1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.dialogflow.cx.v3; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/empty.proto"; 24import "google/protobuf/field_mask.proto"; 25 26option cc_enable_arenas = true; 27option csharp_namespace = "Google.Cloud.Dialogflow.Cx.V3"; 28option go_package = "cloud.google.com/go/dialogflow/cx/apiv3/cxpb;cxpb"; 29option java_multiple_files = true; 30option java_outer_classname = "SecuritySettingsProto"; 31option java_package = "com.google.cloud.dialogflow.cx.v3"; 32option objc_class_prefix = "DF"; 33option ruby_package = "Google::Cloud::Dialogflow::CX::V3"; 34option (google.api.resource_definition) = { 35 type: "dlp.googleapis.com/InspectTemplate" 36 pattern: "organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template}" 37 pattern: "projects/{project}/locations/{location}/inspectTemplates/{inspect_template}" 38}; 39option (google.api.resource_definition) = { 40 type: "dlp.googleapis.com/DeidentifyTemplate" 41 pattern: "organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template}" 42 pattern: "projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template}" 43}; 44 45// Service for managing security settings for Dialogflow. 46service SecuritySettingsService { 47 option (google.api.default_host) = "dialogflow.googleapis.com"; 48 option (google.api.oauth_scopes) = 49 "https://www.googleapis.com/auth/cloud-platform," 50 "https://www.googleapis.com/auth/dialogflow"; 51 52 // Create security settings in the specified location. 53 rpc CreateSecuritySettings(CreateSecuritySettingsRequest) 54 returns (SecuritySettings) { 55 option (google.api.http) = { 56 post: "/v3/{parent=projects/*/locations/*}/securitySettings" 57 body: "security_settings" 58 }; 59 option (google.api.method_signature) = "parent,security_settings"; 60 } 61 62 // Retrieves the specified 63 // [SecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettings]. The 64 // returned settings may be stale by up to 1 minute. 65 rpc GetSecuritySettings(GetSecuritySettingsRequest) 66 returns (SecuritySettings) { 67 option (google.api.http) = { 68 get: "/v3/{name=projects/*/locations/*/securitySettings/*}" 69 }; 70 option (google.api.method_signature) = "name"; 71 } 72 73 // Updates the specified 74 // [SecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettings]. 75 rpc UpdateSecuritySettings(UpdateSecuritySettingsRequest) 76 returns (SecuritySettings) { 77 option (google.api.http) = { 78 patch: "/v3/{security_settings.name=projects/*/locations/*/securitySettings/*}" 79 body: "security_settings" 80 }; 81 option (google.api.method_signature) = "security_settings,update_mask"; 82 } 83 84 // Returns the list of all security settings in the specified location. 85 rpc ListSecuritySettings(ListSecuritySettingsRequest) 86 returns (ListSecuritySettingsResponse) { 87 option (google.api.http) = { 88 get: "/v3/{parent=projects/*/locations/*}/securitySettings" 89 }; 90 option (google.api.method_signature) = "parent"; 91 } 92 93 // Deletes the specified 94 // [SecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettings]. 95 rpc DeleteSecuritySettings(DeleteSecuritySettingsRequest) 96 returns (google.protobuf.Empty) { 97 option (google.api.http) = { 98 delete: "/v3/{name=projects/*/locations/*/securitySettings/*}" 99 }; 100 option (google.api.method_signature) = "name"; 101 } 102} 103 104// The request message for 105// [SecuritySettingsService.GetSecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettingsService.GetSecuritySettings]. 106message GetSecuritySettingsRequest { 107 // Required. Resource name of the settings. 108 // Format: `projects/<Project ID>/locations/<Location 109 // ID>/securitySettings/<security settings ID>`. 110 string name = 1 [ 111 (google.api.field_behavior) = REQUIRED, 112 (google.api.resource_reference) = { 113 type: "dialogflow.googleapis.com/SecuritySettings" 114 } 115 ]; 116} 117 118// The request message for 119// [SecuritySettingsService.UpdateSecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettingsService.UpdateSecuritySettings]. 120message UpdateSecuritySettingsRequest { 121 // Required. [SecuritySettings] object that contains values for each of the 122 // fields to update. 123 SecuritySettings security_settings = 1 124 [(google.api.field_behavior) = REQUIRED]; 125 126 // Required. The mask to control which fields get updated. If the mask is not 127 // present, all fields will be updated. 128 google.protobuf.FieldMask update_mask = 2 129 [(google.api.field_behavior) = REQUIRED]; 130} 131 132// The request message for [SecuritySettings.ListSecuritySettings][]. 133message ListSecuritySettingsRequest { 134 // Required. The location to list all security settings for. 135 // Format: `projects/<Project ID>/locations/<Location ID>`. 136 string parent = 1 [ 137 (google.api.field_behavior) = REQUIRED, 138 (google.api.resource_reference) = { 139 child_type: "dialogflow.googleapis.com/SecuritySettings" 140 } 141 ]; 142 143 // The maximum number of items to return in a single page. By default 20 and 144 // at most 100. 