1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: dlpinspecttemplates.dlp.cnrm.cloud.google.com
27spec:
28 group: dlp.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: DLPInspectTemplate
33 plural: dlpinspecttemplates
34 shortNames:
35 - gcpdlpinspecttemplate
36 - gcpdlpinspecttemplates
37 singular: dlpinspecttemplate
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 oneOf:
74 - required:
75 - organizationRef
76 - required:
77 - projectRef
78 properties:
79 description:
80 description: Short description (max 256 chars).
81 type: string
82 displayName:
83 description: Display name (max 256 chars).
84 type: string
85 inspectConfig:
86 description: The core content of the template. Configuration of the
87 scanning process.
88 properties:
89 contentOptions:
90 description: List of options defining data content to scan. If
91 empty, text, images, and other content will be included.
92 items:
93 type: string
94 type: array
95 customInfoTypes:
96 description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes
97 to learn more.
98 items:
99 properties:
100 dictionary:
101 description: A list of phrases to detect as a CustomInfoType.
102 properties:
103 cloudStoragePath:
104 description: Newline-delimited file of words in Cloud
105 Storage. Only a single file is accepted.
106 properties:
107 path:
108 description: 'A url representing a file or path
109 (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt'
110 type: string
111 type: object
112 wordList:
113 description: List of words or phrases to search for.
114 properties:
115 words:
116 description: Words or phrases defining the dictionary.
117 The dictionary must contain at least one phrase
118 and every phrase must contain at least 2 characters
119 that are letters or digits. [required]
120 items:
121 type: string
122 type: array
123 type: object
124 type: object
125 exclusionType:
126 description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType
127 will not cause a finding to be returned. It still can
128 be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED,
129 EXCLUSION_TYPE_EXCLUDE'
130 type: string
131 infoType:
132 description: CustomInfoType can either be a new infoType,
133 or an extension of built-in infoType, when the name matches
134 one of existing infoTypes and that infoType is specified
135 in `InspectContent.info_types` field. Specifying the latter
136 adds findings to the one detected by the system. If built-in
137 info type is not specified in `InspectContent.info_types`
138 list then the name is treated as a custom info type.
139 properties:
140 name:
141 description: Name of the information type. Either a
142 name of your choosing when creating a CustomInfoType,
143 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
144 when specifying a built-in type. When sending Cloud
145 DLP results to Data Catalog, infoType names should
146 conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
147 type: string
148 type: object
149 likelihood:
150 description: 'Likelihood to return for this CustomInfoType.
151 This base value can be altered by a detection rule if
152 the finding meets the criteria specified by the rule.
153 Defaults to `VERY_LIKELY` if not specified. Possible values:
154 LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE,
155 LIKELY, VERY_LIKELY'
156 type: string
157 regex:
158 description: Regular expression based CustomInfoType.
159 properties:
160 groupIndexes:
161 description: The index of the submatch to extract as
162 findings. When not specified, the entire match is
163 returned. No more than 3 may be included.
164 items:
165 format: int64
166 type: integer
167 type: array
168 pattern:
169 description: Pattern defining the regular expression.
170 Its syntax (https://github.com/google/re2/wiki/Syntax)
171 can be found under the google/re2 repository on GitHub.
172 type: string
173 type: object
174 storedType:
175 description: Load an existing `StoredInfoType` resource
176 for use in `InspectDataSource`. Not currently supported
177 in `InspectContent`.
178 properties:
179 createTime:
180 description: Timestamp indicating when the version of
181 the `StoredInfoType` used for inspection was created.
182 Output-only field, populated by the system.
183 format: date-time
184 type: string
185 nameRef:
186 oneOf:
187 - not:
188 required:
189 - external
190 required:
191 - name
192 - not:
193 anyOf:
194 - required:
195 - name
196 - required:
197 - namespace
198 required:
199 - external
200 properties:
201 external:
202 description: |-
203 Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`.
204
205 Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`).
