From 24fc77bd4cb18d72a98bda4c0239e54fa616c498 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Wed, 30 Nov 2022 13:11:54 -0800 Subject: [PATCH] feat: add bigquery datapolicies v1 API PiperOrigin-RevId: 491999451 --- .../bigquery/datapolicies/v1/BUILD.bazel | 391 ++++++++++++++++++ .../v1/bigquerydatapolicy_v1.yaml | 23 ++ .../datapolicies_v1_grpc_service_config.json | 50 +++ .../bigquery/datapolicies/v1/datapolicy.proto | 315 ++++++++++++++ 4 files changed, 779 insertions(+) create mode 100644 google/cloud/bigquery/datapolicies/v1/BUILD.bazel create mode 100644 google/cloud/bigquery/datapolicies/v1/bigquerydatapolicy_v1.yaml create mode 100644 google/cloud/bigquery/datapolicies/v1/datapolicies_v1_grpc_service_config.json create mode 100644 google/cloud/bigquery/datapolicies/v1/datapolicy.proto diff --git a/google/cloud/bigquery/datapolicies/v1/BUILD.bazel b/google/cloud/bigquery/datapolicies/v1/BUILD.bazel new file mode 100644 index 0000000000000..cae57e3cafa3e --- /dev/null +++ b/google/cloud/bigquery/datapolicies/v1/BUILD.bazel @@ -0,0 +1,391 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "datapolicies_proto", + srcs = [ + "datapolicy.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/iam/v1:iam_policy_proto", + "//google/iam/v1:policy_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + ], +) + +proto_library_with_info( + name = "datapolicies_proto_with_info", + deps = [ + ":datapolicies_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "datapolicies_java_proto", + deps = [":datapolicies_proto"], +) + +java_grpc_library( + name = "datapolicies_java_grpc", + srcs = [":datapolicies_proto"], + deps = [":datapolicies_java_proto"], +) + +java_gapic_library( + name = "datapolicies_java_gapic", + srcs = [":datapolicies_proto_with_info"], + gapic_yaml = None, + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + test_deps = [ + ":datapolicies_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":datapolicies_java_proto", + "//google/api:api_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "datapolicies_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.bigquery.datapolicies.v1.DataPolicyServiceClientHttpJsonTest", + "com.google.cloud.bigquery.datapolicies.v1.DataPolicyServiceClientTest", + ], + runtime_deps = [":datapolicies_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-bigquery-datapolicies-v1-java", + transport = "grpc+rest", + deps = [ + ":datapolicies_java_gapic", + ":datapolicies_java_grpc", + ":datapolicies_java_proto", + ":datapolicies_proto", + ], + include_samples = True, +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "datapolicies_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/bigquery/datapolicies/v1", + protos = [":datapolicies_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_gapic_library( + name = "datapolicies_go_gapic", + srcs = [":datapolicies_proto_with_info"], + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + importpath = "cloud.google.com/go/bigquery/datapolicies/apiv1;datapolicies", + metadata = True, + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + transport = "grpc+rest", + deps = [ + ":datapolicies_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_test( + name = "datapolicies_go_gapic_test", + srcs = [":datapolicies_go_gapic_srcjar_test"], + embed = [":datapolicies_go_gapic"], + importpath = "cloud.google.com/go/bigquery/datapolicies/apiv1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-bigquery-datapolicies-v1-go", + deps = [ + ":datapolicies_go_gapic", + ":datapolicies_go_gapic_srcjar-test.srcjar", + ":datapolicies_go_gapic_srcjar-metadata.srcjar", + ":datapolicies_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "datapolicies_py_gapic", + srcs = [":datapolicies_proto"], + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + transport = "grpc+rest", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + ], +) + +py_test( + name = "datapolicies_py_gapic_test", + srcs = [ + "datapolicies_py_gapic_pytest.py", + "datapolicies_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":datapolicies_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "bigquery-datapolicies-v1-py", + deps = [ + ":datapolicies_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "datapolicies_php_proto", + deps = [":datapolicies_proto"], +) + +php_grpc_library( + name = "datapolicies_php_grpc", + srcs = [":datapolicies_proto"], + deps = [":datapolicies_php_proto"], +) + +php_gapic_library( + name = "datapolicies_php_gapic", + srcs = [":datapolicies_proto_with_info"], + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + transport = "grpc+rest", + deps = [ + ":datapolicies_php_grpc", + ":datapolicies_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-bigquery-datapolicies-v1-php", + deps = [ + ":datapolicies_php_gapic", + ":datapolicies_php_grpc", + ":datapolicies_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "datapolicies_nodejs_gapic", + package_name = "@google-cloud/datapolicies", + src = ":datapolicies_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + package = "google.cloud.bigquery.datapolicies.v1", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + transport = "grpc+rest", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "bigquery-datapolicies-v1-nodejs", + deps = [ + ":datapolicies_nodejs_gapic", + ":datapolicies_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_gapic_assembly_pkg", + "ruby_cloud_gapic_library", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "datapolicies_ruby_proto", + deps = [":datapolicies_proto"], +) + +ruby_grpc_library( + name = "datapolicies_ruby_grpc", + srcs = [":datapolicies_proto"], + deps = [":datapolicies_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "datapolicies_ruby_gapic", + srcs = [":datapolicies_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-bigquery-datapolicies-v1", + ], + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + deps = [ + ":datapolicies_ruby_grpc", + ":datapolicies_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-bigquery-datapolicies-v1-ruby", + deps = [ + ":datapolicies_ruby_gapic", + ":datapolicies_ruby_grpc", + ":datapolicies_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "datapolicies_csharp_proto", + deps = [":datapolicies_proto"], +) + +csharp_grpc_library( + name = "datapolicies_csharp_grpc", + srcs = [":datapolicies_proto"], + deps = [":datapolicies_csharp_proto"], +) + +csharp_gapic_library( + name = "datapolicies_csharp_gapic", + srcs = [":datapolicies_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "datapolicies_v1_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "bigquerydatapolicy_v1.yaml", + deps = [ + ":datapolicies_csharp_grpc", + ":datapolicies_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-bigquery-datapolicies-v1-csharp", + deps = [ + ":datapolicies_csharp_gapic", + ":datapolicies_csharp_grpc", + ":datapolicies_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "datapolicies_cc_proto", + deps = [":datapolicies_proto"], +) + +cc_grpc_library( + name = "datapolicies_cc_grpc", + srcs = [":datapolicies_proto"], + grpc_only = True, + deps = [":datapolicies_cc_proto"], +) diff --git a/google/cloud/bigquery/datapolicies/v1/bigquerydatapolicy_v1.yaml b/google/cloud/bigquery/datapolicies/v1/bigquerydatapolicy_v1.yaml new file mode 100644 index 0000000000000..00a2606b4e596 --- /dev/null +++ b/google/cloud/bigquery/datapolicies/v1/bigquerydatapolicy_v1.yaml @@ -0,0 +1,23 @@ +type: google.api.Service +config_version: 3 +name: bigquerydatapolicy.googleapis.com +title: BigQuery Data Policy API + +apis: +- name: google.cloud.bigquery.datapolicies.v1.DataPolicyService + +documentation: + summary: Allows users to manage BigQuery data policies. + +backend: + rules: + - selector: 'google.cloud.bigquery.datapolicies.v1.DataPolicyService.*' + deadline: 60.0 + +authentication: + rules: + - selector: 'google.cloud.bigquery.datapolicies.v1.DataPolicyService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/bigquery, + https://www.googleapis.com/auth/cloud-platform diff --git a/google/cloud/bigquery/datapolicies/v1/datapolicies_v1_grpc_service_config.json b/google/cloud/bigquery/datapolicies/v1/datapolicies_v1_grpc_service_config.json new file mode 100644 index 0000000000000..2be87d59eb351 --- /dev/null +++ b/google/cloud/bigquery/datapolicies/v1/datapolicies_v1_grpc_service_config.json @@ -0,0 +1,50 @@ +{ + "methodConfig": [{ + "name": [ + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "CreateDataPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "UpdateDataPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "RenameDataPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "DeleteDataPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "GetDataPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "ListDataPolicies" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "GetIamPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "SetIamPolicy" + }, + { + "service": "google.cloud.bigquery.datapolicies.v1.DataPolicyService", + "method": "TestIamPermissions" + } + ], + "timeout": "60s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "1s", + "maxBackoff": "10s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": ["UNAVAILABLE"] + } + }] +} \ No newline at end of file diff --git a/google/cloud/bigquery/datapolicies/v1/datapolicy.proto b/google/cloud/bigquery/datapolicies/v1/datapolicy.proto new file mode 100644 index 0000000000000..f055f9d4593df --- /dev/null +++ b/google/cloud/bigquery/datapolicies/v1/datapolicy.proto @@ -0,0 +1,315 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.bigquery.datapolicies.