a year without
2660 a month and day.
2661 format: int64
2662 type: integer
2663 year:
2664 description: Year of the date.
2665 Must be from 1 to 9999,
2666 or 0 to specify a date without
2667 a year.
2668 format: int64
2669 type: integer
2670 type: object
2671 dayOfWeekValue:
2672 description: 'day of week Possible
2673 values: DAY_OF_WEEK_UNSPECIFIED,
2674 MONDAY, TUESDAY, WEDNESDAY,
2675 THURSDAY, FRIDAY, SATURDAY,
2676 SUNDAY'
2677 type: string
2678 floatValue:
2679 description: float
2680 format: double
2681 type: number
2682 integerValue:
2683 description: integer
2684 format: int64
2685 type: integer
2686 stringValue:
2687 description: string
2688 type: string
2689 timeValue:
2690 description: time of day
2691 properties:
2692 hours:
2693 description: Hours of day
2694 in 24 hour format. Should
2695 be from 0 to 23. An API
2696 may choose to allow the
2697 value "24:00:00" for scenarios
2698 like business closing time.
2699 format: int64
2700 type: integer
2701 minutes:
2702 description: Minutes of hour
2703 of day. Must be from 0 to
2704 59.
2705 format: int64
2706 type: integer
2707 nanos:
2708 description: Fractions of
2709 seconds in nanoseconds.
2710 Must be from 0 to 999,999,999.
2711 format: int64
2712 type: integer
2713 seconds:
2714 description: Seconds of minutes
2715 of the time. Must normally
2716 be from 0 to 59. An API
2717 may allow the value 60 if
2718 it allows leap-seconds.
2719 format: int64
2720 type: integer
2721 type: object
2722 timestampValue:
2723 description: timestamp
2724 format: date-time
2725 type: string
2726 type: object
2727 type: object
2728 replaceWithInfoTypeConfig:
2729 description: Replace with infotype
2730 type: object
2731 x-kubernetes-preserve-unknown-fields: true
2732 timePartConfig:
2733 description: Time extraction
2734 properties:
2735 partToExtract:
2736 description: 'The part of the time
2737 to keep. Possible values: TIME_PART_UNSPECIFIED,
2738 YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK,
2739 WEEK_OF_YEAR, HOUR_OF_DAY'
2740 type: string
2741 type: object
2742 type: object
2743 required:
2744 - primitiveTransformation
2745 type: object
2746 type: array
2747 required:
2748 - transformations
2749 type: object
2750 primitiveTransformation:
2751 description: Apply the transformation to the entire
2752 field.
2753 properties:
2754 bucketingConfig:
2755 description: Bucketing
2756 properties:
2757 buckets:
2758 description: Set of buckets. Ranges must be
2759 non-overlapping.
2760 items:
2761 properties:
2762 max:
2763 description: Upper bound of the range,
2764 exclusive; type must match min.
2765 properties:
2766 booleanValue:
2767 description: boolean
2768 type: boolean
2769 dateValue:
2770 description: date
2771 properties:
2772 day:
2773 description: Day of a month. Must
2774 be from 1 to 31 and valid for
2775 the year and month, or 0 to
2776 specify a year by itself or
2777 a year and month where the day
2778 isn't significant.
2779 format: int64
2780 type: integer
2781 month:
2782 description: Month of a year.
2783 Must be from 1 to 12, or 0 to
2784 specify a year without a month
2785 and day.
2786 format: int64
2787 type: integer
2788 year:
2789 description: Year of the date.
2790 Must be from 1 to 9999, or 0
2791 to specify a date without a
2792 year.
2793 format: int64
2794 type: integer
2795 type: object
2796 dayOfWeekValue:
2797 description: 'day of week Possible
2798 values: DAY_OF_WEEK_UNSPECIFIED,
2799 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2800 FRIDAY, SATURDAY, SUNDAY'
2801 type: string
2802 floatValue:
2803 description: float
2804 format: double
2805 type: number
2806 integerValue:
2807 description: integer
2808 format: int64
2809 type: integer
2810 stringValue:
2811 description: string
2812 type: string
2813 timeValue:
2814 description: time of day
2815 properties:
2816 hours:
2817 description: Hours of day in 24
2818 hour format. Should be from
2819 0 to 23. An API may choose to
2820 allow the value "24:00:00" for
2821 scenarios like business closing
2822 time.
2823 format: int64
2824 type: integer
2825 minutes:
2826 description: Minutes of hour of
2827 day. Must be from 0 to 59.
2828 format: int64
2829 type: integer
2830 nanos:
2831 description: Fractions of seconds
2832 in nanoseconds. Must be from
2833 0 to 999,999,999.
2834 format: int64
2835 type: integer
2836 seconds:
2837 description: Seconds of minutes
2838 of the time. Must normally be
2839 from 0 to 59. An API may allow
2840 the value 60 if it allows leap-seconds.
2841 format: int64
2842 type: integer
2843 type: object
2844 timestampValue:
2845 description: timestamp
2846 format: date-time
2847 type: string
2848 type: object
2849 min:
2850 description: Lower bound of the range,
2851 inclusive. Type should be the same as
2852 max if used.
2853 properties:
2854 booleanValue:
2855 description: boolean
2856 type: boolean
2857 dateValue:
2858 description: date
2859 properties:
2860 day:
2861 description: Day of a month. Must
2862 be from 1 to 31 and valid for
2863 the year and month, or 0 to
2864 specify a year by itself or
2865 a year and month where the day
2866 isn't significant.
