1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.dialogflow.cx.v3beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/empty.proto"; 24import "google/protobuf/field_mask.proto"; 25 26option cc_enable_arenas = true; 27option csharp_namespace = "Google.Cloud.Dialogflow.Cx.V3Beta1"; 28option go_package = "cloud.google.com/go/dialogflow/cx/apiv3beta1/cxpb;cxpb"; 29option java_multiple_files = true; 30option java_outer_classname = "SecuritySettingsProto"; 31option java_package = "com.google.cloud.dialogflow.cx.v3beta1"; 32option objc_class_prefix = "DF"; 33option ruby_package = "Google::Cloud::Dialogflow::CX::V3beta1"; 34option (google.api.resource_definition) = { 35 type: "dlp.googleapis.com/InspectTemplate" 36 pattern: "organizations/{organization}/locations/{location}/inspectTemplates/{inspect_template}" 37 pattern: "projects/{project}/locations/{location}/inspectTemplates/{inspect_template}" 38}; 39option (google.api.resource_definition) = { 40 type: "dlp.googleapis.com/DeidentifyTemplate" 41 pattern: "organizations/{organization}/locations/{location}/deidentifyTemplates/{deidentify_template}" 42 pattern: "projects/{project}/locations/{location}/deidentifyTemplates/{deidentify_template}" 43}; 44 45// Service for managing security settings for Dialogflow. 46service SecuritySettingsService { 47 option (google.api.default_host) = "dialogflow.googleapis.com"; 48 option (google.api.oauth_scopes) = 49 "https://www.googleapis.com/auth/cloud-platform," 50 "https://www.googleapis.com/auth/dialogflow"; 51 52 // Create security settings in the specified location. 53 rpc CreateSecuritySettings(CreateSecuritySettingsRequest) 54 returns (SecuritySettings) { 55 option (google.api.http) = { 56 post: "/v3beta1/{parent=projects/*/locations/*}/securitySettings" 57 body: "security_settings" 58 }; 59 option (google.api.method_signature) = "parent,security_settings"; 60 } 61 62 // Retrieves the specified 63 // [SecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettings]. 64 // The returned settings may be stale by up to 1 minute. 65 rpc GetSecuritySettings(GetSecuritySettingsRequest) 66 returns (SecuritySettings) { 67 option (google.api.http) = { 68 get: "/v3beta1/{name=projects/*/locations/*/securitySettings/*}" 69 }; 70 option (google.api.method_signature) = "name"; 71 } 72 73 // Updates the specified 74 // [SecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettings]. 75 rpc UpdateSecuritySettings(UpdateSecuritySettingsRequest) 76 returns (SecuritySettings) { 77 option (google.api.http) = { 78 patch: "/v3beta1/{security_settings.name=projects/*/locations/*/securitySettings/*}" 79 body: "security_settings" 80 }; 81 option (google.api.method_signature) = "security_settings,update_mask"; 82 } 83 84 // Returns the list of all security settings in the specified location. 85 rpc ListSecuritySettings(ListSecuritySettingsRequest) 86 returns (ListSecuritySettingsResponse) { 87 option (google.api.http) = { 88 get: "/v3beta1/{parent=projects/*/locations/*}/securitySettings" 89 }; 90 option (google.api.method_signature) = "parent"; 91 } 92 93 // Deletes the specified 94 // [SecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettings]. 95 rpc DeleteSecuritySettings(DeleteSecuritySettingsRequest) 96 returns (google.protobuf.Empty) { 97 option (google.api.http) = { 98 delete: "/v3beta1/{name=projects/*/locations/*/securitySettings/*}" 99 }; 100 option (google.api.method_signature) = "name"; 101 } 102} 103 104// The request message for 105// [SecuritySettingsService.GetSecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettingsService.GetSecuritySettings]. 106message GetSecuritySettingsRequest { 107 // Required. Resource name of the settings. 108 // Format: `projects/<Project ID>/locations/<Location 109 // ID>/securitySettings/<security settings ID>`. 