206 type: string
207 name:
208 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
209 type: string
210 namespace:
211 description: 'Namespace of the referent. More info:
212 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
213 type: string
214 type: object
215 type: object
216 surrogateType:
217 description: Message for detecting output from deidentification
218 transformations that support reversing.
219 type: object
220 x-kubernetes-preserve-unknown-fields: true
221 type: object
222 type: array
223 excludeInfoTypes:
224 description: When true, excludes type information of the findings.
225 type: boolean
226 includeQuote:
227 description: When true, a contextual quote from the data that
228 triggered a finding is included in the response; see Finding.quote.
229 type: boolean
230 infoTypes:
231 description: Restricts what info_types to look for. The values
232 must correspond to InfoType values returned by ListInfoTypes
233 or listed at https://cloud.google.com/dlp/docs/infotypes-reference.
234 When no InfoTypes or CustomInfoTypes are specified in a request,
235 the system may automatically choose what detectors to run. By
236 default this may be all types, but may change over time as detectors
237 are updated. If you need precise control and predictability
238 as to what detectors are run you should specify specific InfoTypes
239 listed in the reference, otherwise a default list will be used,
240 which may change over time.
241 items:
242 properties:
243 name:
244 description: Name of the information type. Either a name
245 of your choosing when creating a CustomInfoType, or one
246 of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
247 when specifying a built-in type. When sending Cloud DLP
248 results to Data Catalog, infoType names should conform
249 to the pattern `[A-Za-z0-9$-_]{1,64}`.
250 type: string
251 type: object
252 type: array
253 limits:
254 description: Configuration to control the number of findings returned.
255 properties:
256 maxFindingsPerInfoType:
257 description: Configuration of findings limit given for specified
258 infoTypes.
259 items:
260 properties:
261 infoType:
262 description: Type of information the findings limit
263 applies to. Only one limit per info_type should be
264 provided. If InfoTypeLimit does not have an info_type,
265 the DLP API applies the limit against all info_types
266 that are found but not specified in another InfoTypeLimit.
267 properties:
268 name:
269 description: Name of the information type. Either
270 a name of your choosing when creating a CustomInfoType,
271 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
272 when specifying a built-in type. When sending
273 Cloud DLP results to Data Catalog, infoType names
274 should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
275 type: string
276 type: object
277 maxFindings:
278 description: Max findings limit for the given infoType.
279 format: int64
280 type: integer
281 type: object
282 type: array
283 maxFindingsPerItem:
284 description: Max number of findings that will be returned
285 for each item scanned. When set within `InspectJobConfig`,
286 the maximum returned is 2000 regardless if this is set higher.
287 When set within `InspectContentRequest`, this field is ignored.
288 format: int64
289 type: integer
290 maxFindingsPerRequest:
291 description: Max number of findings that will be returned
292 per request/job. When set within `InspectContentRequest`,
293 the maximum returned is 2000 regardless if this is set higher.
294 format: int64
295 type: integer
296 type: object
297 minLikelihood:
298 description: 'Only returns findings equal or above this threshold.
299 The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood
300 to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY,
301 UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY'
302 type: string
303 ruleSet:
304 description: Set of rules to apply to the findings for this InspectConfig.
305 Exclusion rules, contained in the set are executed in the end,
306 other rules are executed in the order they are specified for
307 each info type.
308 items:
309 properties:
310 infoTypes:
311 description: List of infoTypes this rule set is applied
312 to.
313 items:
314 properties:
315 name:
316 description: Name of the information type. Either
317 a name of your choosing when creating a CustomInfoType,
318 or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
319 when specifying a built-in type. When sending Cloud
320 DLP results to Data Catalog, infoType names should
321 conform to the pattern `[A-Za-z0-9$-_]{1,64}`.
322 type: string
323 type: object
324 type: array
325 rules:
326 description: Set of rules to be applied to infoTypes. The
327 rules are applied in order.
328 items:
329 properties:
330 exclusionRule:
331 description: Exclusion rule.
