-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
InspectTemplate.yaml
423 lines (419 loc) · 22.1 KB
/
InspectTemplate.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
# Copyright 2023 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
--- !ruby/object:Api::Resource
name: 'InspectTemplate'
create_url: "{{parent}}/inspectTemplates"
self_link: "{{parent}}/inspectTemplates/{{name}}"
base_url: "{{parent}}/inspectTemplates"
update_verb: :PATCH
update_mask: true
description: |
An inspect job template.
references: !ruby/object:Api::Resource::ReferenceLinks
guides:
'Official Documentation': 'https://cloud.google.com/dlp/docs/creating-templates-inspect'
api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.inspectTemplates'
id_format: "{{parent}}/inspectTemplates/{{name}}"
examples:
- !ruby/object:Provider::Terraform::Examples
name: "dlp_inspect_template_basic"
primary_resource_id: "basic"
vars:
template: "temp"
test_env_vars:
project: :PROJECT_NAME
- !ruby/object:Provider::Terraform::Examples
name: "dlp_inspect_template_custom_type"
primary_resource_id: "custom"
vars:
template: "temp"
test_env_vars:
project: :PROJECT_NAME
custom_code: !ruby/object:Provider::Terraform::CustomCode
encoder: templates/terraform/encoders/wrap_object.go.erb
custom_import: templates/terraform/custom_import/dlp_import.go.erb
parameters:
- !ruby/object:Api::Type::String
name: 'parent'
description: |
The parent of the inspect template in any of the following formats:
* `projects/{{project}}`
* `projects/{{project}}/locations/{{location}}`
* `organizations/{{organization_id}}`
* `organizations/{{organization_id}}/locations/{{location}}`
required: true
immutable: true
url_param_only: true
properties:
- !ruby/object:Api::Type::String
name: 'name'
description: |
The resource name of the inspect template. Set by the server.
output: true
custom_flatten: templates/terraform/custom_flatten/name_from_self_link.erb
- !ruby/object:Api::Type::String
name: 'description'
description: |
A description of the inspect template.
- !ruby/object:Api::Type::String
name: 'displayName'
description: |
User set display name of the inspect template.
- !ruby/object:Api::Type::NestedObject
name: 'inspectConfig'
description: The core content of the template.
properties:
- !ruby/object:Api::Type::Boolean
name: 'excludeInfoTypes'
description: When true, excludes type information of the findings.
- !ruby/object:Api::Type::Boolean
name: 'includeQuote'
description: When true, a contextual quote from the data that triggered a
finding is included in the response.
- !ruby/object:Api::Type::Enum
name: 'minLikelihood'
description: |
Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info
values:
- :VERY_UNLIKELY
- :UNLIKELY
- :POSSIBLE
- :LIKELY
- :VERY_LIKELY
default_value: :POSSIBLE
- !ruby/object:Api::Type::NestedObject
name: 'limits'
description: Configuration to control the number of findings returned.
properties:
- !ruby/object:Api::Type::Integer
name: 'maxFindingsPerItem'
description: Max number of findings that will be returned for each item
scanned. The maximum returned is 2000.
required: true
- !ruby/object:Api::Type::Integer
name: 'maxFindingsPerRequest'
description: Max number of findings that will be returned per request/job.
The maximum returned is 2000.
required: true
- !ruby/object:Api::Type::Array
name: 'maxFindingsPerInfoType'
description: |
Configuration of findings limit given for specified infoTypes.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::NestedObject
name: 'infoType'
required: true
description: |
Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does
not have an infoType, the DLP API applies the limit against all infoTypes that are found but not
specified in another InfoTypeLimit.
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed
at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
- !ruby/object:Api::Type::Integer
name: 'maxFindings'
description: Max findings limit for the given infoType.
required: true
- !ruby/object:Api::Type::Array
name: 'infoTypes'
description: |
Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list
or listed at https://cloud.google.com/dlp/docs/infotypes-reference.
When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.
By default this may be all types, but may change over time as detectors are updated.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed
at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
- !ruby/object:Api::Type::String
name: 'version'
description: |
Version of the information type to use. By default, the version is set to stable
- !ruby/object:Api::Type::Array
name: 'contentOptions'
description: |
List of options defining data content to scan. If empty, text, images, and other content will be included.
item_type: !ruby/object:Api::Type::Enum
name: 'undefined'
description: |
This field only has a name and description because of MM
limitations. It should not appear in downstreams.
values:
- :CONTENT_TEXT
- :CONTENT_IMAGE
- !ruby/object:Api::Type::Array
name: 'ruleSet'
description: |
Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,
other rules are executed in the order they are specified for each info type.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Array
name: 'infoTypes'
required: true
description: |
List of infoTypes this rule set is applied to.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed
at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
- !ruby/object:Api::Type::Array
name: 'rules'
required: true
description: |
Set of rules to be applied to infoTypes. The rules are applied in order.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::NestedObject
name: 'hotwordRule'
description: Hotword-based detection rule.
properties:
- !ruby/object:Api::Type::NestedObject
name: 'hotwordRegex'
required: true
description: Regular expression pattern defining what qualifies
as a hotword.
properties:
- !ruby/object:Api::Type::String
name: 'pattern'
required: true
description: |
Pattern defining the regular expression. Its syntax
(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
- !ruby/object:Api::Type::Array
name: 'groupIndexes'
description: |
The index of the submatch to extract as findings. When not specified,
the entire match is returned. No more than 3 may be included.