145 int32 page_size = 2; 146 147 // The next_page_token value returned from a previous list request. 148 string page_token = 3; 149} 150 151// The response message for [SecuritySettings.ListSecuritySettings][]. 152message ListSecuritySettingsResponse { 153 // The list of security settings. 154 repeated SecuritySettings security_settings = 1; 155 156 // Token to retrieve the next page of results, or empty if there are no more 157 // results in the list. 158 string next_page_token = 2; 159} 160 161// The request message for [SecuritySettings.CreateSecuritySettings][]. 162message CreateSecuritySettingsRequest { 163 // Required. The location to create an 164 // [SecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettings] for. 165 // Format: `projects/<Project ID>/locations/<Location ID>`. 166 string parent = 1 [ 167 (google.api.field_behavior) = REQUIRED, 168 (google.api.resource_reference) = { 169 child_type: "dialogflow.googleapis.com/SecuritySettings" 170 } 171 ]; 172 173 // Required. The security settings to create. 174 SecuritySettings security_settings = 2 175 [(google.api.field_behavior) = REQUIRED]; 176} 177 178// The request message for [SecuritySettings.DeleteSecuritySettings][]. 179message DeleteSecuritySettingsRequest { 180 // Required. The name of the 181 // [SecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettings] to 182 // delete. Format: `projects/<Project ID>/locations/<Location 183 // ID>/securitySettings/<Security Settings ID>`. 184 string name = 1 [ 185 (google.api.field_behavior) = REQUIRED, 186 (google.api.resource_reference) = { 187 type: "dialogflow.googleapis.com/SecuritySettings" 188 } 189 ]; 190} 191 192// Represents the settings related to security issues, such as data redaction 193// and data retention. It may take hours for updates on the settings to 194// propagate to all the related components and take effect. 195message SecuritySettings { 196 option (google.api.resource) = { 197 type: "dialogflow.googleapis.com/SecuritySettings" 198 pattern: "projects/{project}/locations/{location}/securitySettings/{security_settings}" 199 }; 200 201 // Defines how we redact data. 202 enum RedactionStrategy { 203 // Do not redact. 204 REDACTION_STRATEGY_UNSPECIFIED = 0; 205 206 // Call redaction service to clean up the data to be persisted. 207 REDACT_WITH_SERVICE = 1; 208 } 209 210 // Defines what types of data to redact. 211 enum RedactionScope { 212 // Don't redact any kind of data. 213 REDACTION_SCOPE_UNSPECIFIED = 0; 214 215 // On data to be written to disk or similar devices that are capable of 216 // holding data even if power is disconnected. This includes data that are 217 // temporarily saved on disk. 218 REDACT_DISK_STORAGE = 2; 219 } 220 221 // Defines how long we retain persisted data that contains sensitive info. 222 enum RetentionStrategy { 223 // Retains the persisted data with Dialogflow's internal default 365d TTLs. 224 RETENTION_STRATEGY_UNSPECIFIED = 0; 225 226 // Removes data when the conversation ends. If there is no [Conversation][] 227 // explicitly established, a default conversation ends when the 228 // corresponding Dialogflow session ends. 229 REMOVE_AFTER_CONVERSATION = 1; 230 } 231 232 // Type of data we purge after retention settings triggers purge. 233 enum PurgeDataType { 234 // Unspecified. Do not use. 235 PURGE_DATA_TYPE_UNSPECIFIED = 0; 236 237 // Dialogflow history. This does not include Cloud logging, which is 238 // owned by the user - not Dialogflow. 239 DIALOGFLOW_HISTORY = 1; 240 } 241 242 // Settings for exporting audio. 243 message AudioExportSettings { 244 // File format for exported audio file. Currently only in telephony 245 // recordings. 246 enum AudioFormat { 247 // Unspecified. Do not use. 248 AUDIO_FORMAT_UNSPECIFIED = 0; 249 250 // G.711 mu-law PCM with 8kHz sample rate. 251 MULAW = 1; 252 253 // MP3 file format. 254 MP3 = 2; 255 256 // OGG Vorbis. 257 OGG = 3; 258 } 259 260 // Cloud Storage bucket to export audio record to. 261 // Setting this field would grant the Storage Object Creator role to 262 // the Dialogflow Service Agent. 263 // API caller that tries to modify this field should have the permission of 264 // storage.buckets.setIamPolicy. 265 string gcs_bucket = 1; 266 267 // Filename pattern for exported audio. 268 string audio_export_pattern = 2; 269 270 // Enable audio redaction if it is true. 271 bool enable_audio_redaction = 3; 272 273 // File format for exported audio file. Currently only in telephony 274 // recordings. 275 AudioFormat audio_format = 4; 276 } 277 278 // Settings for exporting conversations to 279 // [Insights](https://cloud.google.com/contact-center/insights/docs). 280 message InsightsExportSettings { 281 // If enabled, we will automatically exports 282 // conversations to Insights and Insights runs its analyzers. 283 bool enable_insights_export = 1; 284 } 285 286 // Resource name of the settings. 