2867 format: int64
2868 type: integer
2869 month:
2870 description: Month of a year.
2871 Must be from 1 to 12, or 0 to
2872 specify a year without a month
2873 and day.
2874 format: int64
2875 type: integer
2876 year:
2877 description: Year of the date.
2878 Must be from 1 to 9999, or 0
2879 to specify a date without a
2880 year.
2881 format: int64
2882 type: integer
2883 type: object
2884 dayOfWeekValue:
2885 description: 'day of week Possible
2886 values: DAY_OF_WEEK_UNSPECIFIED,
2887 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2888 FRIDAY, SATURDAY, SUNDAY'
2889 type: string
2890 floatValue:
2891 description: float
2892 format: double
2893 type: number
2894 integerValue:
2895 description: integer
2896 format: int64
2897 type: integer
2898 stringValue:
2899 description: string
2900 type: string
2901 timeValue:
2902 description: time of day
2903 properties:
2904 hours:
2905 description: Hours of day in 24
2906 hour format. Should be from
2907 0 to 23. An API may choose to
2908 allow the value "24:00:00" for
2909 scenarios like business closing
2910 time.
2911 format: int64
2912 type: integer
2913 minutes:
2914 description: Minutes of hour of
2915 day. Must be from 0 to 59.
2916 format: int64
2917 type: integer
2918 nanos:
2919 description: Fractions of seconds
2920 in nanoseconds. Must be from
2921 0 to 999,999,999.
2922 format: int64
2923 type: integer
2924 seconds:
2925 description: Seconds of minutes
2926 of the time. Must normally be
2927 from 0 to 59. An API may allow
2928 the value 60 if it allows leap-seconds.
2929 format: int64
2930 type: integer
2931 type: object
2932 timestampValue:
2933 description: timestamp
2934 format: date-time
2935 type: string
2936 type: object
2937 replacementValue:
2938 description: Required. Replacement value
2939 for this bucket.
2940 properties:
2941 booleanValue:
2942 description: boolean
2943 type: boolean
2944 dateValue:
2945 description: date
2946 properties:
2947 day:
2948 description: Day of a month. Must
2949 be from 1 to 31 and valid for
2950 the year and month, or 0 to
2951 specify a year by itself or
2952 a year and month where the day
2953 isn't significant.
2954 format: int64
2955 type: integer
2956 month:
2957 description: Month of a year.
2958 Must be from 1 to 12, or 0 to
2959 specify a year without a month
2960 and day.
2961 format: int64
2962 type: integer
2963 year:
2964 description: Year of the date.
2965 Must be from 1 to 9999, or 0
2966 to specify a date without a
2967 year.
2968 format: int64
2969 type: integer
2970 type: object
2971 dayOfWeekValue:
2972 description: 'day of week Possible
2973 values: DAY_OF_WEEK_UNSPECIFIED,
2974 MONDAY, TUESDAY, WEDNESDAY, THURSDAY,
2975 FRIDAY, SATURDAY, SUNDAY'
2976 type: string
2977 floatValue:
2978 description: float
2979 format: double
2980 type: number
2981 integerValue:
2982 description: integer
2983 format: int64
2984 type: integer
2985 stringValue:
2986 description: string
2987 type: string
2988 timeValue:
2989 description: time of day
2990 properties:
2991 hours:
2992 description: Hours of day in 24
2993 hour format. Should be from
2994 0 to 23. An API may choose to
2995 allow the value "24:00:00" for
2996 scenarios like business closing
2997 time.
2998 format: int64
2999 type: integer
3000 minutes:
3001 description: Minutes of hour of
3002 day. Must be from 0 to 59.
3003 format: int64
3004 type: integer
3005 nanos:
3006 description: Fractions of seconds
3007 in nanoseconds. Must be from
3008 0 to 999,999,999.
3009 format: int64
3010 type: integer
3011 seconds:
3012 description: Seconds of minutes
3013 of the time. Must normally be
3014 from 0 to 59. An API may allow
3015 the value 60 if it allows leap-seconds.
3016 format: int64
3017 type: integer
3018 type: object
3019 timestampValue:
3020 description: timestamp
3021 format: date-time
3022 type: string
3023 type: object
3024 required:
3025 - replacementValue
3026 type: object
3027 type: array
3028 type: object
3029 characterMaskConfig:
3030 description: Mask
3031 properties:
3032 charactersToIgnore:
3033 description: When masking a string, items in
3034 this list will be skipped when replacing characters.
3035 For example, if the input string is `555-555-5555`
3036 and you instruct Cloud DLP to skip `-` and
3037 mask 5 characters with `*`, Cloud DLP returns
3038 `***-**5-5555`.
3039 items:
3040 properties:
3041 charactersToSkip:
3042 description: Characters to not transform
3043 when masking.
3044 type: string
3045 commonCharactersToIgnore:
3046 description: 'Common characters to not
3047 transform when masking. Useful to avoid
3048 removing punctuation. Possible values:
3049 COMMON_CHARS_TO_IGNORE_UNSPECIFIED,
3050 NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE,
3051 PUNCTUATION, WHITESPACE'
3052 type: string
3053 type: object
3054 type: array
3055 maskingCharacter:
3056 description: Character to use to mask the sensitive
3057 values—for example, `*` for an alphabetic
3058 string such as a name, or `0` for a numeric
3059 string such as ZIP code or credit card number.
