Mengonfigurasi setelan batas bawah Model Armor

Dokumen ini menjelaskan cara melihat dan memperbarui setelan batas Model Armor dan memberikan contoh pelanggaran setelan batas.

Setelan dasar Model Armor menentukan aturan yang menetapkan persyaratan minimum untuk semua template Model Armor yang dibuat pada titik tertentu dalam hierarki resource Google Cloud (yaitu, di level organisasi, folder, atau project). Jika beberapa setelan lantai bertentangan, setelan yang lebih rendah dalam hierarki resource akan lebih diutamakan. Misalnya, jika kebijakan setelan minimum dibuat di level folder dan project, kebijakan level project akan diterapkan. Perilaku ini hanya berlaku untuk project yang berada di dalam folder tertentu tersebut.

Misalnya, Anda telah menetapkan kebijakan tingkat folder pada folder tertentu, yang mengaktifkan filter URI berbahaya untuk semua konten di dalamnya. Kemudian, di dalam folder yang sama tersebut, Anda memiliki project tertentu. Di project ini, Anda telah mengonfigurasi kebijakan tingkat project yang lebih spesifik. Kebijakan tingkat project ini memerlukan deteksi injeksi perintah dan pelarian dari batasan dengan nilai minimum keyakinan sedang.

Hasilnya adalah sebagai berikut:

  • Semua template Model Armor yang dibuat dalam project tertentu ini harus menyertakan filter deteksi injeksi prompt dan pelarian dari batasan, yang ditetapkan dengan setidaknya nilai minimum keyakinan sedang. Hal ini karena kebijakan level project menetapkan persyaratan minimum untuk semua template dalam project tersebut.

  • Template yang dibuat di luar folder induk project ini tidak terpengaruh oleh kebijakan folder tertentu tersebut. Jadi, jika Anda membuat template di folder lain atau di tingkat root, template tidak akan otomatis memerlukan filter URI berbahaya yang ditetapkan untuk folder tertentu ini. Hal ini menunjukkan bahwa kebijakan ini dicakup ke tingkat hierarki tertentu dan tidak berlaku secara global kecuali ditetapkan di tingkat organisasi yang lebih tinggi dan lebih luas.

Setelan minimum membantu CISO dan arsitek keamanan menerapkan postur keamanan minimum untuk semua template Model Armor di organisasi mereka. Setelan ini membantu mencegah developer melanggar standar keamanan. Jika Anda menggunakan tingkat layanan Premium atau Enterprise Security Command Center, pelanggaran setelan lantai akan memicu temuan. Jika template dengan setelan yang tidak terlalu ketat dibuat sebelum setelan batas bawah, Security Command Center akan menampilkan temuan. Setelan ini membantu Anda mengidentifikasi dan memperbaiki template Model Armor yang kurang aman. Setelan lantai tidak dapat menerapkan Perlindungan Data Sensitif.

Sebelum memulai

Sebelum memulai, selesaikan tugas berikut.

Mendapatkan izin yang diperlukan

Untuk mendapatkan izin yang diperlukan guna mengelola setelan lantai, minta administrator untuk memberi Anda peran IAM Admin Setelan Lantai Model Armor (roles/modelarmor.floorSettingsAdmin) di setelan lantai Model Armor. Untuk mengetahui informasi selengkapnya tentang cara memberikan peran, lihat Mengelola akses ke project, folder, dan organisasi.

Anda mungkin juga bisa mendapatkan izin yang diperlukan melalui peran khusus atau peran bawaan lainnya.

Mengaktifkan API

Anda harus mengaktifkan Model Armor API sebelum dapat menggunakan Model Armor.

Konsol

  1. Enable the Model Armor API.

    Enable the API

  2. Pilih project tempat Anda ingin mengaktifkan Model Armor.

gcloud

Sebelum memulai, ikuti langkah-langkah berikut menggunakan Google Cloud CLI dengan Model Armor API:

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Jalankan perintah berikut untuk menetapkan endpoint API untuk layanan Model Armor.

    gcloud config set api_endpoint_overrides/modelarmor "https://modelarmor.LOCATION.rep.googleapis.com/"

    Ganti LOCATION dengan region tempat Anda ingin menggunakan Model Armor.

    3. Jalankan perintah berikut untuk mengaktifkan Model Armor.

      gcloud services enable modelarmor.googleapis.com --project=PROJECT_ID

    Ganti PROJECT_ID dengan ID project.