332 properties:
333 dictionary:
334 description: Dictionary which defines the rule.
335 properties:
336 cloudStoragePath:
337 description: Newline-delimited file of words
338 in Cloud Storage. Only a single file is
339 accepted.
340 properties:
341 path:
342 description: 'A url representing a file
343 or path (no wildcards) in Cloud Storage.
344 Example: gs://[BUCKET_NAME]/dictionary.txt'
345 type: string
346 type: object
347 wordList:
348 description: List of words or phrases to search
349 for.
350 properties:
351 words:
352 description: Words or phrases defining
353 the dictionary. The dictionary must
354 contain at least one phrase and every
355 phrase must contain at least 2 characters
356 that are letters or digits. [required]
357 items:
358 type: string
359 type: array
360 type: object
361 type: object
362 excludeInfoTypes:
363 description: Set of infoTypes for which findings
364 would affect this rule.
365 properties:
366 infoTypes:
367 description: InfoType list in ExclusionRule
368 rule drops a finding when it overlaps or
369 contained within with a finding of an infoType
370 from this list. For example, for `InspectionRuleSet.info_types`
371 containing "PHONE_NUMBER"` and `exclusion_rule`
372 containing `exclude_info_types.info_types`
373 with "EMAIL_ADDRESS" the phone number findings
374 are dropped if they overlap with EMAIL_ADDRESS
375 finding. That leads to "555-222-2222@example.org"
376 to generate only a single finding, namely
377 email address.
378 items:
379 properties:
380 name:
381 description: Name of the information
382 type. Either a name of your choosing
383 when creating a CustomInfoType, or
384 one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference
385 when specifying a built-in type. When
386 sending Cloud DLP results to Data
387 Catalog, infoType names should conform
388 to the pattern `[A-Za-z0-9$-_]{1,64}`.
389 type: string
390 type: object
391 type: array
392 type: object
393 matchingType:
394 description: 'How the rule is applied, see MatchingType
395 documentation for details. Possible values:
396 MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH,
397 MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH'
398 type: string
399 regex:
400 description: Regular expression which defines
401 the rule.
402 properties:
403 groupIndexes:
404 description: The index of the submatch to
405 extract as findings. When not specified,
406 the entire match is returned. No more than
407 3 may be included.
408 items:
409 format: int64
410 type: integer
411 type: array
412 pattern:
413 description: Pattern defining the regular
414 expression. Its syntax (https://github.com/google/re2/wiki/Syntax)
415 can be found under the google/re2 repository
416 on GitHub.
417 type: string
418 type: object
419 type: object
420 hotwordRule:
421 properties:
422 hotwordRegex:
423 description: Regular expression pattern defining
424 what qualifies as a hotword.
425 properties:
426 groupIndexes:
427 description: The index of the submatch to
428 extract as findings. When not specified,
429 the entire match is returned. No more than
430 3 may be included.
431 items:
432 format: int64
433 type: integer
434 type: array
435 pattern:
436 description: Pattern defining the regular
437 expression. Its syntax (https://github.com/google/re2/wiki/Syntax)
438 can be found under the google/re2 repository
439 on GitHub.
440 type: string
441 type: object
442 likelihoodAdjustment:
443 description: Likelihood adjustment to apply to
444 all matching findings.
445 properties:
446 fixedLikelihood:
447 description: 'Set the likelihood of a finding
448 to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED,
449 VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY,
450 VERY_LIKELY'
451 type: string
452 relativeLikelihood:
453 description: Increase or decrease the likelihood
454 by the specified number of levels. For example,
455 if a finding would be `POSSIBLE` without
456 the detection rule and `relative_likelihood`
457 is 1, then it is upgraded to `LIKELY`, while
458 a value of -1 would downgrade it to `UNLIKELY`.
459 Likelihood may never drop below `VERY_UNLIKELY`
460 or exceed `VERY_LIKELY`, so applying an
461 adjustment of 1 followed by an adjustment
462 of -1 when base likelihood is `VERY_LIKELY`
463 will result in a final likelihood of `LIKELY`.