110 string name = 1 [ 111 (google.api.field_behavior) = REQUIRED, 112 (google.api.resource_reference) = { 113 type: "dialogflow.googleapis.com/SecuritySettings" 114 } 115 ]; 116} 117 118// The request message for 119// [SecuritySettingsService.UpdateSecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettingsService.UpdateSecuritySettings]. 120message UpdateSecuritySettingsRequest { 121 // Required. [SecuritySettings] object that contains values for each of the 122 // fields to update. 123 SecuritySettings security_settings = 1 124 [(google.api.field_behavior) = REQUIRED]; 125 126 // Required. The mask to control which fields get updated. If the mask is not 127 // present, all fields will be updated. 128 google.protobuf.FieldMask update_mask = 2 129 [(google.api.field_behavior) = REQUIRED]; 130} 131 132// The request message for [SecuritySettings.ListSecuritySettings][]. 133message ListSecuritySettingsRequest { 134 // Required. The location to list all security settings for. 135 // Format: `projects/<Project ID>/locations/<Location ID>`. 136 string parent = 1 [ 137 (google.api.field_behavior) = REQUIRED, 138 (google.api.resource_reference) = { 139 child_type: "dialogflow.googleapis.com/SecuritySettings" 140 } 141 ]; 142 143 // The maximum number of items to return in a single page. By default 20 and 144 // at most 100. 145 int32 page_size = 2; 146 147 // The next_page_token value returned from a previous list request. 148 string page_token = 3; 149} 150 151// The response message for [SecuritySettings.ListSecuritySettings][]. 152message ListSecuritySettingsResponse { 153 // The list of security settings. 154 repeated SecuritySettings security_settings = 1; 155 156 // Token to retrieve the next page of results, or empty if there are no more 157 // results in the list. 158 string next_page_token = 2; 159} 160 161// The request message for [SecuritySettings.CreateSecuritySettings][]. 162message CreateSecuritySettingsRequest { 163 // Required. The location to create an 164 // [SecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettings] 165 // for. Format: `projects/<Project ID>/locations/<Location ID>`. 166 string parent = 1 [ 167 (google.api.field_behavior) = REQUIRED, 168 (google.api.resource_reference) = { 169 child_type: "dialogflow.googleapis.com/SecuritySettings" 170 } 171 ]; 172 173 // Required. The security settings to create. 174 SecuritySettings security_settings = 2 175 [(google.api.field_behavior) = REQUIRED]; 176} 177 178// The request message for [SecuritySettings.DeleteSecuritySettings][]. 179message DeleteSecuritySettingsRequest { 180 // Required. The name of the 181 // [SecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettings] to 182 // delete. Format: `projects/<Project ID>/locations/<Location 183 // ID>/securitySettings/<Security Settings ID>`. 184 string name = 1 [ 185 (google.api.field_behavior) = REQUIRED, 186 (google.api.resource_reference) = { 187 type: "dialogflow.googleapis.com/SecuritySettings" 188 } 189 ]; 190} 191 192// Represents the settings related to security issues, such as data redaction 193// and data retention. It may take hours for updates on the settings to 194// propagate to all the related components and take effect. 195message SecuritySettings { 196 option (google.api.resource) = { 197 type: "dialogflow.googleapis.com/SecuritySettings" 198 pattern: "projects/{project}/locations/{location}/securitySettings/{security_settings}" 199 }; 200 201 // Defines how we redact data. 202 enum RedactionStrategy { 203 // Do not redact. 204 REDACTION_STRATEGY_UNSPECIFIED = 0; 205 206 // Call redaction service to clean up the data to be persisted. 207 REDACT_WITH_SERVICE = 1; 208 } 209 210 // Defines what types of data to redact. 