3060 This string must have a length of 1. If not
3061 supplied, this value defaults to `*` for strings,
3062 and `0` for digits.
3063 type: string
3064 numberToMask:
3065 description: Number of characters to mask. If
3066 not set, all matching chars will be masked.
3067 Skipped characters do not count towards this
3068 tally.
3069 format: int64
3070 type: integer
3071 reverseOrder:
3072 description: Mask characters in reverse order.
3073 For example, if `masking_character` is `0`,
3074 `number_to_mask` is `14`, and `reverse_order`
3075 is `false`, then the input string `1234-5678-9012-3456`
3076 is masked as `00000000000000-3456`. If `masking_character`
3077 is `*`, `number_to_mask` is `3`, and `reverse_order`
3078 is `true`, then the string `12345` is masked
3079 as `12***`.
3080 type: boolean
3081 type: object
3082 cryptoDeterministicConfig:
3083 description: Deterministic Crypto
3084 properties:
3085 context:
3086 description: 'A context may be used for higher
3087 security and maintaining referential integrity
3088 such that the same identifier in two different
3089 contexts will be given a distinct surrogate.
3090 The context is appended to plaintext value
3091 being encrypted. On decryption the provided
3092 context is validated against the value used
3093 during encryption. If a context was provided
3094 during encryption, same context must be provided
3095 during decryption as well. If the context
3096 is not set, plaintext would be used as is
3097 for encryption. If the context is set but:
3098 1. there is no record present when transforming
3099 a given value or 2. the field is not present
3100 when transforming a given value, plaintext
3101 would be used as is for encryption. Note that
3102 case (1) is expected when an `InfoTypeTransformation`
3103 is applied to both structured and non-structured
3104 `ContentItem`s.'
3105 properties:
3106 name:
3107 description: Name describing the field.
3108 type: string
3109 type: object
3110 cryptoKey:
3111 description: The key used by the encryption
3112 function. For deterministic encryption using
3113 AES-SIV, the provided key is internally expanded
3114 to 64 bytes prior to use.
3115 properties:
3116 kmsWrapped:
3117 description: Key wrapped using Cloud KMS
3118 properties:
3119 cryptoKeyRef:
3120 oneOf:
3121 - not:
3122 required:
3123 - external
3124 required:
3125 - name
3126 - not:
3127 anyOf:
3128 - required:
3129 - name
3130 - required:
3131 - namespace
3132 required:
3133 - external
3134 properties:
3135 external:
3136 description: |-
3137 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3138
3139 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3140 type: string
3141 name:
3142 description: 'Name of the referent.
3143 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3144 type: string
3145 namespace:
3146 description: 'Namespace of the referent.
3147 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3148 type: string
3149 type: object
3150 wrappedKey:
3151 description: Required. The wrapped data
3152 crypto key.
3153 type: string
3154 required:
3155 - cryptoKeyRef
3156 - wrappedKey
3157 type: object
3158 transient:
3159 description: Transient crypto key
3160 properties:
3161 name:
3162 description: 'Required. Name of the
3163 key. This is an arbitrary string used
3164 to differentiate different keys. A
3165 unique key is generated per name:
3166 two separate `TransientCryptoKey`
3167 protos share the same generated key
3168 if their names are the same. When
3169 the data crypto key is generated,
3170 this name is not used in any way (repeating
3171 the api call will result in a different
3172 key being generated).'
3173 type: string
3174 required:
3175 - name
3176 type: object
3177 unwrapped:
3178 description: Unwrapped crypto key
3179 properties:
3180 key:
3181 description: Required. A 128/192/256
3182 bit key.
3183 type: string
3184 required:
3185 - key
3186 type: object
3187 type: object
3188 surrogateInfoType:
3189 description: 'The custom info type to annotate
3190 the surrogate with. This annotation will be
3191 applied to the surrogate by prefixing it with
3192 the name of the custom info type followed
3193 by the number of characters comprising the
3194 surrogate. The following scheme defines the
3195 format: {info type name}({surrogate character
3196 count}):{surrogate} For example, if the name
3197 of custom info type is ''MY_TOKEN_INFO_TYPE''
3198 and the surrogate is ''abc'', the full replacement
3199 value will be: ''MY_TOKEN_INFO_TYPE(3):abc''
3200 This annotation identifies the surrogate when
3201 inspecting content using the custom info type
3202 ''Surrogate''. This facilitates reversal of
3203 the surrogate when it occurs in free text.
3204 Note: For record transformations where the
3205 entire cell in a table is being transformed,
3206 surrogates are not mandatory. Surrogates are
3207 used to denote the location of the token and
3208 are necessary for re-identification in free
3209 form text. In order for inspection to work
3210 properly, the name of this info type must
3211 not occur naturally anywhere in your data;
3212 otherwise, inspection may either - reverse
3213 a surrogate that does not correspond to an
3214 actual identifier - be unable to parse the
3215 surrogate and result in an error Therefore,
3216 choose your custom info type name carefully
3217 after considering what your data looks like.
