google-cloud-dlp-v2 1.3.1 → 1.5.0

data/lib/google/privacy/dlp/v2/dlp_services_pb.rb

@@ -24,13 +24,9 @@ module Google
     module Dlp
       module V2
         module DlpService
-          # The Cloud Data Loss Prevention (DLP) API is a service that allows clients
-          # to detect the presence of Personally Identifiable Information (PII) and other
-          # privacy-sensitive data in user-supplied, unstructured data streams, like text
-          # blocks or images.
-          # The service also includes methods for sensitive data redaction and
-          # scheduling of data scans on Google Cloud Platform based data sets.
-          #
+          # Sensitive Data Protection provides access to a powerful sensitive data
+          # inspection, classification, and de-identification platform that works
+          # on text, images, and Google Cloud storage repositories.
           # To learn more about concepts and find how-to guides see
           # https://cloud.google.com/sensitive-data-protection/docs/.
           class Service

data/proto_docs/google/api/client.rb

@@ -28,6 +28,9 @@ module Google
     # @!attribute [rw] destinations
     #   @return [::Array<::Google::Api::ClientLibraryDestination>]
     #     The destination where API teams want this client library to be published.
+    # @!attribute [rw] selective_gapic_generation
+    #   @return [::Google::Api::SelectiveGapicGeneration]
+    #     Configuration for which RPCs should be generated in the GAPIC client.
     class CommonLanguageSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -375,6 +378,17 @@ module Google
       end
     end
 
+    # This message is used to configure the generation of a subset of the RPCs in
+    # a service for client libraries.
+    # @!attribute [rw] methods
+    #   @return [::Array<::String>]
+    #     An allowlist of the fully qualified names of RPCs that should be included
+    #     on public client surfaces.
+    class SelectiveGapicGeneration
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # The organization for which the client libraries are being published.
     # Affects the url where generated docs are published, etc.
     module ClientLibraryOrganization

data/proto_docs/google/privacy/dlp/v2/dlp.rb

@@ -4057,6 +4057,15 @@ module Google
         # @!attribute [rw] pub_sub_notification
         #   @return [::Google::Cloud::Dlp::V2::DataProfileAction::PubSubNotification]
         #     Publish a message into the Pub/Sub topic.
+        # @!attribute [rw] publish_to_chronicle
+        #   @return [::Google::Cloud::Dlp::V2::DataProfileAction::PublishToChronicle]
+        #     Publishes generated data profiles to Google Security Operations.
+        #     For more information, see [Use Sensitive Data Protection data in
+        #     context-aware
+        #     analytics](https://cloud.google.com/chronicle/docs/detection/usecase-dlp-high-risk-user-download).
+        # @!attribute [rw] publish_to_scc
+        #   @return [::Google::Cloud::Dlp::V2::DataProfileAction::PublishToSecurityCommandCenter]
+        #     Publishes findings to SCC for each data profile.
         # @!attribute [rw] tag_resources
         #   @return [::Google::Cloud::Dlp::V2::DataProfileAction::TagResources]
         #     Tags the profiled resources with the specified tag values.
@@ -4122,6 +4131,18 @@ module Google
             end
           end
 