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; + +option csharp_namespace = "Google.Cloud.BigQuery.DataPolicies.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/bigquery/datapolicies/v1;datapolicies"; +option java_multiple_files = true; +option java_outer_classname = "DataPolicyProto"; +option java_package = "com.google.cloud.bigquery.datapolicies.v1"; +option php_namespace = "Google\\Cloud\\BigQuery\\DataPolicies\\V1"; +option ruby_package = "Google::Cloud::Bigquery::DataPolicies::V1"; + +// Data Policy Service provides APIs for managing the label-policy bindings. +service DataPolicyService { + option (google.api.default_host) = "bigquerydatapolicy.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/bigquery," + "https://www.googleapis.com/auth/cloud-platform"; + + // Creates a new data policy under a project with the given `dataPolicyId` + // (used as the display name), policy tag, and data policy type. + rpc CreateDataPolicy(CreateDataPolicyRequest) returns (DataPolicy) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/dataPolicies" + body: "data_policy" + }; + option (google.api.method_signature) = "parent,data_policy"; + } + + // Updates the metadata for an existing data policy. The target data policy + // can be specified by the resource name. + rpc UpdateDataPolicy(UpdateDataPolicyRequest) returns (DataPolicy) { + option (google.api.http) = { + patch: "/v1/{data_policy.name=projects/*/locations/*/dataPolicies/*}" + body: "data_policy" + }; + option (google.api.method_signature) = "data_policy,update_mask"; + } + + // Renames the id (display name) of the specified data policy. + rpc RenameDataPolicy(RenameDataPolicyRequest) returns (DataPolicy) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/dataPolicies/*}:rename" + body: "*" + }; + option (google.api.method_signature) = "name,new_data_policy_id"; + } + + // Deletes the data policy specified by its resource name. + rpc DeleteDataPolicy(DeleteDataPolicyRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/locations/*/dataPolicies/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Gets the data policy specified by its resource name. + rpc GetDataPolicy(GetDataPolicyRequest) returns (DataPolicy) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/dataPolicies/*}" + }; + option (google.api.method_signature) = "name"; + } + + // List all of the data policies in the specified parent project. + rpc ListDataPolicies(ListDataPoliciesRequest) returns (ListDataPoliciesResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/dataPolicies" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets the IAM policy for the specified data policy. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:getIamPolicy" + body: "*" + }; + } + + // Sets the IAM policy for the specified data policy. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:setIamPolicy" + body: "*" + }; + } + + // Returns the caller's permission on the specified data policy resource. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:testIamPermissions" + body: "*" + }; + } +} + +// Request message for the CreateDataPolicy method. +message CreateDataPolicyRequest { + // Required. Resource name of the project that the data policy will belong to. The + // format is `projects/{project_number}/locations/{location_id}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "bigquerydatapolicy.googleapis.com/DataPolicy" + } + ]; + + // Required. The data policy to create. The `name` field does not need to be + // provided for the data policy creation. + DataPolicy data_policy = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Response message for the UpdateDataPolicy method. +message UpdateDataPolicyRequest { + // Required. Update the data policy's metadata. + // + // The target data policy is determined by the `name` field. + // Other fields are updated to the specified values based on the field masks. + DataPolicy data_policy = 1 [(google.api.field_behavior) = REQUIRED]; + + // The update mask applies to the resource. For the `FieldMask` definition, + // see + // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask + // If not set, defaults to all of the fields that are allowed to update. + // + // Updates to the `name` and `dataPolicyId` fields are not allowed. + google.protobuf.FieldMask update_mask = 2; +} + +// Request message for the RenameDataPolicy method. +message RenameDataPolicyRequest { + // Required. Resource name of the data policy to rename. The format is + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The new data policy id. + string new_data_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for the DeleteDataPolicy method. +message DeleteDataPolicyRequest { + // Required. Resource name of the data policy to delete. Format is + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "bigquerydatapolicy.googleapis.com/DataPolicy" + } + ]; +} + +// Request message for the GetDataPolicy method. +message GetDataPolicyRequest { + // Required. Resource name of the requested data policy. Format is + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "bigquerydatapolicy.googleapis.com/DataPolicy" + } + ]; +} + +// Request message for the ListDataPolicies method. +message ListDataPoliciesRequest { + // Required. Resource name of the project for which to list data policies. Format is + // `projects/{project_number}/locations/{location_id}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "bigquerydatapolicy.googleapis.com/DataPolicy" + } + ]; + + // The maximum number of data policies to return. Must be a value between 1 + // and 1000. + // If not set, defaults to 50. + int32 page_size = 2; + + // The `nextPageToken` value returned from a previous list request, if any. If + // not set, defaults to an empty string. + string page_token = 3; + + // Filters the data policies by policy tags that they + // are associated with. Currently filter only supports + // "policy_tag" based filtering and OR based predicates. Sample + // filter can be "policy_tag: + // 'projects/1/locations/us/taxonomies/2/policyTags/3'". You may use wildcard + // such as "policy_tag: + // 'projects/1/locations/us/taxonomies/2/*'". + string filter = 4; +} + +// Response message for the ListDataPolicies method. +message ListDataPoliciesResponse { + // Data policies that belong to the requested project. + repeated DataPolicy data_policies = 1; + + // Token used to retrieve the next page of results, or empty if there are no + // more results. + string next_page_token = 2; +} + +// Represents the label-policy binding. +message DataPolicy { + option (google.api.resource) = { + type: "bigquerydatapolicy.googleapis.com/DataPolicy" + pattern: "projects/{project}/locations/{location}/dataPolicies/{data_policy}" + }; + + // A list of supported data policy types. + enum DataPolicyType { + // Default value for the data policy type. This should not be used. + DATA_POLICY_TYPE_UNSPECIFIED = 0; + + // Used to create a data policy for column-level security, without data + // masking. + COLUMN_LEVEL_SECURITY_POLICY = 3; + + // Used to create a data policy for data masking. + DATA_MASKING_POLICY = 2; + } + + // Label that is bound to this data policy. + oneof matching_label { + // Policy tag resource name, in the format of + // `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`. + string policy_tag = 4; + } + + // The policy that is bound to this data policy. + oneof policy { + // The data masking policy that specifies the data masking rule to use. + DataMaskingPolicy data_masking_policy = 5; + } + + // Output only. Resource name of this data policy, in the format of + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Type of data policy. + DataPolicyType data_policy_type = 2; + + // User-assigned (human readable) ID of the data policy that needs to be + // unique within a project. Used as {data_policy_id} in part of the resource + // name. + string data_policy_id = 3; +} + +// The data masking policy that is used to specify data masking rule. +message DataMaskingPolicy { + // The available masking rules. Learn more here: + // https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + enum PredefinedExpression { + // Default, unspecified predefined expression. No masking will take place + // since no expression is specified. + PREDEFINED_EXPRESSION_UNSPECIFIED = 0; + + // Masking expression to replace data with SHA-256 hash. + SHA256 = 3; + + // Masking expression to replace data with NULLs. + ALWAYS_NULL = 5; + + // Masking expression to replace data with their default masking values. + // The default masking values for each type listed as below: + // + // * STRING: "" + // * BYTES: b'' + // * INTEGER: 0 + // * FLOAT: 0.0 + // * NUMERIC: 0 + // * BOOLEAN: FALSE + // * TIMESTAMP: 0001-01-01 00:00:00 UTC + // * DATE: 0001-01-01 + // * TIME: 00:00:00 + // * DATETIME: 0001-01-01T00:00:00 + // * GEOGRAPHY: POINT(0 0) + // * BIGNUMERIC: 0 + // * ARRAY: [] + // * STRUCT: NOT_APPLICABLE + // * JSON: NULL + DEFAULT_MASKING_VALUE = 7; + } + + // A masking expression to bind to the data masking rule. + oneof masking_expression { + // A predefined masking expression. + PredefinedExpression predefined_expression = 1; + } +}