    Integrasi dengan Vertex AI

    Model Armor terintegrasi dengan Vertex AI untuk menyaring permintaan dan respons model Gemini berdasarkan setelan batas bawah yang Anda tentukan. Anda perlu mengaktifkan Cloud Logging untuk mendapatkan visibilitas ke dalam perintah dan respons. Untuk mengetahui informasi selengkapnya, lihat Integrasi Model Armor dengan Vertex AI.

    Mengonfigurasi setelan lantai

    Anda menggunakan setelan nilai minimum untuk mengonfigurasi nilai minimum deteksi untuk template Model Armor. Setelan ini memverifikasi bahwa semua template baru dan yang diubah memenuhi persyaratan tertentu. Untuk mengonfigurasi setelan lantai, lakukan hal berikut:

    1. Di konsol Google Cloud , buka halaman Model Armor.

      Buka Model Armor

    2. Pilih project.
    3. Di halaman Model Armor, buka tab Setelan lantai, lalu klik Konfigurasi setelan lantai.
    4. Di halaman Konfigurasi setelan lantai, pilih opsi konfigurasi.
    5. Di bagian Deteksi, konfigurasi setelan deteksi.
    6. Opsional: Jika Anda memilih deteksi Sensitive Data Protection, Anda harus mengonfigurasi setelan Sensitive Data Protection.

    7. Di bagian AI yang Bertanggung Jawab, tetapkan tingkat keyakinan untuk setiap filter konten.

    8. Di bagian Layanan, pilih layanan tempat setelan lantai ini akan diterapkan.

    9. Di bagian Logs, pilih Enable Cloud Logging untuk mencatat semua perintah pengguna, respons model, dan hasil detektor setelan lantai.

    10. Pilih Aktifkan dukungan multi-bahasa untuk menggunakan setelan deteksi multi-bahasa.

    11. Klik Simpan setelan lantai.

    Menentukan cara setelan minimum diwariskan

    Saat mengonfigurasi setelan lantai, pilih opsi konfigurasi.

    • Mewarisi setelan harga minimum induk: Mewarisi setelan harga minimum yang ditetapkan lebih tinggi dalam hierarki resource. Klik Simpan setelan minimum dan lewati langkah-langkah berikutnya. Untuk melihat setelan yang diwariskan, buka tab Setelan lantai.

    • Kustom: Tentukan setelan minimum untuk project ini. Setelan kustom yang Anda tentukan untuk project akan menggantikan setelan lantai yang diwarisi.

    • Nonaktifkan: Menonaktifkan setelan batas bawah yang diwariskan, yang berarti tidak ada aturan deteksi yang diterapkan ke template Model Armor dan Vertex AI untuk beban kerja Gemini Anda. Klik Simpan setelan lantai dan lewati langkah-langkah berikutnya. Melihat status dinonaktifkan di tab Setelan lantai.

    Menentukan tempat setelan lantai diterapkan

    Pilih salah satu layanan berikut tempat setelan lantai yang dikonfigurasi diterapkan.

    • Model Armor - Pembuatan & pembaruan template: Setiap template Model Armor baru dan yang diubah dalam project diperiksa untuk memastikan bahwa setelan minimum ditentukan sesuai dengan setelan batas bawah.

    • Vertex AI: Memeriksa permintaan yang dikirim ke model Gemini dan mencatat atau memblokir permintaan yang memenuhi nilai minimum setelan.

      Jika Anda memilih Vertex AI, bagian Vertex AI akan ditampilkan tempat Anda dapat memilih cara penerapan setelan batas minimum.

      • Hanya periksa: Mendeteksi permintaan yang tidak memenuhi setelan minimum, tetapi tidak memblokirnya.
      • Periksa dan blokir pelanggaran: Mendeteksi dan memblokir permintaan yang tidak memenuhi setelan minimum.

    Melihat setelan lantai Model Armor

    Lihat setelan tingkat Model Armor untuk memverifikasi setelan yang ada, untuk mengidentifikasi persyaratan minimum aplikasi AI Anda, atau untuk memecahkan masalah saat template tidak berfungsi seperti yang diharapkan.

    Jalankan perintah berikut untuk melihat setelan lantai Model Armor.

