google-cloud-dlp 0.8.0 → 0.9.0

data/lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -115,12 +115,12 @@ module Google
           #   @return [Integer]
           #     Max number of findings that will be returned for each item scanned.
           #     When set within `InspectDataSourceRequest`,
-          #     the maximum returned is 1000 regardless if this is set higher.
+          #     the maximum returned is 2000 regardless if this is set higher.
           #     When set within `InspectContentRequest`, this field is ignored.
           # @!attribute [rw] max_findings_per_request
           #   @return [Integer]
           #     Max number of findings that will be returned per request/job.
-          #     When set within `InspectContentRequest`, the maximum returned is 1000
+          #     When set within `InspectContentRequest`, the maximum returned is 2000
           #     regardless if this is set higher.
           # @!attribute [rw] max_findings_per_info_type
           #   @return [Array<Google::Privacy::Dlp::V2::InspectConfig::FindingLimits::InfoTypeLimit>]
@@ -597,6 +597,7 @@ module Google
           #   @return [Google::Privacy::Dlp::V2::InspectJobConfig]
           class RequestedOptions; end
 
+          # All result fields mentioned below are updated while the job is processing.
           # @!attribute [rw] processed_bytes
           #   @return [Integer]
           #     Total size in bytes that were processed.
@@ -620,6 +621,10 @@ module Google
         # @!attribute [rw] supported_by
         #   @return [Array<Google::Privacy::Dlp::V2::InfoTypeSupportedBy>]
         #     Which parts of the API supports this InfoType.
+        # @!attribute [rw] description
+        #   @return [String]
+        #     Description of the infotype. Translated when language is provided in the
+        #     request.
         class InfoTypeDescription; end
 
         # Request for the list of infoTypes.
@@ -1196,6 +1201,8 @@ module Google
         #   @return [Google::Privacy::Dlp::V2::CryptoHashConfig]
         # @!attribute [rw] date_shift_config
         #   @return [Google::Privacy::Dlp::V2::DateShiftConfig]
+        # @!attribute [rw] crypto_deterministic_config
+        #   @return [Google::Privacy::Dlp::V2::CryptoDeterministicConfig]
         class PrimitiveTransformation; end
 
         # For use with `Date`, `Timestamp`, and `TimeOfDay`, extract or preserve a
@@ -1229,14 +1236,72 @@ module Google
         # Pseudonymization method that generates surrogates via cryptographic hashing.
         # Uses SHA-256.
         # The key size must be either 32 or 64 bytes.
-        # Outputs a 32 byte digest as an uppercase hex string
-        # (for example, 41D1567F7F99F1DC2A5FAB886DEE5BEE).
+        # Outputs a base64 encoded representation of the hashed output
+        # (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).
         # Currently, only string and integer values can be hashed.
+        # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
         # @!attribute [rw] crypto_key
         #   @return [Google::Privacy::Dlp::V2::CryptoKey]
         #     The key used by the hash function.
         class CryptoHashConfig; end
 