+          # Message expressing intention to publish to Google Security Operations.
+          class PublishToChronicle
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # If set, a summary finding will be created/updated in SCC for each profile.
+          class PublishToSecurityCommandCenter
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # If set, attaches the [tags]
           # (https://cloud.google.com/resource-manager/docs/tags/tags-overview)
           # provided to profiled resources. Tags support [access
@@ -4215,6 +4236,9 @@ module Google
         #     The project that will run the scan. The DLP service
         #     account that exists within this project must have access to all resources
         #     that are profiled, and the Cloud DLP API must be enabled.
+        # @!attribute [rw] other_cloud_starting_location
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudDiscoveryStartingLocation]
+        #     Must be set only when scanning other clouds.
         # @!attribute [rw] inspect_templates
         #   @return [::Array<::String>]
         #     Detection logic for profile generation.
@@ -4317,6 +4341,9 @@ module Google
         # @!attribute [rw] org_config
         #   @return [::Google::Cloud::Dlp::V2::DiscoveryConfig::OrgConfig]
         #     Only set when the parent is an org.
+        # @!attribute [rw] other_cloud_starting_location
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudDiscoveryStartingLocation]
+        #     Must be set only when scanning other clouds.
         # @!attribute [rw] inspect_templates
         #   @return [::Array<::String>]
         #     Detection logic for profile generation.
@@ -4409,6 +4436,10 @@ module Google
         #   @return [::Google::Cloud::Dlp::V2::CloudStorageDiscoveryTarget]
         #     Cloud Storage target for Discovery. The first target to match a table
         #     will be the one applied.
+        # @!attribute [rw] other_cloud_target
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudDiscoveryTarget]
+        #     Other clouds target for discovery. The first target to match a resource
+        #     will be the one applied.
         class DiscoveryTarget
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -5025,6 +5056,223 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Target used to match against for discovery of resources from other clouds.
+        # An [AWS connector in Security Command Center
+        # (Enterprise](https://cloud.google.com/security-command-center/docs/connect-scc-to-aws)
+        # is required to use this feature.
+        # @!attribute [rw] data_source_type
+        #   @return [::Google::Cloud::Dlp::V2::DataSourceType]
+        #     Required. The type of data profiles generated by this discovery target.
+        #     Supported values are:
+        #     * aws/s3/bucket
+        # @!attribute [rw] filter
+        #   @return [::Google::Cloud::Dlp::V2::DiscoveryOtherCloudFilter]
+        #     Required. The resources that the discovery cadence applies to. The
+        #     first target with a matching filter will be the one to apply to a resource.
+        # @!attribute [rw] conditions
+        #   @return [::Google::Cloud::Dlp::V2::DiscoveryOtherCloudConditions]
+        #     Optional. In addition to matching the filter, these conditions must be true
+        #     before a profile is generated.
+        # @!attribute [rw] generation_cadence
+        #   @return [::Google::Cloud::Dlp::V2::DiscoveryOtherCloudGenerationCadence]
+        #     How often and when to update data profiles. New resources that match both
+        #     the filter and conditions are scanned as quickly as possible depending on
+        #     system capacity.
+        # @!attribute [rw] disabled
+        #   @return [::Google::Cloud::Dlp::V2::Disabled]
+        #     Disable profiling for resources that match this filter.
+        class OtherCloudDiscoveryTarget
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Determines which resources from the other cloud will have profiles generated.
+        # Includes the ability to filter by resource names.
+        # @!attribute [rw] collection
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudResourceCollection]
+        #     A collection of resources for this filter to apply to.
+        # @!attribute [rw] single_resource
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudSingleResourceReference]
+        #     The resource to scan. Configs using this filter can only have one target
+        #     (the target with this single resource reference).
+        # @!attribute [rw] others
+        #   @return [::Google::Cloud::Dlp::V2::AllOtherResources]
+        #     Optional. Catch-all. This should always be the last target in the list
+        #     because anything above it will apply first. Should only appear once in a