    Konsol

    1. Di konsol Google Cloud , buka halaman Model Armor.

      Buka Model Armor

    2. Pastikan Anda melihat project tempat Anda mengaktifkan Model Armor.

    3. Di halaman Pelindung Model, buka tab Setelan lantai. Jika setelan lantai ditetapkan di tingkat organisasi, Anda dapat melihatnya di sini. Jika setelan lantai tidak ditentukan, Anda harus mengonfigurasinya. Untuk mengetahui informasi selengkapnya, lihat Mengonfigurasi setelan lantai.

    gcloud

    • Melihat setelan lantai Model Armor untuk project tertentu.

        gcloud model-armor floorsettings describe \
      --full-uri='projects/PROJECT_ID/locations/global/floorSetting'

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

        gcloud model-armor floorsettings describe \
      --full-uri='organizations/ORGANIZATION_ID/locations/global/floorSetting'

    • Melihat setelan lantai Model Armor untuk folder tertentu.

         gcloud model-armor floorsettings describe \
       --full-uri='folders/FOLDER_ID/locations/global/floorSetting'

      Ganti kode berikut:

      • PROJECT_ID: ID project untuk setelan lantai.
      • FOLDER_ID: ID folder untuk setelan lantai.
      • ORGANIZATION_ID: ID organisasi untuk setelan lantai.

    REST

    • Melihat setelan lantai Model Armor untuk project tertentu.

      curl -X GET \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  -H "Content-Type: application/json" \
  "https://modelarmor.googleapis.com/v1/projects/PROJECT_ID/locations/global/floorSetting"

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      curl -X GET \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  -H "Content-Type: application/json" \
  "https://modelarmor.googleapis.com/v1/folders/FOLDER_ID/locations/global/floorSetting"

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      curl -X GET \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  -H "Content-Type: application/json" \
  "https://modelarmor.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/floorSetting"

    Ganti kode berikut:

    • PROJECT_ID: ID project untuk setelan lantai.
    • FOLDER_ID: ID folder untuk setelan lantai.
    • ORGANIZATION_ID: ID organisasi untuk setelan lantai.

    Go

    • Melihat setelan lantai Model Armor untuk project tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
)

// getProjectFloorSettings gets details of a single floor setting of a project.
//
// This method retrieves the details of a single floor setting of a project.
//
// w io.Writer: The writer to use for logging.
// projectID string: The ID of the project.
func getProjectFloorSettings(w io.Writer, projectID string) error {
	ctx := context.Background()

	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	floorSettingsName := fmt.Sprintf("projects/%s/locations/global/floorSetting", projectID)

	// Get the project floor setting.
	req := &modelarmorpb.GetFloorSettingRequest{
		Name: floorSettingsName,
	}

	response, err := client.GetFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to get floor setting: %w", err)
	}

	// Print the retrieved floor setting using fmt.Fprintf with the io.Writer.
	fmt.Fprintf(w, "Retrieved floor setting: %v\n", response)

	return nil
}

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
)

// getFolderFloorSettings gets details of a single floor setting of a folder.
//
// This method retrieves the details of a single floor setting of a folder.
//
// w io.Writer: The writer to use for logging.
// folderID string: The ID of the folder.
func getFolderFloorSettings(w io.Writer, folderID string) error {
	ctx := context.Background()

	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	// Prepare folder floor setting path/name
	floorSettingsName := fmt.Sprintf("folders/%s/locations/global/floorSetting", folderID)

	// Get the folder floor setting.
	req := &modelarmorpb.GetFloorSettingRequest{
		Name: floorSettingsName,
	}

	response, err := client.GetFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to get floor setting: %w", err)
	}

	// Print the retrieved floor setting using fmt.Fprintf with the io.Writer.
	fmt.Fprintf(w, "Retrieved folder floor setting: %v\n", response)

	return nil
}

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
)

// getOrganizationFloorSettings gets details of a single floor setting of an organization.
//
// This method retrieves the details of a single floor setting of an organization.
//
// w io.Writer: The writer to use for logging.
// organizationID string: The ID of the organization.
func getOrganizationFloorSettings(w io.Writer, organizationID string) error {
	ctx := context.Background()

	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	floorSettingsName := fmt.Sprintf("organizations/%s/locations/global/floorSetting", organizationID)

	// Get the organization floor setting.
	req := &modelarmorpb.GetFloorSettingRequest{
		Name: floorSettingsName,
	}

	response, err := client.GetFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to get floor setting: %w", err)
	}