3218 One way to select a name that has a high chance
3219 of yielding reliable detection is to include
3220 one or more unicode characters that are highly
3221 improbable to exist in your data. For example,
3222 assuming your data is entered from a regular
3223 ASCII keyboard, the symbol with the hex code
3224 point 29DD might be used like so: ⧝MY_TOKEN_TYPE.'
3225 properties:
3226 name:
3227 description: Name of the information type.
3228 Either a name of your choosing when creating
3229 a CustomInfoType, or one of the names
3230 listed at https://cloud.google.com/dlp/docs/infotypes-reference
3231 when specifying a built-in type. When
3232 sending Cloud DLP results to Data Catalog,
3233 infoType names should conform to the pattern
3234 `[A-Za-z0-9$-_]{1,64}`.
3235 type: string
3236 type: object
3237 type: object
3238 cryptoHashConfig:
3239 description: Crypto
3240 properties:
3241 cryptoKey:
3242 description: The key used by the hash function.
3243 properties:
3244 kmsWrapped:
3245 description: Key wrapped using Cloud KMS
3246 properties:
3247 cryptoKeyRef:
3248 oneOf:
3249 - not:
3250 required:
3251 - external
3252 required:
3253 - name
3254 - not:
3255 anyOf:
3256 - required:
3257 - name
3258 - required:
3259 - namespace
3260 required:
3261 - external
3262 properties:
3263 external:
3264 description: |-
3265 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3266
3267 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3268 type: string
3269 name:
3270 description: 'Name of the referent.
3271 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3272 type: string
3273 namespace:
3274 description: 'Namespace of the referent.
3275 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3276 type: string
3277 type: object
3278 wrappedKey:
3279 description: Required. The wrapped data
3280 crypto key.
3281 type: string
3282 required:
3283 - cryptoKeyRef
3284 - wrappedKey
3285 type: object
3286 transient:
3287 description: Transient crypto key
3288 properties:
3289 name:
3290 description: 'Required. Name of the
3291 key. This is an arbitrary string used
3292 to differentiate different keys. A
3293 unique key is generated per name:
3294 two separate `TransientCryptoKey`
3295 protos share the same generated key
3296 if their names are the same. When
3297 the data crypto key is generated,
3298 this name is not used in any way (repeating
3299 the api call will result in a different
3300 key being generated).'
3301 type: string
3302 required:
3303 - name
3304 type: object
3305 unwrapped:
3306 description: Unwrapped crypto key
3307 properties:
3308 key:
3309 description: Required. A 128/192/256
3310 bit key.
3311 type: string
3312 required:
3313 - key
3314 type: object
3315 type: object
3316 type: object
3317 cryptoReplaceFfxFpeConfig:
3318 description: Ffx-Fpe
3319 properties:
3320 commonAlphabet:
3321 description: 'Common alphabets. Possible values:
3322 FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC,
3323 HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC'
3324 type: string
3325 context:
3326 description: 'The ''tweak'', a context may be
3327 used for higher security since the same identifier
3328 in two different contexts won''t be given
3329 the same surrogate. If the context is not
3330 set, a default tweak will be used. If the
3331 context is set but: 1. there is no record
3332 present when transforming a given value or
3333 1. the field is not present when transforming
3334 a given value, a default tweak will be used.
3335 Note that case (1) is expected when an `InfoTypeTransformation`
3336 is applied to both structured and non-structured
3337 `ContentItem`s. Currently, the referenced
3338 field may be of value type integer or string.
3339 The tweak is constructed as a sequence of
3340 bytes in big endian byte order such that:
3341 - a 64 bit integer is encoded followed by
3342 a single byte of value 1 - a string is encoded
3343 in UTF-8 format followed by a single byte
3344 of value 2'
3345 properties:
3346 name:
3347 description: Name describing the field.
3348 type: string
3349 type: object
3350 cryptoKey:
3351 description: Required. The key used by the encryption
3352 algorithm.
3353 properties:
3354 kmsWrapped:
3355 description: Key wrapped using Cloud KMS
3356 properties:
3357 cryptoKeyRef:
3358 oneOf:
3359 - not:
3360 required:
3361 - external
3362 required:
3363 - name
3364 - not:
3365 anyOf:
3366 - required:
3367 - name
3368 - required:
3369 - namespace
3370 required:
3371 - external
3372 properties:
3373 external:
3374 description: |-
3375 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3376
3377 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3378 type: string
3379 name:
3380 description: 'Name of the referent.
3381 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3382 type: string
3383 namespace:
3384 description: 'Namespace of the referent.
3385 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3386 type: string
3387 type: object
3388 wrappedKey:
3389 description: Required. The wrapped data
3390 crypto key.
3391 type: string
3392 required:
3393 - cryptoKeyRef
3394 - wrappedKey
3395 type: object
3396 transient:
3397 description: Transient crypto key
3398 properties:
3399 name:
3400 description: 'Required. Name of the
3401 key. This is an arbitrary string used
3402 to differentiate different keys. A
3403 unique key is generated per name:
3404 two separate `TransientCryptoKey`
3405 protos share the same generated key
3406 if their names are the same. When
3407 the data crypto key is generated,
3408 this name is not used in any way (repeating
3409 the api call will result in a different
3410 key being generated).'
3411 type: string
3412 required:
3413 - name
3414 type: object
3415 unwrapped:
3416 description: Unwrapped crypto key
3417 properties:
3418 key:
3419 description: Required. A 128/192/256
3420 bit key.