+        # Pseudonymization method that generates deterministic encryption for the given
+        # input. Outputs a base64 encoded representation of the encrypted output.
+        # Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297.
+        # @!attribute [rw] crypto_key
+        #   @return [Google::Privacy::Dlp::V2::CryptoKey]
+        #     The key used by the encryption function.
+        # @!attribute [rw] surrogate_info_type
+        #   @return [Google::Privacy::Dlp::V2::InfoType]
+        #     The custom info type to annotate the surrogate with.
+        #     This annotation will be applied to the surrogate by prefixing it with
+        #     the name of the custom info type followed by the number of
+        #     characters comprising the surrogate. The following scheme defines the
+        #     format: <info type name>(<surrogate character count>):<surrogate>
+        #
+        #     For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and
+        #     the surrogate is 'abc', the full replacement value
+        #     will be: 'MY_TOKEN_INFO_TYPE(3):abc'
+        #
+        #     This annotation identifies the surrogate when inspecting content using the
+        #     custom info type 'Surrogate'. This facilitates reversal of the
+        #     surrogate when it occurs in free text.
+        #
+        #     In order for inspection to work properly, the name of this info type must
+        #     not occur naturally anywhere in your data; otherwise, inspection may either
+        #
+        #     * reverse a surrogate that does not correspond to an actual identifier
+        #     * be unable to parse the surrogate and result in an error
+        #
+        #     Therefore, choose your custom info type name carefully after considering
+        #     what your data looks like. One way to select a name that has a high chance
+        #     of yielding reliable detection is to include one or more unicode characters
+        #     that are highly improbable to exist in your data.
+        #     For example, assuming your data is entered from a regular ASCII keyboard,
+        #     the symbol with the hex code point 29DD might be used like so:
+        #     ⧝MY_TOKEN_TYPE
+        # @!attribute [rw] context
+        #   @return [Google::Privacy::Dlp::V2::FieldId]
+        #     Optional. A context may be used for higher security and maintaining
+        #     referential integrity such that the same identifier in two different
+        #     contexts will be given a distinct surrogate. The context is appended to
+        #     plaintext value being encrypted. On decryption the provided context is
+        #     validated against the value used during encryption. If a context was
+        #     provided during encryption, same context must be provided during decryption
+        #     as well.
+        #
+        #     If the context is not set, plaintext would be used as is for encryption.
+        #     If the context is set but:
+        #
+        #     1. there is no record present when transforming a given value or
+        #     2. the field is not present when transforming a given value,
+        #
+        #     plaintext would be used as is for encryption.
+        #
+        #     Note that case (1) is expected when an `InfoTypeTransformation` is
+        #     applied to both structured and non-structured `ContentItem`s.
+        class CryptoDeterministicConfig; end
+
         # Replace each input value with a given `Value`.
         # @!attribute [rw] new_value
         #   @return [Google::Privacy::Dlp::V2::Value]
@@ -1371,16 +1436,19 @@ module Google
           class Bucket; end
         end
 
-        # Replaces an identifier with a surrogate using FPE with the FFX
-        # mode of operation; however when used in the `ReidentifyContent` API method,
-        # it serves the opposite function by reversing the surrogate back into
-        # the original identifier.
-        # The identifier must be encoded as ASCII.
-        # For a given crypto key and context, the same identifier will be
-        # replaced with the same surrogate.
-        # Identifiers must be at least two characters long.
-        # In the case that the identifier is the empty string, it will be skipped.
-        # See https://cloud.google.com/dlp/docs/pseudonymization to learn more.
+        # Replaces an identifier with a surrogate using Format Preserving Encryption
+        # (FPE) with the FFX mode of operation; however when used in the
+        # `ReidentifyContent` API method, it serves the opposite function by reversing
+        # the surrogate back into the original identifier. The identifier must be
+        # encoded as ASCII. For a given crypto key and context, the same identifier
+        # will be replaced with the same surrogate. Identifiers must be at least two
+        # characters long. In the case that the identifier is the empty string, it will
+        # be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
+        # more.
+        #
+        # Note: We recommend using  CryptoDeterministicConfig for all use cases which
+        # do not require preserving the input alphabet space and size, plus warrant
+        # referential integrity.
         # @!attribute [rw] crypto_key
         #   @return [Google::Privacy::Dlp::V2::CryptoKey]
         #     The key used by the encryption algorithm. [required]
@@ -1497,10 +1565,11 @@ module Google
         # leaking the key. Choose another type of key if possible.
         # @!attribute [rw] key
         #   @return [String]
-        #     The AES 128/192/256 bit key. [required]
+        #     A 128/192/256 bit key. [required]
         class UnwrappedCryptoKey; end
 
         # Include to use an existing data crypto key wrapped by KMS.
+        # The wrapped key must be a 128/192/256 bit key.
         # Authorization requires the following IAM permissions when sending a request
         # to perform a crypto transformation using a kms-wrapped crypto key:
         # dlp.kms.encrypt
@@ -1611,7 +1680,8 @@ module Google
         class RecordCondition
           # The field type of `value` and `field` do not need to match to be
           # considered equal, but not all comparisons are possible.
-          #
+          # EQUAL_TO and NOT_EQUAL_TO attempt to compare even with incompatible types,
+          # but all other comparisons are invalid with incompatible types.
           # A `value` of type:
           #
           # * `string` can be compared against all other types
@@ -1668,12 +1738,12 @@ module Google
         #     Transformations applied to the dataset.
         class TransformationOverview; end
 