	// Print the retrieved floor setting using fmt.Fprintf with the io.Writer.
	fmt.Fprintf(w, "Retrieved org floor setting: %v\n", response)

	return nil
}

    Java

    • Melihat setelan lantai Model Armor untuk project tertentu.

      
import com.google.cloud.modelarmor.v1.FloorSetting;
import com.google.cloud.modelarmor.v1.FloorSettingName;
import com.google.cloud.modelarmor.v1.GetFloorSettingRequest;
import com.google.cloud.modelarmor.v1.ModelArmorClient;
import java.io.IOException;

public class GetProjectFloorSetting {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";

    getProjectFloorSetting(projectId);
  }

  public static FloorSetting getProjectFloorSetting(String projectId) throws IOException {

    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests.
    try (ModelArmorClient client = ModelArmorClient.create()) {
      String name = FloorSettingName.of(projectId, "global").toString();

      GetFloorSettingRequest request = GetFloorSettingRequest.newBuilder().setName(name).build();

      FloorSetting floorSetting = client.getFloorSetting(request);
      System.out.println("Fetched floor setting for project: " + projectId);

      return floorSetting;
    }
  }
}

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      
import com.google.cloud.modelarmor.v1.FloorSetting;
import com.google.cloud.modelarmor.v1.FloorSettingName;
import com.google.cloud.modelarmor.v1.GetFloorSettingRequest;
import com.google.cloud.modelarmor.v1.ModelArmorClient;
import java.io.IOException;

public class GetFolderFloorSetting {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String folderId = "your-folder-id";

    getFolderFloorSetting(folderId);
  }

  public static FloorSetting getFolderFloorSetting(String folderId) throws IOException {

    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests.
    try (ModelArmorClient client = ModelArmorClient.create()) {
      String name = FloorSettingName.ofFolderLocationName(folderId, "global").toString();

      GetFloorSettingRequest request = GetFloorSettingRequest.newBuilder().setName(name).build();

      FloorSetting floorSetting = client.getFloorSetting(request);
      System.out.println("Fetched floor setting for folder: " + folderId);

      return floorSetting;
    }
  }
}

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      
import com.google.cloud.modelarmor.v1.FloorSetting;
import com.google.cloud.modelarmor.v1.FloorSettingName;
import com.google.cloud.modelarmor.v1.GetFloorSettingRequest;
import com.google.cloud.modelarmor.v1.ModelArmorClient;
import java.io.IOException;

public class GetOrganizationFloorSetting {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String organizationId = "your-organization-id";

    getOrganizationFloorSetting(organizationId);
  }

  public static FloorSetting getOrganizationFloorSetting(String organizationId) throws IOException {

    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests.
    try (ModelArmorClient client = ModelArmorClient.create()) {
      String name = FloorSettingName.ofOrganizationLocationName(organizationId, "global")
          .toString();

      GetFloorSettingRequest request = GetFloorSettingRequest.newBuilder().setName(name).build();

      FloorSetting floorSetting = client.getFloorSetting(request);
      System.out.println("Fetched floor setting for organization: " + organizationId);

      return floorSetting;
    }
  }
}

    Node.js

    • Melihat setelan lantai Model Armor untuk project tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const projectId = 'your-project-id';

const name = `projects/${projectId}/locations/global/floorSetting`;

// Imports the Modelarmor library
const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;

// Instantiates a client
const modelarmorClient = new ModelArmorClient();

async function getProjectFloorSettings() {
  // Construct request
  const request = {
    name,
  };

  // Run request
  const [response] = await modelarmorClient.getFloorSetting(request);
  return response;
}

return await getProjectFloorSettings();

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const folderId = 'your-folder-id';

const name = `folders/${folderId}/locations/global/floorSetting`;

// Imports the Modelarmor library
const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;

// Instantiates a client
const modelarmorClient = new ModelArmorClient();

async function getFolderFloorSettings() {
  // Construct request
  const request = {
    name,
  };

  const [response] = await modelarmorClient.getFloorSetting(request);
  return response;
}

return await getFolderFloorSettings();

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const organizationId = 'your-organization-id';
const name = `organizations/${organizationId}/locations/global/floorSetting`;

// Imports the Modelarmor library
const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;

// Instantiates a client
const modelarmorClient = new ModelArmorClient();

async function getOrganizationFloorSettings() {
  // Construct request
  const request = {
    name,
  };