287 // Required for the 288 // [SecuritySettingsService.UpdateSecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettingsService.UpdateSecuritySettings] 289 // method. 290 // [SecuritySettingsService.CreateSecuritySettings][google.cloud.dialogflow.cx.v3.SecuritySettingsService.CreateSecuritySettings] 291 // populates the name automatically. Format: `projects/<Project 292 // ID>/locations/<Location ID>/securitySettings/<Security Settings ID>`. 293 string name = 1; 294 295 // Required. The human-readable name of the security settings, unique within 296 // the location. 297 string display_name = 2 [(google.api.field_behavior) = REQUIRED]; 298 299 // Strategy that defines how we do redaction. 300 RedactionStrategy redaction_strategy = 3; 301 302 // Defines the data for which Dialogflow applies redaction. Dialogflow does 303 // not redact data that it does not have access to – for example, Cloud 304 // logging. 305 RedactionScope redaction_scope = 4; 306 307 // [DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this 308 // template to define inspect base settings. 309 // 310 // The `DLP Inspect Templates Reader` role is needed on the Dialogflow 311 // service identity service account (has the form 312 // `[email protected]`) 313 // for your agent's project. 314 // 315 // If empty, we use the default DLP inspect config. 316 // 317 // The template name will have one of the following formats: 318 // `projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template 319 // ID>` OR `organizations/<Organization ID>/locations/<Location 320 // ID>/inspectTemplates/<Template ID>` 321 // 322 // Note: `inspect_template` must be located in the same region as the 323 // `SecuritySettings`. 324 string inspect_template = 9 [(google.api.resource_reference) = { 325 type: "dlp.googleapis.com/InspectTemplate" 326 }]; 327 328 // [DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this 329 // template to define de-identification configuration for the content. 330 // 331 // The `DLP De-identify Templates Reader` role is needed on the Dialogflow 332 // service identity service account (has the form 333 // `[email protected]`) 334 // for your agent's project. 335 // 336 // If empty, Dialogflow replaces sensitive info with `[redacted]` text. 337 // 338 // The template name will have one of the following formats: 339 // `projects/<Project ID>/locations/<Location 340 // ID>/deidentifyTemplates/<Template ID>` OR `organizations/<Organization 341 // ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>` 342 // 343 // Note: `deidentify_template` must be located in the same region as the 344 // `SecuritySettings`. 345 string deidentify_template = 17 [(google.api.resource_reference) = { 346 type: "dlp.googleapis.com/DeidentifyTemplate" 347 }]; 348 349 // Specifies how data is retained. Note that even if the data is 350 // purged due to retention policy, we may still hold it in backup storage for 351 // a few days without allowing direct readings. 352 oneof data_retention { 353 // Retains the data for the specified number of days. 354 // User must set a value lower than Dialogflow's default 365d TTL (30 days 355 // for Agent Assist traffic), higher value will be ignored and use default. 356 // Setting a value higher than that has no effect. A missing value or 357 // setting to 0 also means we use default TTL. 358 int32 retention_window_days = 6; 359 360 // Specifies the retention behavior defined by 361 // [SecuritySettings.RetentionStrategy][google.cloud.dialogflow.cx.v3.SecuritySettings.RetentionStrategy]. 362 RetentionStrategy retention_strategy = 7; 363 } 364 365 // List of types of data to remove when retention settings triggers purge. 366 repeated PurgeDataType purge_data_types = 8; 367 368 // Controls audio export settings for post-conversation analytics when 369 // ingesting audio to conversations via [Participants.AnalyzeContent][] or 370 // [Participants.StreamingAnalyzeContent][]. 371 // 372 // If 373 // [retention_strategy][google.cloud.dialogflow.cx.v3.SecuritySettings.retention_strategy] 374 // is set to REMOVE_AFTER_CONVERSATION or [audio_export_settings.gcs_bucket][] 375 // is empty, audio export is disabled. 376 // 377 // If audio export is enabled, audio is recorded and saved to 378 // [audio_export_settings.gcs_bucket][], subject to retention policy of 379 // [audio_export_settings.gcs_bucket][]. 380 // 381 // This setting won't effect audio input for implicit sessions via 382 // [Sessions.DetectIntent][google.cloud.dialogflow.cx.v3.Sessions.DetectIntent] 383 // or 384 // [Sessions.StreamingDetectIntent][google.cloud.dialogflow.cx.v3.Sessions.StreamingDetectIntent]. 385 AudioExportSettings audio_export_settings = 12; 386 387 // Controls conversation exporting settings to Insights after conversation is 388 // completed. 389 // 390 // If 391 // [retention_strategy][google.cloud.dialogflow.cx.v3.SecuritySettings.retention_strategy] 392 // is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter 393 // what you configure here. 394 InsightsExportSettings insights_export_settings = 13; 395} 396