3421 type: string
3422 required:
3423 - key
3424 type: object
3425 type: object
3426 customAlphabet:
3427 description: 'This is supported by mapping these
3428 to the alphanumeric characters that the FFX
3429 mode natively supports. This happens before/after
3430 encryption/decryption. Each character listed
3431 must appear only once. Number of characters
3432 must be in the range [2, 95]. This must be
3433 encoded as ASCII. The order of characters
3434 does not matter. The full list of allowed
3435 characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
3436 ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``'
3437 type: string
3438 radix:
3439 description: The native way to select the alphabet.
3440 Must be in the range [2, 95].
3441 format: int64
3442 type: integer
3443 surrogateInfoType:
3444 description: 'The custom infoType to annotate
3445 the surrogate with. This annotation will be
3446 applied to the surrogate by prefixing it with
3447 the name of the custom infoType followed by
3448 the number of characters comprising the surrogate.
3449 The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
3450 For example, if the name of custom infoType
3451 is ''MY_TOKEN_INFO_TYPE'' and the surrogate
3452 is ''abc'', the full replacement value will
3453 be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation
3454 identifies the surrogate when inspecting content
3455 using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
3456 This facilitates reversal of the surrogate
3457 when it occurs in free text. In order for
3458 inspection to work properly, the name of this
3459 infoType must not occur naturally anywhere
3460 in your data; otherwise, inspection may find
3461 a surrogate that does not correspond to an
3462 actual identifier. Therefore, choose your
3463 custom infoType name carefully after considering
3464 what your data looks like. One way to select
3465 a name that has a high chance of yielding
3466 reliable detection is to include one or more
3467 unicode characters that are highly improbable
3468 to exist in your data. For example, assuming
3469 your data is entered from a regular ASCII
3470 keyboard, the symbol with the hex code point
3471 29DD might be used like so: ⧝MY_TOKEN_TYPE'
3472 properties:
3473 name:
3474 description: Name of the information type.
3475 Either a name of your choosing when creating
3476 a CustomInfoType, or one of the names
3477 listed at https://cloud.google.com/dlp/docs/infotypes-reference
3478 when specifying a built-in type. When
3479 sending Cloud DLP results to Data Catalog,
3480 infoType names should conform to the pattern
3481 `[A-Za-z0-9$-_]{1,64}`.
3482 type: string
3483 type: object
3484 required:
3485 - cryptoKey
3486 type: object
3487 dateShiftConfig:
3488 description: Date Shift
3489 properties:
3490 context:
3491 description: Points to the field that contains
3492 the context, for example, an entity id. If
3493 set, must also set cryptoKey. If set, shift
3494 will be consistent for the given context.
3495 properties:
3496 name:
3497 description: Name describing the field.
3498 type: string
3499 type: object
3500 cryptoKey:
3501 description: Causes the shift to be computed
3502 based on this key and the context. This results
3503 in the same shift for the same context and
3504 crypto_key. If set, must also set context.
3505 Can only be applied to table items.
3506 properties:
3507 kmsWrapped:
3508 description: Key wrapped using Cloud KMS
3509 properties:
3510 cryptoKeyRef:
3511 oneOf:
3512 - not:
3513 required:
3514 - external
3515 required:
3516 - name
3517 - not:
3518 anyOf:
3519 - required:
3520 - name
3521 - required:
3522 - namespace
3523 required:
3524 - external
3525 properties:
3526 external:
3527 description: |-
3528 Required. The resource name of the KMS CryptoKey to use for unwrapping.
3529
3530 Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).
3531 type: string
3532 name:
3533 description: 'Name of the referent.
3534 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
3535 type: string
3536 namespace:
3537 description: 'Namespace of the referent.
3538 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
3539 type: string
3540 type: object
3541 wrappedKey:
3542 description: Required. The wrapped data
3543 crypto key.
3544 type: string
3545 required:
3546 - cryptoKeyRef
3547 - wrappedKey
3548 type: object
3549 transient:
3550 description: Transient crypto key
3551 properties:
3552 name:
3553 description: 'Required. Name of the
3554 key. This is an arbitrary string used
3555 to differentiate different keys. A
3556 unique key is generated per name:
3557 two separate `TransientCryptoKey`
3558 protos share the same generated key
3559 if their names are the same. When
3560 the data crypto key is generated,
3561 this name is not used in any way (repeating
3562 the api call will result in a different
3563 key being generated).'
3564 type: string
3565 required:
3566 - name
3567 type: object
3568 unwrapped:
3569 description: Unwrapped crypto key
3570 properties:
3571 key:
3572 description: Required. A 128/192/256
3573 bit key.
3574 type: string
3575 required:
3576 - key
3577 type: object
3578 type: object
3579 lowerBoundDays:
3580 description: Required. For example, -5 means
3581 shift date to at most 5 days back in the past.
3582 format: int64
3583 type: integer
3584 upperBoundDays:
3585 description: Required. Range of shift in days.
3586 Actual shift will be selected at random within
3587 this range (inclusive ends). Negative means
3588 shift to earlier in time. Must not be more
3589 than 365250 days (1000 years) each direction.
3590 For example, 3 means shift date to at most
3591 3 days into the future.