  // Run request
  const [response] = await modelarmorClient.getFloorSetting(request);
  return response;
}

return await getOrganizationFloorSettings();

    PHP

    • Melihat setelan lantai Model Armor untuk project tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\GetFloorSettingRequest;

/**
 * Gets the floor settings for a given project.
 *
 * @param string $projectId The project Id for which the floor settings is to be retrieved.
 *
 */
function get_project_floor_settings(string $projectId): void
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('projects/%s/locations/global/floorSetting', $projectId);

    $response = $client->getFloorSetting((new GetFloorSettingRequest())->setName($floorSettingsName));

    printf("Floor settings retrieved successfully: %s\n", $response->serializeToJsonString());
}

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\GetFloorSettingRequest;

/**
 * Gets the floor settings for a given folder.
 *
 * @param string $folderId The folder Id for which the floor settings is to be retrieved.
 *
 */
function get_folder_floor_settings(string $folderId): void
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('folders/%s/locations/global/floorSetting', $folderId);

    $response = $client->getFloorSetting((new GetFloorSettingRequest())->setName($floorSettingsName));

    printf("Floor settings retrieved successfully: %s\n", $response->serializeToJsonString());
}

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\GetFloorSettingRequest;

/**
 * Gets the floor settings for a given organization.
 *
 * @param string $organizationId The organization Id for which the floor settings is to be retrieved.
 *
 */
function get_organization_floor_settings(string $organizationId): void
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('organizations/%s/locations/global/floorSetting', $organizationId);

    $response = $client->getFloorSetting((new GetFloorSettingRequest())->setName($floorSettingsName));

    printf("Floor settings retrieved successfully: %s\n", $response->serializeToJsonString());
}

    Python

    Untuk menjalankan kode ini, siapkan terlebih dahulu lingkungan pengembangan Python dan instal Model Armor Python SDK.

    • Melihat setelan lantai Model Armor untuk project tertentu.

      
from google.cloud import modelarmor_v1

# Create the Model Armor client.
client = modelarmor_v1.ModelArmorClient(transport="rest")

# TODO(Developer): Uncomment below variable.
# project_id = "YOUR_PROJECT_ID"

floor_settings_name = f"projects/{project_id}/locations/global/floorSetting"

# Get the project floor setting.
response = client.get_floor_setting(
    request=modelarmor_v1.GetFloorSettingRequest(name=floor_settings_name)
)

# Print the retrieved floor setting.
print(response)

    • Melihat setelan lantai Model Armor untuk folder tertentu.

      
from google.cloud import modelarmor_v1

# Create the Model Armor client.
client = modelarmor_v1.ModelArmorClient(transport="rest")

# TODO(Developer): Uncomment below variable.
# folder_id = "YOUR_FOLDER_ID"

# Prepare folder floor setting path/name
floor_settings_name = f"folders/{folder_id}/locations/global/floorSetting"

# Get the folder floor setting.
response = client.get_floor_setting(
    request=modelarmor_v1.GetFloorSettingRequest(name=floor_settings_name)
)

# Print the retrieved floor setting.
print(response)

    • Melihat setelan batas bawah Model Armor untuk organisasi tertentu.

      
from google.cloud import modelarmor_v1

# Create the Model Armor client.
client = modelarmor_v1.ModelArmorClient(transport="rest")

# TODO(Developer): Uncomment below variable.
# organization_id = "YOUR_ORGANIZATION_ID"

floor_settings_name = (
    f"organizations/{organization_id}/locations/global/floorSetting"
)

# Get the organization floor setting.
response = client.get_floor_setting(
    request=modelarmor_v1.GetFloorSettingRequest(name=floor_settings_name)
)

# Print the retrieved floor setting.
print(response)

    Memperbarui setelan batas bawah Model Armor

    Perbarui setelan batas bawah Model Armor untuk mengubah persyaratan minimum template agar mencerminkan perubahan dalam kebijakan keamanan, untuk memperbaiki kesalahan konfigurasi, atau untuk menyelesaikan konflik antara setelan batas bawah.

    Jalankan perintah berikut untuk memperbarui setelan lantai Model Armor.