211 enum RedactionScope { 212 // Don't redact any kind of data. 213 REDACTION_SCOPE_UNSPECIFIED = 0; 214 215 // On data to be written to disk or similar devices that are capable of 216 // holding data even if power is disconnected. This includes data that are 217 // temporarily saved on disk. 218 REDACT_DISK_STORAGE = 2; 219 } 220 221 // Defines how long we retain persisted data that contains sensitive info. 222 enum RetentionStrategy { 223 // Retains the persisted data with Dialogflow's internal default 365d TTLs. 224 RETENTION_STRATEGY_UNSPECIFIED = 0; 225 226 // Removes data when the conversation ends. If there is no [Conversation][] 227 // explicitly established, a default conversation ends when the 228 // corresponding Dialogflow session ends. 229 REMOVE_AFTER_CONVERSATION = 1; 230 } 231 232 // Type of data we purge after retention settings triggers purge. 233 enum PurgeDataType { 234 // Unspecified. Do not use. 235 PURGE_DATA_TYPE_UNSPECIFIED = 0; 236 237 // Dialogflow history. This does not include Cloud logging, which is 238 // owned by the user - not Dialogflow. 239 DIALOGFLOW_HISTORY = 1; 240 } 241 242 // Settings for exporting audio. 243 message AudioExportSettings { 244 // File format for exported audio file. Currently only in telephony 245 // recordings. 246 enum AudioFormat { 247 // Unspecified. Do not use. 248 AUDIO_FORMAT_UNSPECIFIED = 0; 249 250 // G.711 mu-law PCM with 8kHz sample rate. 251 MULAW = 1; 252 253 // MP3 file format. 254 MP3 = 2; 255 256 // OGG Vorbis. 257 OGG = 3; 258 } 259 260 // Cloud Storage bucket to export audio record to. 261 // Setting this field would grant the Storage Object Creator role to 262 // the Dialogflow Service Agent. 263 // API caller that tries to modify this field should have the permission of 264 // storage.buckets.setIamPolicy. 265 string gcs_bucket = 1; 266 267 // Filename pattern for exported audio. 268 string audio_export_pattern = 2; 269 270 // Enable audio redaction if it is true. 271 // Note that this only redacts end-user audio data; 272 // Synthesised audio from the virtual agent is not redacted. 273 bool enable_audio_redaction = 3; 274 275 // File format for exported audio file. Currently only in telephony 276 // recordings. 277 AudioFormat audio_format = 4; 278 } 279 280 // Settings for exporting conversations to 281 // [Insights](https://cloud.google.com/contact-center/insights/docs). 282 message InsightsExportSettings { 283 // If enabled, we will automatically exports 284 // conversations to Insights and Insights runs its analyzers. 285 bool enable_insights_export = 1; 286 } 287 288 // Resource name of the settings. 289 // Required for the 290 // [SecuritySettingsService.UpdateSecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettingsService.UpdateSecuritySettings] 291 // method. 292 // [SecuritySettingsService.CreateSecuritySettings][google.cloud.dialogflow.cx.v3beta1.SecuritySettingsService.CreateSecuritySettings] 293 // populates the name automatically. Format: `projects/<Project 294 // ID>/locations/<Location ID>/securitySettings/<Security Settings ID>`. 295 string name = 1; 296 297 // Required. The human-readable name of the security settings, unique within 298 // the location. 299 string display_name = 2 [(google.api.field_behavior) = REQUIRED]; 300 301 // Strategy that defines how we do redaction. 302 RedactionStrategy redaction_strategy = 3; 303 304 // Defines the data for which Dialogflow applies redaction. Dialogflow does 305 // not redact data that it does not have access to – for example, Cloud 306 // logging. 307 RedactionScope redaction_scope = 4; 308 309 // [DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this 310 // template to define inspect base settings. 311 // 312 // The `DLP Inspect Templates Reader` role is needed on the Dialogflow 313 // service identity service account (has the form 314 // `[email protected]`) 315 // for your agent's project. 316 // 317 // If empty, we use the default DLP inspect config. 