item_type: Api::Type::Integer
- !ruby/object:Api::Type::NestedObject
name: 'proximity'
required: true
description: |
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot
exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be
used to match substrings of the finding itself. For example, the certainty of a phone number regex
`(\d{3}) \d{3}-\d{4}` could be adjusted upwards if the area code is known to be the local area code of a company
office using the hotword regex `(xxx)`, where `xxx` is the area code in question.
properties:
- !ruby/object:Api::Type::Integer
name: 'windowBefore'
description: |
Number of characters before the finding to consider. Either this or window_after must be specified
- !ruby/object:Api::Type::Integer
name: 'windowAfter'
description: |
Number of characters after the finding to consider. Either this or window_before must be specified
- !ruby/object:Api::Type::NestedObject
name: 'likelihoodAdjustment'
required: true
description: |
Likelihood adjustment to apply to all matching findings.
properties:
- !ruby/object:Api::Type::Enum
name: 'fixedLikelihood'
description: |
Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set.
values:
- :VERY_UNLIKELY
- :UNLIKELY
- :POSSIBLE
- :LIKELY
- :VERY_LIKELY
- !ruby/object:Api::Type::Integer
name: 'relativeLikelihood'
description: |
Increase or decrease the likelihood by the specified number of levels. For example,
if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,
then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.
Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an
adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY
will result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.
- !ruby/object:Api::Type::NestedObject
name: 'exclusionRule'
description: The rule that specifies conditions when findings
of infoTypes specified in InspectionRuleSet are removed from
results.
properties:
- !ruby/object:Api::Type::Enum
name: 'matchingType'
required: true
description: |
How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType
values:
- :MATCHING_TYPE_FULL_MATCH
- :MATCHING_TYPE_PARTIAL_MATCH
- :MATCHING_TYPE_INVERSE_MATCH
- !ruby/object:Api::Type::NestedObject
name: 'dictionary'
description: Dictionary which defines the rule.
properties:
- !ruby/object:Api::Type::NestedObject
name: 'wordList'
description: List of words or phrases to search for.
properties:
- !ruby/object:Api::Type::Array
name: 'words'
required: true
description: |
Words or phrases defining the dictionary. The dictionary must contain at least one
phrase and every phrase must contain at least 2 characters that are letters or digits.
item_type: Api::Type::String
- !ruby/object:Api::Type::NestedObject
name: 'cloudStoragePath'
description: Newline-delimited file of words in Cloud
Storage. Only a single file is accepted.
properties:
- !ruby/object:Api::Type::String
name: 'path'
required: true
description: |
A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt`
- !ruby/object:Api::Type::NestedObject
name: 'regex'
description: Regular expression which defines the rule.
properties:
- !ruby/object:Api::Type::String
name: 'pattern'
required: true
description: |
Pattern defining the regular expression.
Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
- !ruby/object:Api::Type::Array
name: 'groupIndexes'
description: |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
item_type: Api::Type::Integer
- !ruby/object:Api::Type::NestedObject
name: 'excludeInfoTypes'
description: Set of infoTypes for which findings would affect
this rule.
properties:
- !ruby/object:Api::Type::Array
name: 'infoTypes'
required: true
description: |
If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed
at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
- !ruby/object:Api::Type::Array
name: 'customInfoTypes'
description: |
Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::NestedObject
name: 'infoType'
required: true
description: |
CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing
infoTypes and that infoType is specified in `info_types` field. Specifying the latter adds findings to the
one detected by the system. If built-in info type is not specified in `info_types` list then the name is
treated as a custom info type.
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names
listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
- !ruby/object:Api::Type::Enum
name: 'likelihood'
description: |
Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria
specified by the rule.
values:
- :VERY_UNLIKELY
- :UNLIKELY
- :POSSIBLE
- :LIKELY
- :VERY_LIKELY
default_value: :VERY_LIKELY
- !ruby/object:Api::Type::Enum
name: 'exclusionType'
description: |
If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching.
values:
- :EXCLUSION_TYPE_EXCLUDE
- !ruby/object:Api::Type::NestedObject
name: 'regex'
description: Regular expression which defines the rule.
immutable: true
properties:
- !ruby/object:Api::Type::String
name: 'pattern'
required: true
description: |
Pattern defining the regular expression.
Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.
- !ruby/object:Api::Type::Array
name: 'groupIndexes'
description: |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
item_type: Api::Type::Integer
- !ruby/object:Api::Type::NestedObject
name: 'dictionary'
description: Dictionary which defines the rule.
immutable: true
properties:
- !ruby/object:Api::Type::NestedObject
name: 'wordList'
description: List of words or phrases to search for.
properties:
- !ruby/object:Api::Type::Array
name: 'words'
required: true
description: |
Words or phrases defining the dictionary. The dictionary must contain at least one
phrase and every phrase must contain at least 2 characters that are letters or digits.
item_type: Api::Type::String
- !ruby/object:Api::Type::NestedObject
name: 'cloudStoragePath'
description: Newline-delimited file of words in Cloud Storage. Only
a single file is accepted.
properties:
- !ruby/object:Api::Type::String
name: 'path'
required: true
description: |
A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt`
- !ruby/object:Api::Type::NestedObject
name: 'storedType'
description: A reference to a StoredInfoType to use with scanning.
immutable: true
properties:
- !ruby/object:Api::Type::String
name: 'name'
required: true
description: |
Resource name of the requested StoredInfoType, for example `organizations/433245324/storedInfoTypes/432452342`
or `projects/project-id/storedInfoTypes/432452342`.