    Konsol

    1. Di konsol Google Cloud , buka halaman Model Armor.

      Buka Model Armor

    2. Pastikan Anda melihat project tempat Anda mengaktifkan Model Armor.

    3. Di halaman Model Armor, buka tab Setelan lantai, lalu klik Konfigurasi setelan lantai.

    4. Perbarui kolom yang wajib diisi, lalu klik Simpan setelan lantai.

    gcloud

       gcloud model-armor floorsettings update --full-uri=<full-uri-of-the-floorsetting>

    Contoh perintah:

           gcloud model-armor floorsettings update \
           --malicious-uri-filter-settings-enforcement=ENABLED \
           --pi-and-jailbreak-filter-settings-enforcement=DISABLED \
           --pi-and-jailbreak-filter-settings-confidence-level=LOW_AND_ABOVE \
           --basic-config-filter-enforcement=ENABLED \
           --add-rai-settings-filters='[{"confidenceLevel": "low_and_above", "filterType": "HARASSMENT"}, {"confidenceLevel": "high", "filterType": "SEXUALLY_EXPLICIT"}]'
           --full-uri='folders/FOLDER_ID/locations/global/floorSetting' \
           --enable-floor-setting-enforcement=true

    Ganti FOLDER_ID dengan ID folder untuk setelan lantai.

    REST

    • Memperbarui setelan lantai Model Armor untuk project tertentu.

      curl -X PATCH -d '{"filterConfig" :{"piAndJailbreakFilterSettings": { "filterEnforcement": "ENABLED"}, "maliciousUriFilterSettings": { "filterEnforcement": "ENABLED" }, "rai_settings":{"rai_filters":{"filter_type":"DANGEROUS", "confidence_level":"LOW_AND_ABOVE" }, \
"rai_filters":{"filter_type":"HATE_SPEECH", "confidence_level":"LOW_AND_ABOVE" }, "rai_filters":{"filter_type":"HARASSMENT", "confidence_level":"LOW_AND_ABOVE" }, "rai_filters":{"filter_type":"SEXUALLY_EXPLICIT", "confidence_level":"LOW_AND_ABOVE" }}},"enableFloorSettingEnforcement":"true"}' -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token) "https://modelarmor.googleapis.com/v1/projects/PROJECT_ID/locations/global/floorSetting"

    • Memperbarui setelan lantai Model Armor untuk folder tertentu.

      curl -X PATCH \
  -d '{"filterConfig" :{"piAndJailbreakFilterSettings": { "filterEnforcement": "ENABLED"}, "maliciousUriFilterSettings": { "filterEnforcement": "ENABLED" }},"enableFloorSettingEnforcement":"true"}' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  "https://modelarmor.googleapis.com/v1/folders/FOLDER_ID/locations/global/floorSetting"

    • Memperbarui setelan lantai Model Armor untuk organisasi tertentu.

      curl -X PATCH \
  -d '{"filterConfig" :{"piAndJailbreakFilterSettings": { "filterEnforcement": "ENABLED"}, "maliciousUriFilterSettings": {
      "filterEnforcement": "ENABLED" }},"enableFloorSettingEnforcement":"true"}' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
      "https://modelarmor.googleapis.com/v1/organizations/ORGANIZATION_ID/locations/global/floorSetting"

      Ganti kode berikut:

      • PROJECT_ID: ID project untuk setelan lantai.
      • FOLDER_ID: ID folder untuk setelan lantai.
      • ORGANIZATION_ID: ID organisasi untuk setelan lantai.

      Perintah update menampilkan respons berikut:

      {
"name": "projects/PROJECT_ID/locations/global/floorSetting",
"updateTime": "2024-12-19T15:36:21.318191Z",
"filterConfig": {
"piAndJailbreakFilterSettings": {
  "filterEnforcement": "ENABLED"
},
"maliciousUriFilterSettings": {
"filterEnforcement": "ENABLED"
}
}
}

    Go

    • Memperbarui setelan lantai Model Armor untuk project tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
	"google.golang.org/api/option"
)

// updateProjectFloorSettings updates the floor settings of a project.
//
// This method updates the floor settings of a project.
//
// w io.Writer: The writer to use for logging.
// projectID string: The ID of the project.
// locationID string: The ID of the location.
func updateProjectFloorSettings(w io.Writer, projectID, locationID string) error {
	ctx := context.Background()