318 // 319 // The template name will have one of the following formats: 320 // `projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template 321 // ID>` OR `organizations/<Organization ID>/locations/<Location 322 // ID>/inspectTemplates/<Template ID>` 323 // 324 // Note: `inspect_template` must be located in the same region as the 325 // `SecuritySettings`. 326 string inspect_template = 9 [(google.api.resource_reference) = { 327 type: "dlp.googleapis.com/InspectTemplate" 328 }]; 329 330 // [DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this 331 // template to define de-identification configuration for the content. 332 // 333 // The `DLP De-identify Templates Reader` role is needed on the Dialogflow 334 // service identity service account (has the form 335 // `[email protected]`) 336 // for your agent's project. 337 // 338 // If empty, Dialogflow replaces sensitive info with `[redacted]` text. 339 // 340 // The template name will have one of the following formats: 341 // `projects/<Project ID>/locations/<Location 342 // ID>/deidentifyTemplates/<Template ID>` OR `organizations/<Organization 343 // ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>` 344 // 345 // Note: `deidentify_template` must be located in the same region as the 346 // `SecuritySettings`. 347 string deidentify_template = 17 [(google.api.resource_reference) = { 348 type: "dlp.googleapis.com/DeidentifyTemplate" 349 }]; 350 351 // Specifies how data is retained. Note that even if the data is 352 // purged due to retention policy, we may still hold it in backup storage for 353 // a few days without allowing direct readings. 354 oneof data_retention { 355 // Retains data in interaction logging for the specified number of days. 356 // This does not apply to Cloud logging, which is owned by the user - not 357 // Dialogflow. 358 // User must set a value lower than Dialogflow's default 365d TTL (30 days 359 // for Agent Assist traffic), higher value will be ignored and use default. 360 // Setting a value higher than that has no effect. A missing value or 361 // setting to 0 also means we use default TTL. 362 // When data retention configuration is changed, it only applies to the data 363 // created after the change; the TTL of existing data created before the 364 // change stays intact. 365 int32 retention_window_days = 6; 366 367 // Specifies the retention behavior defined by 368 // [SecuritySettings.RetentionStrategy][google.cloud.dialogflow.cx.v3beta1.SecuritySettings.RetentionStrategy]. 369 RetentionStrategy retention_strategy = 7; 370 } 371 372 // List of types of data to remove when retention settings triggers purge. 373 repeated PurgeDataType purge_data_types = 8; 374 375 // Controls audio export settings for post-conversation analytics when 376 // ingesting audio to conversations via [Participants.AnalyzeContent][] or 377 // [Participants.StreamingAnalyzeContent][]. 378 // 379 // If 380 // [retention_strategy][google.cloud.dialogflow.cx.v3beta1.SecuritySettings.retention_strategy] 381 // is set to REMOVE_AFTER_CONVERSATION or [audio_export_settings.gcs_bucket][] 382 // is empty, audio export is disabled. 383 // 384 // If audio export is enabled, audio is recorded and saved to 385 // [audio_export_settings.gcs_bucket][], subject to retention policy of 386 // [audio_export_settings.gcs_bucket][]. 387 // 388 // This setting won't effect audio input for implicit sessions via 389 // [Sessions.DetectIntent][google.cloud.dialogflow.cx.v3beta1.Sessions.DetectIntent] 390 // or 391 // [Sessions.StreamingDetectIntent][google.cloud.dialogflow.cx.v3beta1.Sessions.StreamingDetectIntent]. 392 AudioExportSettings audio_export_settings = 12; 393 394 // Controls conversation exporting settings to Insights after conversation is 395 // completed. 396 // 397 // If 398 // [retention_strategy][google.cloud.dialogflow.cx.v3beta1.SecuritySettings.retention_strategy] 399 // is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter 400 // what you configure here. 401 InsightsExportSettings insights_export_settings = 13; 402} 403