-        # Summary of a single tranformation.
+        # Summary of a single transformation.
         # Only one of 'transformation', 'field_transformation', or 'record_suppress'
         # will be set.
         # @!attribute [rw] info_type
         #   @return [Google::Privacy::Dlp::V2::InfoType]
-        #     Set if the transformation was limited to a specific info_type.
+        #     Set if the transformation was limited to a specific InfoType.
         # @!attribute [rw] field
         #   @return [Google::Privacy::Dlp::V2::FieldId]
         #     Set if the transformation was limited to a specific FieldId.
@@ -1867,6 +1937,10 @@ module Google
         # @!attribute [rw] publish_summary_to_cscc
         #   @return [Google::Privacy::Dlp::V2::Action::PublishSummaryToCscc]
         #     Publish summary to Cloud Security Command Center (Alpha).
+        # @!attribute [rw] job_notification_emails
+        #   @return [Google::Privacy::Dlp::V2::Action::JobNotificationEmails]
+        #     Enable email notification to project owners and editors on job's
+        #     completion/failure.
         class Action
           # If set, the detailed findings will be persisted to the specified
           # OutputStorageConfig. Only a single instance of this action can be
@@ -1897,6 +1971,10 @@ module Google
           # Only a single instance of this action can be specified.
           # Compatible with: Inspect
           class PublishSummaryToCscc; end
+
+          # Enable email notification to project owners and editors on jobs's
+          # completion/failure.
+          class JobNotificationEmails; end
         end
 
         # Request message for CreateInspectTemplate.
@@ -1911,7 +1989,7 @@ module Google
         #   @return [String]
         #     The template id can contain uppercase and lowercase letters,
         #     numbers, and hyphens; that is, it must match the regular
-        #     expression: `[a-zA-Z\\d-]+`. The maximum length is 100
+        #     expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
         #     characters. Can be empty to allow the system to generate one.
         class CreateInspectTemplateRequest; end
 
@@ -1996,10 +2074,17 @@ module Google
         #   @return [String]
         #     The trigger id can contain uppercase and lowercase letters,
         #     numbers, and hyphens; that is, it must match the regular
-        #     expression: `[a-zA-Z\\d-]+`. The maximum length is 100
+        #     expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
         #     characters. Can be empty to allow the system to generate one.
         class CreateJobTriggerRequest; end
 
+        # Request message for ActivateJobTrigger.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     Resource name of the trigger to activate, for example
+        #     `projects/dlp-test-project/jobTriggers/53234423`.
+        class ActivateJobTriggerRequest; end
+
         # Request message for UpdateJobTrigger.
         # @!attribute [rw] name
         #   @return [String]
@@ -2034,7 +2119,7 @@ module Google
         #   @return [String]
         #     The job id can contain uppercase and lowercase letters,
         #     numbers, and hyphens; that is, it must match the regular
-        #     expression: `[a-zA-Z\\d-]+`. The maximum length is 100
+        #     expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
         #     characters. Can be empty to allow the system to generate one.
         class CreateDlpJobRequest; end
 
@@ -2063,9 +2148,36 @@ module Google
         #
         #     * `create_time`: corresponds to time the JobTrigger was created.
         #     * `update_time`: corresponds to time the JobTrigger was last updated.
+        #     * `last_run_time`: corresponds to the last time the JobTrigger ran.
         #     * `name`: corresponds to JobTrigger's name.
         #     * `display_name`: corresponds to JobTrigger's display name.
         #     * `status`: corresponds to JobTrigger's status.
+        # @!attribute [rw] filter
+        #   @return [String]
+        #     Optional. Allows filtering.
+        #
+        #     Supported syntax:
+        #
+        #     * Filter expressions are made up of one or more restrictions.
+        #     * Restrictions can be combined by `AND` or `OR` logical operators. A
+        #       sequence of restrictions implicitly uses `AND`.
+        #     * A restriction has the form of `<field> <operator> <value>`.
+        #     * Supported fields/values for inspect jobs:
+        #       * `status` - HEALTHY|PAUSED|CANCELLED
+        #         * `inspected_storage` - DATASTORE|CLOUD_STORAGE|BIGQUERY
+        #         * 'last_run_time` - RFC 3339 formatted timestamp, surrounded by
+        #           quotation marks. Nanoseconds are ignored.
+        #         * 'error_count' - Number of errors that have occurred while running.
+        #       * The operator must be `=` or `!=` for status and inspected_storage.
+        #
+        #       Examples:
+        #
+        #     * inspected_storage = cloud_storage AND status = HEALTHY
+        #     * inspected_storage = cloud_storage OR inspected_storage = bigquery
+        #     * inspected_storage = cloud_storage AND (state = PAUSED OR state = HEALTHY)
+        #     * last_run_time > \"2017-12-12T00:00:00+00:00\"
+        #
+        #     The length of this field should be no more than 500 characters.
         class ListJobTriggersRequest; end
 