	// Create options for Model Armor client.
	opts := option.WithEndpoint(fmt.Sprintf("modelarmor.%s.rep.googleapis.com:443", locationID))
	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx, opts)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	// Prepare project floor setting path/name
	floorSettingsName := fmt.Sprintf("projects/%s/locations/global/floorSetting", projectID)

	// Update the project floor setting
	// For more details on filters, please refer to the following doc:
	// [https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters](https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters)
	enableEnforcement := true
	req := &modelarmorpb.UpdateFloorSettingRequest{
		FloorSetting: &modelarmorpb.FloorSetting{
			Name: floorSettingsName,
			FilterConfig: &modelarmorpb.FilterConfig{
				RaiSettings: &modelarmorpb.RaiFilterSettings{
					RaiFilters: []*modelarmorpb.RaiFilterSettings_RaiFilter{
						{
							FilterType:      modelarmorpb.RaiFilterType_HATE_SPEECH,
							ConfidenceLevel: modelarmorpb.DetectionConfidenceLevel_HIGH,
						},
					},
				},
			},
			EnableFloorSettingEnforcement: &enableEnforcement,
		},
	}

	response, err := client.UpdateFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to update floor setting: %w", err)
	}

	// Print the updated config
	fmt.Fprintf(w, "Updated project floor setting: %+v\n", response)

	return nil
}

    • Memperbarui setelan lantai Model Armor untuk folder tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
	"google.golang.org/api/option"
)

// updateFolderFloorSettings updates floor settings of a folder.
//
// This method updates the floor settings of a folder.
//
// w io.Writer: The writer to use for logging.
// folderID string: The ID of the folder.
// locationID string: The ID of the location.
func updateFolderFloorSettings(w io.Writer, folderID, locationID string) error {
	ctx := context.Background()

	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx,
		option.WithEndpoint(fmt.Sprintf("modelarmor.%s.rep.googleapis.com:443", locationID)),
	)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	// Prepare folder floor settings path/name
	floorSettingsName := fmt.Sprintf("folders/%s/locations/global/floorSetting", folderID)

	// Prepare the floor setting update
	enableEnforcement := true
	floorSetting := &modelarmorpb.FloorSetting{
		Name: floorSettingsName,
		FilterConfig: &modelarmorpb.FilterConfig{
			RaiSettings: &modelarmorpb.RaiFilterSettings{
				RaiFilters: []*modelarmorpb.RaiFilterSettings_RaiFilter{
					{
						FilterType:      modelarmorpb.RaiFilterType_HATE_SPEECH,
						ConfidenceLevel: modelarmorpb.DetectionConfidenceLevel_HIGH,
					},
				},
			},
		},
		EnableFloorSettingEnforcement: &enableEnforcement,
	}

	// Prepare request for updating the floor setting.
	req := &modelarmorpb.UpdateFloorSettingRequest{
		FloorSetting: floorSetting,
	}

	// Update the floor setting.
	response, err := client.UpdateFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to update floor setting: %w", err)
	}

	// Print the updated config
	fmt.Fprintf(w, "Updated folder floor setting: %v\n", response)

	return nil

}

    • Memperbarui setelan lantai Model Armor untuk organisasi tertentu.

      
import (
	"context"
	"fmt"
	"io"

	modelarmor "cloud.google.com/go/modelarmor/apiv1"
	modelarmorpb "cloud.google.com/go/modelarmor/apiv1/modelarmorpb"
	"google.golang.org/api/option"
)

// updateOrganizationFloorSettings updates floor settings of an organization.
//
// This method updates the floor settings of an organization.
//
// w io.Writer: The writer to use for logging.
// organizationID string: The ID of the organization.
// locationID string: The ID of the location.
func updateOrganizationFloorSettings(w io.Writer, organizationID, locationID string) error {
	ctx := context.Background()

	// Create options for Model Armor client.
	opts := option.WithEndpoint(fmt.Sprintf("modelarmor.%s.rep.googleapis.com:443", locationID))
	// Create the Model Armor client.
	client, err := modelarmor.NewClient(ctx, opts)
	if err != nil {
		return fmt.Errorf("failed to create client: %w", err)
	}
	defer client.Close()

	// Prepare organization floor setting path/name
	floorSettingsName := fmt.Sprintf("organizations/%s/locations/global/floorSetting", organizationID)