3592 format: int64
3593 type: integer
3594 required:
3595 - lowerBoundDays
3596 - upperBoundDays
3597 type: object
3598 fixedSizeBucketingConfig:
3599 description: Fixed size bucketing
3600 properties:
3601 bucketSize:
3602 description: 'Required. Size of each bucket
3603 (except for minimum and maximum buckets).
3604 So if `lower_bound` = 10, `upper_bound` =
3605 89, and `bucket_size` = 10, then the following
3606 buckets would be used: -10, 10-20, 20-30,
3607 30-40, 40-50, 50-60, 60-70, 70-80, 80-89,
3608 89+. Precision up to 2 decimals works.'
3609 format: double
3610 type: number
3611 lowerBound:
3612 description: Required. Lower bound value of
3613 buckets. All values less than `lower_bound`
3614 are grouped together into a single bucket;
3615 for example if `lower_bound` = 10, then all
3616 values less than 10 are replaced with the
3617 value "-10".
3618 properties:
3619 booleanValue:
3620 description: boolean
3621 type: boolean
3622 dateValue:
3623 description: date
3624 properties:
3625 day:
3626 description: Day of a month. Must be
3627 from 1 to 31 and valid for the year
3628 and month, or 0 to specify a year
3629 by itself or a year and month where
3630 the day isn't significant.
3631 format: int64
3632 type: integer
3633 month:
3634 description: Month of a year. Must be
3635 from 1 to 12, or 0 to specify a year
3636 without a month and day.
3637 format: int64
3638 type: integer
3639 year:
3640 description: Year of the date. Must
3641 be from 1 to 9999, or 0 to specify
3642 a date without a year.
3643 format: int64
3644 type: integer
3645 type: object
3646 dayOfWeekValue:
3647 description: 'day of week Possible values:
3648 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3649 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3650 SUNDAY'
3651 type: string
3652 floatValue:
3653 description: float
3654 format: double
3655 type: number
3656 integerValue:
3657 description: integer
3658 format: int64
3659 type: integer
3660 stringValue:
3661 description: string
3662 type: string
3663 timeValue:
3664 description: time of day
3665 properties:
3666 hours:
3667 description: Hours of day in 24 hour
3668 format. Should be from 0 to 23. An
3669 API may choose to allow the value
3670 "24:00:00" for scenarios like business
3671 closing time.
3672 format: int64
3673 type: integer
3674 minutes:
3675 description: Minutes of hour of day.
3676 Must be from 0 to 59.
3677 format: int64
3678 type: integer
3679 nanos:
3680 description: Fractions of seconds in
3681 nanoseconds. Must be from 0 to 999,999,999.
3682 format: int64
3683 type: integer
3684 seconds:
3685 description: Seconds of minutes of the
3686 time. Must normally be from 0 to 59.
3687 An API may allow the value 60 if it
3688 allows leap-seconds.
3689 format: int64
3690 type: integer
3691 type: object
3692 timestampValue:
3693 description: timestamp
3694 format: date-time
3695 type: string
3696 type: object
3697 upperBound:
3698 description: Required. Upper bound value of
3699 buckets. All values greater than upper_bound
3700 are grouped together into a single bucket;
3701 for example if `upper_bound` = 89, then all
3702 values greater than 89 are replaced with the
3703 value "89+".
3704 properties:
3705 booleanValue:
3706 description: boolean
3707 type: boolean
3708 dateValue:
3709 description: date
3710 properties:
3711 day:
3712 description: Day of a month. Must be
3713 from 1 to 31 and valid for the year
3714 and month, or 0 to specify a year
3715 by itself or a year and month where
3716 the day isn't significant.
3717 format: int64
3718 type: integer
3719 month:
3720 description: Month of a year. Must be
3721 from 1 to 12, or 0 to specify a year
3722 without a month and day.
3723 format: int64
3724 type: integer
3725 year:
3726 description: Year of the date. Must
3727 be from 1 to 9999, or 0 to specify
3728 a date without a year.
3729 format: int64
3730 type: integer
3731 type: object
3732 dayOfWeekValue:
3733 description: 'day of week Possible values:
3734 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3735 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3736 SUNDAY'
3737 type: string
3738 floatValue:
3739 description: float
3740 format: double
3741 type: number
3742 integerValue:
3743 description: integer
3744 format: int64
3745 type: integer
3746 stringValue:
3747 description: string
3748 type: string
3749 timeValue:
3750 description: time of day
3751 properties:
3752 hours:
3753 description: Hours of day in 24 hour
3754 format. Should be from 0 to 23. An
3755 API may choose to allow the value
3756 "24:00:00" for scenarios like business
3757 closing time.
3758 format: int64
3759 type: integer
3760 minutes:
3761 description: Minutes of hour of day.
3762 Must be from 0 to 59.
3763 format: int64
3764 type: integer
3765 nanos:
3766 description: Fractions of seconds in
3767 nanoseconds. Must be from 0 to 999,999,999.
3768 format: int64
3769 type: integer
3770 seconds:
3771 description: Seconds of minutes of the
3772 time. Must normally be from 0 to 59.
3773 An API may allow the value 60 if it
3774 allows leap-seconds.
3775 format: int64
3776 type: integer
3777 type: object
3778 timestampValue:
3779 description: timestamp
3780 format: date-time
3781 type: string
3782 type: object
3783 required:
3784 - bucketSize
3785 - lowerBound
3786 - upperBound
3787 type: object
3788 redactConfig:
3789 description: Redact
3790 type: object
3791 x-kubernetes-preserve-unknown-fields: true
3792 replaceConfig:
3793 description: Replace with a specified value.