+        #     configuration. If none is specified, a default one will be added
+        #     automatically.
+        class DiscoveryOtherCloudFilter
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Match resources using regex filters.
+        # @!attribute [rw] include_regexes
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudResourceRegexes]
+        #     A collection of regular expressions to match a resource against.
+        class OtherCloudResourceCollection
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A collection of regular expressions to determine what resources to match
+        # against.
+        # @!attribute [rw] patterns
+        #   @return [::Array<::Google::Cloud::Dlp::V2::OtherCloudResourceRegex>]
+        #     A group of regular expression patterns to match against one or more
+        #     resources.
+        #     Maximum of 100 entries. The sum of all regular expression's length can't
+        #     exceed 10 KiB.
+        class OtherCloudResourceRegexes
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A pattern to match against one or more resources. At least one pattern must
+        # be specified. Regular expressions use RE2
+        # [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found
+        # under the google/re2 repository on GitHub.
+        # @!attribute [rw] amazon_s3_bucket_regex
+        #   @return [::Google::Cloud::Dlp::V2::AmazonS3BucketRegex]
+        #     Regex for Amazon S3 buckets.
+        class OtherCloudResourceRegex
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # AWS account regex.
+        # @!attribute [rw] account_id_regex
+        #   @return [::String]
+        #     Optional. Regex to test the AWS account ID against.
+        #     If empty, all accounts match.
+        class AwsAccountRegex
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Amazon S3 bucket regex.
+        # @!attribute [rw] aws_account_regex
+        #   @return [::Google::Cloud::Dlp::V2::AwsAccountRegex]
+        #     The AWS account regex.
+        # @!attribute [rw] bucket_name_regex
+        #   @return [::String]
+        #     Optional. Regex to test the bucket name against.
+        #     If empty, all buckets match.
+        class AmazonS3BucketRegex
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Identifies a single resource, like a single Amazon S3 bucket.
+        # @!attribute [rw] amazon_s3_bucket
+        #   @return [::Google::Cloud::Dlp::V2::AmazonS3Bucket]
+        #     Amazon S3 bucket.
+        class OtherCloudSingleResourceReference
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # AWS account.
+        # @!attribute [rw] account_id
+        #   @return [::String]
+        #     Required. AWS account ID.
+        class AwsAccount
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Amazon S3 bucket.
+        # @!attribute [rw] aws_account
+        #   @return [::Google::Cloud::Dlp::V2::AwsAccount]
+        #     The AWS account.
+        # @!attribute [rw] bucket_name
+        #   @return [::String]
+        #     Required. The bucket name.
+        class AmazonS3Bucket
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Requirements that must be true before a resource is profiled for the first
+        # time.
+        # @!attribute [rw] min_age
+        #   @return [::Google::Protobuf::Duration]
+        #     Minimum age a resource must be before Cloud DLP can profile it. Value must
+        #     be 1 hour or greater.
+        # @!attribute [rw] amazon_s3_bucket_conditions
+        #   @return [::Google::Cloud::Dlp::V2::AmazonS3BucketConditions]
+        #     Amazon S3 bucket conditions.
+        class DiscoveryOtherCloudConditions
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Amazon S3 bucket conditions.
+        # @!attribute [rw] bucket_types
+        #   @return [::Array<::Google::Cloud::Dlp::V2::AmazonS3BucketConditions::BucketType>]
+        #     Optional. Bucket types that should be profiled.
+        #     Optional. Defaults to TYPE_ALL_SUPPORTED if unspecified.
+        # @!attribute [rw] object_storage_classes
+        #   @return [::Array<::Google::Cloud::Dlp::V2::AmazonS3BucketConditions::ObjectStorageClass>]
+        #     Optional. Object classes that should be profiled.
+        #     Optional. Defaults to ALL_SUPPORTED_CLASSES if unspecified.
+        class AmazonS3BucketConditions
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Supported Amazon S3 bucket types.
+          # Defaults to TYPE_ALL_SUPPORTED.
+          module BucketType
+            # Unused.
+            TYPE_UNSPECIFIED = 0
+
+            # All supported classes.
+            TYPE_ALL_SUPPORTED = 1
+
+            # A general purpose Amazon S3 bucket.
+            TYPE_GENERAL_PURPOSE = 2
+          end
+
+          # Supported Amazon S3 object storage classes.
+          # Defaults to ALL_SUPPORTED_CLASSES.