         # Response message for ListJobTriggers.
@@ -2249,7 +2361,7 @@ module Google
         #   @return [String]
         #     The template id can contain uppercase and lowercase letters,
         #     numbers, and hyphens; that is, it must match the regular
-        #     expression: `[a-zA-Z\\d-]+`. The maximum length is 100
+        #     expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
         #     characters. Can be empty to allow the system to generate one.
         class CreateDeidentifyTemplateRequest; end
 
@@ -2410,7 +2522,7 @@ module Google
         #   @return [String]
         #     The storedInfoType ID can contain uppercase and lowercase letters,
         #     numbers, and hyphens; that is, it must match the regular
-        #     expression: `[a-zA-Z\\d-]+`. The maximum length is 100
+        #     expression: `[a-zA-Z\\d-_]+`. The maximum length is 100
         #     characters. Can be empty to allow the system to generate one.
         class CreateStoredInfoTypeRequest; end
 
@@ -2499,6 +2611,28 @@ module Google
           CONTENT_IMAGE = 2
         end
 
+        # An enum to represent the various type of DLP jobs.
+        module DlpJobType
+          DLP_JOB_TYPE_UNSPECIFIED = 0
+
+          # The job inspected Google Cloud for sensitive data.
+          INSPECT_JOB = 1
+
+          # The job executed a Risk Analysis computation.
+          RISK_ANALYSIS_JOB = 2
+        end
+
+        # Parts of the APIs which use certain infoTypes.
+        module InfoTypeSupportedBy
+          ENUM_TYPE_UNSPECIFIED = 0
+
+          # Supported by the inspect operations.
+          INSPECT = 1
+
+          # Supported by the risk analysis operations.
+          RISK_ANALYSIS = 2
+        end
+
         # Type of the match which can be applied to different ways of matching, like
         # Dictionary, regular expression and intersecting with findings of another
         # info type.
@@ -2528,25 +2662,14 @@ module Google
           MATCHING_TYPE_INVERSE_MATCH = 3
         end
 
-        # Parts of the APIs which use certain infoTypes.
-        module InfoTypeSupportedBy
-          ENUM_TYPE_UNSPECIFIED = 0
-
-          # Supported by the inspect operations.
-          INSPECT = 1
-
-          # Supported by the risk analysis operations.
-          RISK_ANALYSIS = 2
-        end
-
         # Operators available for comparing the value of fields.
         module RelationalOperator
           RELATIONAL_OPERATOR_UNSPECIFIED = 0
 
-          # Equal.
+          # Equal. Attempts to match even with incompatible types.
           EQUAL_TO = 1
 
-          # Not equal to.
+          # Not equal to. Attempts to match even with incompatible types.
           NOT_EQUAL_TO = 2
 
           # Greater than.
@@ -2565,17 +2688,6 @@ module Google
           EXISTS = 7
         end
 
-        # An enum to represent the various type of DLP jobs.
-        module DlpJobType
-          DLP_JOB_TYPE_UNSPECIFIED = 0
-
-          # The job inspected Google Cloud for sensitive data.
-          INSPECT_JOB = 1
-
-          # The job executed a Risk Analysis computation.
-          RISK_ANALYSIS_JOB = 2
-        end
-
         # State of a StoredInfoType version.
         module StoredInfoTypeState
           STORED_INFO_TYPE_STATE_UNSPECIFIED = 0

data/lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/storage.rb

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -124,6 +124,10 @@ module Google
           #     Pattern defining the regular expression. Its syntax
           #     (https://github.com/google/re2/wiki/Syntax) can be found under the
           #     google/re2 repository on GitHub.
+          # @!attribute [rw] group_indexes
+          #   @return [Array<Integer>]
+          #     The index of the submatch to extract as findings. When not
+          #     specified, the entire match is returned. No more than 3 may be included.
           class Regex; end
 