3794 properties:
3795 newValue:
3796 description: Value to replace it with.
3797 properties:
3798 booleanValue:
3799 description: boolean
3800 type: boolean
3801 dateValue:
3802 description: date
3803 properties:
3804 day:
3805 description: Day of a month. Must be
3806 from 1 to 31 and valid for the year
3807 and month, or 0 to specify a year
3808 by itself or a year and month where
3809 the day isn't significant.
3810 format: int64
3811 type: integer
3812 month:
3813 description: Month of a year. Must be
3814 from 1 to 12, or 0 to specify a year
3815 without a month and day.
3816 format: int64
3817 type: integer
3818 year:
3819 description: Year of the date. Must
3820 be from 1 to 9999, or 0 to specify
3821 a date without a year.
3822 format: int64
3823 type: integer
3824 type: object
3825 dayOfWeekValue:
3826 description: 'day of week Possible values:
3827 DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY,
3828 WEDNESDAY, THURSDAY, FRIDAY, SATURDAY,
3829 SUNDAY'
3830 type: string
3831 floatValue:
3832 description: float
3833 format: double
3834 type: number
3835 integerValue:
3836 description: integer
3837 format: int64
3838 type: integer
3839 stringValue:
3840 description: string
3841 type: string
3842 timeValue:
3843 description: time of day
3844 properties:
3845 hours:
3846 description: Hours of day in 24 hour
3847 format. Should be from 0 to 23. An
3848 API may choose to allow the value
3849 "24:00:00" for scenarios like business
3850 closing time.
3851 format: int64
3852 type: integer
3853 minutes:
3854 description: Minutes of hour of day.
3855 Must be from 0 to 59.
3856 format: int64
3857 type: integer
3858 nanos:
3859 description: Fractions of seconds in
3860 nanoseconds. Must be from 0 to 999,999,999.
3861 format: int64
3862 type: integer
3863 seconds:
3864 description: Seconds of minutes of the
3865 time. Must normally be from 0 to 59.
3866 An API may allow the value 60 if it
3867 allows leap-seconds.
3868 format: int64
3869 type: integer
3870 type: object
3871 timestampValue:
3872 description: timestamp
3873 format: date-time
3874 type: string
3875 type: object
3876 type: object
3877 replaceWithInfoTypeConfig:
3878 description: Replace with infotype
3879 type: object
3880 x-kubernetes-preserve-unknown-fields: true
3881 timePartConfig:
3882 description: Time extraction
3883 properties:
3884 partToExtract:
3885 description: 'The part of the time to keep.
3886 Possible values: TIME_PART_UNSPECIFIED, YEAR,
3887 MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR,
3888 HOUR_OF_DAY'
3889 type: string
3890 type: object
3891 type: object
3892 required:
3893 - fields
3894 type: object
3895 type: array
3896 recordSuppressions:
3897 description: Configuration defining which records get suppressed
3898 entirely. Records that match any suppression rule are omitted
3899 from the output.
3900 items:
3901 properties:
3902 condition:
3903 description: A condition that when it evaluates to true
3904 will result in the record being evaluated to be suppressed
3905 from the transformed content.
3906 properties:
3907 expressions:
3908 description: An expression.
3909 properties:
3910 conditions:
3911 description: Conditions to apply to the expression.
3912 properties:
3913 conditions:
3914 description: A collection of conditions.
3915 items:
3916 properties:
3917 field:
3918 description: Required. Field within
3919 the record this condition is evaluated
3920 against.
3921 properties:
3922 name:
3923 description: Name describing the
3924 field.
3925 type: string
3926 type: object
3927 operator:
3928 description: 'Required. Operator used
3929 to compare the field or infoType
3930 to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED,
3931 AND'
3932 type: string
3933 value:
3934 description: Value to compare against.
3935 [Mandatory, except for `EXISTS`
3936 tests.]
3937 properties:
3938 booleanValue:
3939 description: boolean
3940 type: boolean
3941 dateValue:
3942 description: date
3943 properties:
3944 day:
3945 description: Day of a month.
3946 Must be from 1 to 31 and
3947 valid for the year and month,
3948 or 0 to specify a year by
3949 itself or a year and month
3950 where the day isn't significant.
3951 format: int64
3952 type: integer
3953 month:
3954 description: Month of a year.
3955 Must be from 1 to 12, or
3956 0 to specify a year without
3957 a month and day.
3958 format: int64
3959 type: integer
3960 year:
3961 description: Year of the date.
3962 Must be from 1 to 9999,
3963 or 0 to specify a date without
3964 a year.
3965 format: int64
3966 type: integer
3967 type: object
3968 dayOfWeekValue:
3969 description: 'day of week Possible
3970 values: DAY_OF_WEEK_UNSPECIFIED,
3971 MONDAY, TUESDAY, WEDNESDAY,
3972 THURSDAY, FRIDAY, SATURDAY,
3973 SUNDAY'
3974 type: string
3975 floatValue:
3976 description: float
3977 format: double
3978 type: number
3979 integerValue:
3980 description: integer
3981 format: int64
3982 type: integer
3983 stringValue:
3984 description: string
3985 type: string
3986 timeValue:
3987 description: time of day
3988 properties:
3989 hours:
3990 description: Hours of day
3991 in 24 hour format. Should
3992 be from 0 to 23. An API
3993 may choose to allow the
3994 value "24:00:00" for scenarios
3995 like business closing time.