+          module ObjectStorageClass
+            # Unused.
+            UNSPECIFIED = 0
+
+            # All supported classes.
+            ALL_SUPPORTED_CLASSES = 1
+
+            # Standard object class.
+            STANDARD = 2
+
+            # Standard - infrequent access object class.
+            STANDARD_INFREQUENT_ACCESS = 4
+
+            # Glacier - instant retrieval object class.
+            GLACIER_INSTANT_RETRIEVAL = 6
+
+            # Objects in the S3 Intelligent-Tiering access tiers.
+            INTELLIGENT_TIERING = 7
+          end
+        end
+
+        # How often existing resources should have their profiles refreshed.
+        # New resources are scanned as quickly as possible depending on system
+        # capacity.
+        # @!attribute [rw] refresh_frequency
+        #   @return [::Google::Cloud::Dlp::V2::DataProfileUpdateFrequency]
+        #     Optional. Frequency to update profiles regardless of whether the underlying
+        #     resource has changes. Defaults to never.
+        # @!attribute [rw] inspect_template_modified_cadence
+        #   @return [::Google::Cloud::Dlp::V2::DiscoveryInspectTemplateModifiedCadence]
+        #     Optional. Governs when to update data profiles when the inspection rules
+        #     defined by the `InspectTemplate` change.
+        #     If not set, changing the template will not cause a data profile to update.
+        class DiscoveryOtherCloudGenerationCadence
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # The location to begin a discovery scan. Denotes an organization ID or folder
         # ID within an organization.
         # @!attribute [rw] organization_id
@@ -5038,6 +5286,31 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # The other cloud starting location for discovery.
+        # @!attribute [rw] aws_location
+        #   @return [::Google::Cloud::Dlp::V2::OtherCloudDiscoveryStartingLocation::AwsDiscoveryStartingLocation]
+        #     The AWS starting location for discovery.
+        class OtherCloudDiscoveryStartingLocation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The AWS starting location for discovery.
+          # @!attribute [rw] account_id
+          #   @return [::String]
+          #     The AWS account ID that this discovery config applies to.
+          #     Within an AWS organization, you can find the AWS account ID inside an
+          #     AWS account ARN. Example:
+          #     arn:\\{partition}:organizations::\\{management_account_id}:account/\\{org_id}/\\{account_id}
+          # @!attribute [rw] all_asset_inventory_assets
+          #   @return [::Boolean]
+          #     All AWS assets stored in Asset Inventory that didn't match other AWS
+          #     discovery configs.
+          class AwsDiscoveryStartingLocation
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
         # Match discovery resources not covered by any other filter.
         class AllOtherResources
           include ::Google::Protobuf::MessageExts
@@ -6031,7 +6304,7 @@ module Google
         #     The resource name of the profile.
         # @!attribute [rw] project_id
         #   @return [::String]
-        #     Project ID that was profiled.
+        #     Project ID or account that was profiled.
         # @!attribute [rw] profile_last_generated
         #   @return [::Google::Protobuf::Timestamp]
         #     The last time the profile was generated.
@@ -6102,13 +6375,14 @@ module Google
         #     locations.
         # @!attribute [rw] dataset_id
         #   @return [::String]
-        #     If the resource is BigQuery, the  dataset ID.
+        #     If the resource is BigQuery, the dataset ID.
         # @!attribute [rw] table_id
         #   @return [::String]
-        #     If the resource is BigQuery, the BigQuery table ID.
+        #     The table ID.
         # @!attribute [rw] full_resource
         #   @return [::String]
-        #     The resource name of the resource profiled.
+        #     The Cloud Asset Inventory resource that was profiled in order to generate
+        #     this TableDataProfile.
         #     https://cloud.google.com/apis/design/resource_names#full_resource_name
         # @!attribute [rw] profile_status
         #   @return [::Google::Cloud::Dlp::V2::ProfileStatus]
@@ -6263,15 +6537,15 @@ module Google
         #     The Google Cloud project ID that owns the profiled resource.
         # @!attribute [rw] dataset_location
         #   @return [::String]
-        #     The BigQuery location where the dataset's data is stored.
+        #     If supported, the location where the dataset's data is stored.
         #     See https://cloud.google.com/bigquery/docs/locations for supported
-        #     locations.
+        #     BigQuery locations.
         # @!attribute [rw] dataset_id
         #   @return [::String]
-        #     The BigQuery dataset ID.