464 format: int64
465 type: integer
466 type: object
467 proximity:
468 description: Proximity of the finding within which
469 the entire hotword must reside. The total length
470 of the window cannot exceed 1000 characters.
471 Note that the finding itself will be included
472 in the window, so that hotwords may be used
473 to match substrings of the finding itself. For
474 example, the certainty of a phone number regex
475 "(d{3}) d{3}-d{4}" could be adjusted upwards
476 if the area code is known to be the local area
477 code of a company office using the hotword regex
478 "(xxx)", where "xxx" is the area code in question.
479 properties:
480 windowAfter:
481 description: Number of characters after the
482 finding to consider.
483 format: int64
484 type: integer
485 windowBefore:
486 description: Number of characters before the
487 finding to consider.
488 format: int64
489 type: integer
490 type: object
491 type: object
492 type: object
493 type: array
494 type: object
495 type: array
496 type: object
497 location:
498 description: Immutable. The location of the resource
499 type: string
500 organizationRef:
501 description: Immutable. The Organization that this resource belongs
502 to. Only one of [organizationRef, projectRef] may be specified.
503 oneOf:
504 - not:
505 required:
506 - external
507 required:
508 - name
509 - not:
510 anyOf:
511 - required:
512 - name
513 - required:
514 - namespace
515 required:
516 - external
517 properties:
518 external:
519 description: 'Allowed value: The Google Cloud resource name of
520 a Google Cloud Organization (format: `organizations/{{name}}`).'
521 type: string
522 name:
523 description: |-
524 [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.
525 Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
526 type: string
527 namespace:
528 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
529 type: string
530 type: object
531 projectRef:
532 description: Immutable. The Project that this resource belongs to.
533 Only one of [organizationRef, projectRef] may be specified.
534 oneOf:
535 - not:
536 required:
537 - external
538 required:
539 - name
540 - not:
541 anyOf:
542 - required:
543 - name
544 - required:
545 - namespace
546 required:
547 - external
548 properties:
549 external:
550 description: 'Allowed value: The Google Cloud resource name of
551 a `Project` resource (format: `projects/{{name}}`).'
552 type: string
553 name:
554 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
555 type: string
556 namespace:
557 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
558 type: string
559 type: object
560 resourceID:
561 description: Immutable. Optional. The service-generated name of the
562 resource. Used for acquisition only. Leave unset to create a new
563 resource.
564 type: string
565 type: object
566 status:
567 properties:
568 conditions:
569 description: Conditions represent the latest available observation
570 of the resource's current state.
571 items:
572 properties:
573 lastTransitionTime:
574 description: Last time the condition transitioned from one status
575 to another.
576 type: string
577 message:
578 description: Human-readable message indicating details about
579 last transition.
580 type: string
581 reason:
582 description: Unique, one-word, CamelCase reason for the condition's
583 last transition.
584 type: string
585 status:
586 description: Status is the status of the condition. Can be True,
587 False, Unknown.
588 type: string
589 type:
590 description: Type is the type of the condition.
591 type: string
592 type: object
593 type: array
594 createTime:
595 description: Output only. The creation timestamp of an inspectTemplate.
596 format: date-time
597 type: string
598 locationId:
599 description: Output only. The geographic location where this resource
600 is stored.
601 type: string
602 observedGeneration:
603 description: ObservedGeneration is the generation of the resource
604 that was most recently observed by the Config Connector controller.
605 If this is equal to metadata.generation, then that means that the
606 current reported status reflects the most recent desired state of
607 the resource.
608 type: integer
609 updateTime:
610 description: Output only. The last update timestamp of an inspectTemplate.
611 format: date-time
612 type: string
613 type: object
614 type: object
615 served: true
616 storage: true
617 subresources:
618 status: {}
619status:
620 acceptedNames:
621 kind: ""
622 plural: ""
623 conditions: []
624 storedVersions: []
View as plain text