3996 format: int64
3997 type: integer
3998 minutes:
3999 description: Minutes of hour
4000 of day. Must be from 0 to
4001 59.
4002 format: int64
4003 type: integer
4004 nanos:
4005 description: Fractions of
4006 seconds in nanoseconds.
4007 Must be from 0 to 999,999,999.
4008 format: int64
4009 type: integer
4010 seconds:
4011 description: Seconds of minutes
4012 of the time. Must normally
4013 be from 0 to 59. An API
4014 may allow the value 60 if
4015 it allows leap-seconds.
4016 format: int64
4017 type: integer
4018 type: object
4019 timestampValue:
4020 description: timestamp
4021 format: date-time
4022 type: string
4023 type: object
4024 required:
4025 - field
4026 - operator
4027 type: object
4028 type: array
4029 type: object
4030 logicalOperator:
4031 description: 'The operator to apply to the result
4032 of conditions. Default and currently only
4033 supported value is `AND`. Possible values:
4034 LOGICAL_OPERATOR_UNSPECIFIED, AND'
4035 type: string
4036 type: object
4037 type: object
4038 type: object
4039 type: array
4040 type: object
4041 transformationErrorHandling:
4042 description: Mode for handling transformation errors. If left
4043 unspecified, the default mode is `TransformationErrorHandling.ThrowError`.
4044 properties:
4045 leaveUntransformed:
4046 description: Ignore errors
4047 type: object
4048 x-kubernetes-preserve-unknown-fields: true
4049 throwError:
4050 description: Throw an error
4051 type: object
4052 x-kubernetes-preserve-unknown-fields: true
4053 type: object
4054 type: object
4055 description:
4056 description: Short description (max 256 chars).
4057 type: string
4058 displayName:
4059 description: Display name (max 256 chars).
4060 type: string
4061 location:
4062 description: Immutable. The location of the resource
4063 type: string
4064 organizationRef:
4065 description: Immutable. The Organization that this resource belongs
4066 to. Only one of [organizationRef, projectRef] may be specified.
4067 oneOf:
4068 - not:
4069 required:
4070 - external
4071 required:
4072 - name
4073 - not:
4074 anyOf:
4075 - required:
4076 - name
4077 - required:
4078 - namespace
4079 required:
4080 - external
4081 properties:
4082 external:
4083 description: 'Allowed value: The Google Cloud resource name of
4084 a Google Cloud Organization (format: `organizations/{{name}}`).'
4085 type: string
4086 name:
4087 description: |-
4088 [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.
4089 Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4090 type: string
4091 namespace:
4092 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
4093 type: string
4094 type: object
4095 projectRef:
4096 description: Immutable. The Project that this resource belongs to.
4097 Only one of [organizationRef, projectRef] may be specified.
4098 oneOf:
4099 - not:
4100 required:
4101 - external
4102 required:
4103 - name
4104 - not:
4105 anyOf:
4106 - required:
4107 - name
4108 - required:
4109 - namespace
4110 required:
4111 - external
4112 properties:
4113 external:
4114 description: 'Allowed value: The Google Cloud resource name of
4115 a `Project` resource (format: `projects/{{name}}`).'
4116 type: string
4117 name:
4118 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
4119 type: string
4120 namespace:
4121 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
4122 type: string
4123 type: object
4124 resourceID:
4125 description: Immutable. Optional. The service-generated name of the
4126 resource. Used for acquisition only. Leave unset to create a new
4127 resource.
4128 type: string
4129 type: object
4130 status:
4131 properties:
4132 conditions:
4133 description: Conditions represent the latest available observation
4134 of the resource's current state.
4135 items:
4136 properties:
4137 lastTransitionTime:
4138 description: Last time the condition transitioned from one status
4139 to another.
4140 type: string
4141 message:
4142 description: Human-readable message indicating details about
4143 last transition.
4144 type: string
4145 reason:
4146 description: Unique, one-word, CamelCase reason for the condition's
4147 last transition.
4148 type: string
4149 status:
4150 description: Status is the status of the condition. Can be True,
4151 False, Unknown.
4152 type: string
4153 type:
4154 description: Type is the type of the condition.
4155 type: string
4156 type: object
4157 type: array
4158 createTime:
4159 description: Output only. The creation timestamp of an inspectTemplate.
4160 format: date-time
4161 type: string
4162 locationId:
4163 description: Output only. The geographic location where this resource
4164 is stored.
4165 type: string
4166 observedGeneration:
4167 description: ObservedGeneration is the generation of the resource
4168 that was most recently observed by the Config Connector controller.
4169 If this is equal to metadata.generation, then that means that the
4170 current reported status reflects the most recent desired state of
4171 the resource.
4172 type: integer
4173 updateTime:
4174 description: Output only. The last update timestamp of an inspectTemplate.
4175 format: date-time
4176 type: string
4177 type: object
4178 type: object
4179 served: true
4180 storage: true
4181 subresources:
4182 status: {}
4183status:
4184 acceptedNames:
4185 kind: ""
4186 plural: ""
4187 conditions: []
4188 storedVersions: []
View as plain text