+        #     The BigQuery dataset ID, if the resource profiled is a BigQuery table.
         # @!attribute [rw] table_id
         #   @return [::String]
-        #     The BigQuery table ID.
+        #     The table ID.
         # @!attribute [rw] column
         #   @return [::String]
         #     The name of the column.
@@ -6400,6 +6674,7 @@ module Google
         # The profile for a file store.
         #
         # * Cloud Storage: maps 1:1 with a bucket.
+        # * Amazon S3: maps 1:1 with a bucket.
         # @!attribute [rw] name
         #   @return [::String]
         #     The name of the profile.
@@ -6412,12 +6687,15 @@ module Google
         # @!attribute [rw] project_id
         #   @return [::String]
         #     The Google Cloud project ID that owns the resource.
+        #     For Amazon S3 buckets, this is the AWS Account Id.
         # @!attribute [rw] file_store_location
         #   @return [::String]
         #     The location of the file store.
         #
         #     * Cloud Storage:
         #     https://cloud.google.com/storage/docs/locations#available-locations
+        #     * Amazon S3:
+        #     https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints
         # @!attribute [rw] data_storage_locations
         #   @return [::Array<::String>]
         #     For resources that have multiple storage locations, these are those
@@ -6435,10 +6713,14 @@ module Google
         #     The file store path.
         #
         #     * Cloud Storage: `gs://{bucket}`
+        #     * Amazon S3: `s3://{bucket}`
         # @!attribute [rw] full_resource
         #   @return [::String]
         #     The resource name of the resource profiled.
         #     https://cloud.google.com/apis/design/resource_names#full_resource_name
+        #
+        #     Example format of an S3 bucket full resource name:
+        #     `//cloudasset.googleapis.com/organizations/{org_id}/otherCloudConnections/aws/arn:aws:s3:::{bucket_name}`
         # @!attribute [rw] config_snapshot
         #   @return [::Google::Cloud::Dlp::V2::DataProfileConfigSnapshot]
         #     The snapshot of the configurations used to generate the profile.
@@ -6651,6 +6933,7 @@ module Google
         #     * A restriction has the form of `{field} {operator} {value}`.
         #     * Supported fields/values:
         #         - `project_id` - The Google Cloud project ID.
+        #         - `account_id` - The AWS account ID.
         #         - `file_store_path` - The path like "gs://bucket".
         #         - `data_source_type` - The profile's data source type, like
         #         "google/storage/bucket".
@@ -7026,7 +7309,12 @@ module Google
         # @!attribute [r] data_source
         #   @return [::String]
         #     Output only. An identifying string to the type of resource being profiled.
-        #     Current values: google/bigquery/table, google/project
+        #     Current values:
+        #
+        #     * google/bigquery/table
+        #     * google/project
+        #     * google/sql/table
+        #     * google/gcs/bucket
         class DataSourceType
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -7177,8 +7465,8 @@ module Google
           PROFILE_GENERATION_UPDATE = 2
         end
 
-        # Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW,
-        # and SNAPSHOT are not supported.
+        # Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, and
+        # non-BigLake external tables are not supported.
         module BigQueryTableTypeCollection
           # Unused.
           BIG_QUERY_COLLECTION_UNSPECIFIED = 0
@@ -7196,8 +7484,8 @@ module Google
           BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES = 2
         end
 
-        # Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW,
-        # SNAPSHOT, and non-BigLake external tables are not supported.
+        # Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, and
+        # non-BigLake external tables are not supported.
         module BigQueryTableType
           # Unused.
           BIG_QUERY_TABLE_TYPE_UNSPECIFIED = 0
@@ -7207,6 +7495,9 @@ module Google
 
           # A table that references data stored in Cloud Storage.
           BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE = 2
+
+          # A snapshot of a BigQuery table.
+          BIG_QUERY_TABLE_TYPE_SNAPSHOT = 3
         end
 
         # How frequently data profiles can be updated. New options can be added at a

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-dlp-v2
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-30 00:00:00.000000000 Z
+date: 2024-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -126,7 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.6
+rubygems_version: 3.5.21
 signing_key: 
 specification_version: 4
 summary: Discover and protect your sensitive data. A fully managed service designed