           # Message for detecting output from deidentification transformations
@@ -328,8 +332,15 @@ module Google
           # @!attribute [rw] url
           #   @return [String]
           #     The Cloud Storage url of the file(s) to scan, in the format
-          #     `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed. Exactly
-          #     one of `url` or `regex_file_set` must be set.
+          #     `gs://<bucket>/<path>`. Trailing wildcard in the path is allowed.
+          #
+          #     If the url ends in a trailing slash, the bucket or directory represented
+          #     by the url will be scanned non-recursively (content in sub-directories
+          #     will not be scanned). This means that `gs://mybucket/` is equivalent to
+          #     `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to
+          #     `gs://mybucket/directory/*`.
+          #
+          #     Exactly one of `url` or `regex_file_set` must be set.
           # @!attribute [rw] regex_file_set
           #   @return [Google::Privacy::Dlp::V2::CloudStorageRegexFileSet]
           #     The regex-filtered set of files to scan. Exactly one of `url` or
@@ -394,8 +405,8 @@ module Google
         #     inspection of entire columns which you know have no findings.
         class BigQueryOptions
           # How to sample rows if not all rows are scanned. Meaningful only when used
-          # in conjunction with rows_limit. If not specified, scanning would start
-          # from the top.
+          # in conjunction with either rows_limit or rows_limit_percent. If not
+          # specified, scanning would start from the top.
           module SampleMethod
             SAMPLE_METHOD_UNSPECIFIED = 0
 
@@ -515,6 +526,10 @@ module Google
         #   @return [Google::Privacy::Dlp::V2::DatastoreKey]
         # @!attribute [rw] big_query_key
         #   @return [Google::Privacy::Dlp::V2::BigQueryKey]
+        # @!attribute [rw] id_values
+        #   @return [Array<String>]
+        #     Values of identifying columns in the given row. Order of values matches
+        #     the order of field identifiers specified in the scanning request.
         class RecordKey; end
 
         # Message defining the location of a BigQuery table. A table is uniquely
@@ -553,6 +568,28 @@ module Google
         #     Composite key indicating which field contains the entity identifier.
         class EntityId; end
 
+        # Definitions of file type groups to scan.
+        module FileType
+          # Includes all files.
+          FILE_TYPE_UNSPECIFIED = 0
+
+          # Includes all file extensions not covered by text file types.
+          BINARY_FILE = 1
+
+          # Included file extensions:
+          #   asc, brf, c, cc, cpp, csv, cxx, c++, cs, css, dart, eml, go, h, hh, hpp,
+          #   hxx, h++, hs, html, htm, shtml, shtm, xhtml, lhs, ini, java, js, json,
+          #   ocaml, md, mkd, markdown, m, ml, mli, pl, pm, php, phtml, pht, py, pyw,
+          #   rb, rbw, rs, rc, scala, sh, sql, tex, txt, text, tsv, vcard, vcs, wml,
+          #   xml, xsl, xsd, yml, yaml.
+          TEXT_FILE = 2
+
+          # Included file extensions:
+          #   bmp, gif, jpg, jpeg, jpe, png.
+          # bytes_limit_per_file has no effect on image files.
+          IMAGE = 3
+        end
+
         # Categorization of results based on how likely they are to represent a match,
         # based on the number of elements they contain which imply a match.
         module Likelihood
@@ -572,23 +609,6 @@ module Google
           # Many matching elements.
           VERY_LIKELY = 5
         end
-
-        # Definitions of file type groups to scan.
-        module FileType
-          # Includes all files.
-          FILE_TYPE_UNSPECIFIED = 0
-
-          # Includes all file extensions not covered by text file types.
-          BINARY_FILE = 1
-
-          # Included file extensions:
-          #   asc, brf, c, cc, cpp, csv, cxx, c++, cs, css, dart, eml, go, h, hh, hpp,
-          #   hxx, h++, hs, html, htm, shtml, shtm, xhtml, lhs, ini, java, js, json,
-          #   ocaml, md, mkd, markdown, m, ml, mli, pl, pm, php, phtml, pht, py, pyw,
-          #   rb, rbw, rs, rc, scala, sh, sql, tex, txt, text, tsv, vcard, vcs, wml,
-          #   xml, xsl, xsd, yml, yaml.
-          TEXT_FILE = 2
-        end
       end
     end
   end