	// Update the organization floor setting
	// For more details on filters, please refer to the following doc:
	// [https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters](https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters)
	enableEnforcement := true
	req := &modelarmorpb.UpdateFloorSettingRequest{
		FloorSetting: &modelarmorpb.FloorSetting{
			Name: floorSettingsName,
			FilterConfig: &modelarmorpb.FilterConfig{
				RaiSettings: &modelarmorpb.RaiFilterSettings{
					RaiFilters: []*modelarmorpb.RaiFilterSettings_RaiFilter{
						{
							FilterType:      modelarmorpb.RaiFilterType_HATE_SPEECH,
							ConfidenceLevel: modelarmorpb.DetectionConfidenceLevel_HIGH,
						},
					},
				},
			},
			EnableFloorSettingEnforcement: &enableEnforcement,
		},
	}

	response, err := client.UpdateFloorSetting(ctx, req)
	if err != nil {
		return fmt.Errorf("failed to update floor setting: %w", err)
	}

	// Print the updated config
	fmt.Fprintf(w, "Updated org floor setting: %+v\n", response)

    Java

    Node.js

    • Memperbarui setelan lantai Model Armor untuk project tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const projectId = 'your-project-id';

const modelarmor = require('@google-cloud/modelarmor');
const {ModelArmorClient} = modelarmor.v1;
const {protos} = modelarmor;

// Initiate client
const client = new ModelArmorClient();

async function updateProjectFloorSettings() {
  const floorSettingsName = `projects/${projectId}/locations/global/floorSetting`;

  // Build the floor settings with your preferred filters
  // For more details on filters, please refer to the following doc:
  // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters
  const floorSetting = {
    name: floorSettingsName,
    filterConfig: {
      raiSettings: {
        raiFilters: [
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType.HARASSMENT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType
                .SEXUALLY_EXPLICIT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
        ],
      },
    },
    enableFloorSettingEnforcement: true,
  };

  const request = {
    floorSetting: floorSetting,
  };

  const [response] = await client.updateFloorSetting(request);
  return response;
}

return await updateProjectFloorSettings();

    • Memperbarui setelan lantai Model Armor untuk folder tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const folderId = 'your-folder-id';

// Imports the Model Armor library
const modelarmor = require('@google-cloud/modelarmor');
const {ModelArmorClient} = modelarmor.v1;
const {protos} = modelarmor;

// Instantiates a client
const client = new ModelArmorClient();

async function updateFolderFloorSettings() {
  const floorSettingsName = `folders/${folderId}/locations/global/floorSetting`;

  // Build the floor settings with your preferred filters
  // For more details on filters, please refer to the following doc:
  // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters
  const floorSetting = {
    name: floorSettingsName,
    filterConfig: {
      raiSettings: {
        raiFilters: [
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType.HARASSMENT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType
                .SEXUALLY_EXPLICIT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
        ],
      },
    },
    enableFloorSettingEnforcement: true,
  };

  const request = {
    floorSetting: floorSetting,
  };

  const [response] = await client.updateFloorSetting(request);
  return response;
}

return await updateFolderFloorSettings();

    • Memperbarui setelan lantai Model Armor untuk organisasi tertentu.

      /**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const organizationId = 'your-organization-id';

const modelarmor = require('@google-cloud/modelarmor');
const {ModelArmorClient} = modelarmor.v1;
const {protos} = modelarmor;

const client = new ModelArmorClient();

async function updateOrganizationFloorSettings() {
  const floorSettingsName = `organizations/${organizationId}/locations/global/floorSetting`;

  // Build the floor settings with your preferred filters
  // For more details on filters, please refer to the following doc:
  // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters
  const floorSetting = {
    name: floorSettingsName,
    filterConfig: {
      raiSettings: {
        raiFilters: [
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType.HARASSMENT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
          {
            filterType:
              protos.google.cloud.modelarmor.v1.RaiFilterType
                .SEXUALLY_EXPLICIT,
            confidenceLevel:
              protos.google.cloud.modelarmor.v1.DetectionConfidenceLevel
                .LOW_AND_ABOVE,
          },
        ],
      },
    },
    enableFloorSettingEnforcement: true,
  };

  const request = {
    floorSetting: floorSetting,
  };

  const [response] = await client.updateFloorSetting(request);
  return response;
}

return await updateOrganizationFloorSettings();

    PHP

    • Memperbarui setelan lantai Model Armor untuk project tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\RaiFilterType;
use Google\Cloud\ModelArmor\V1\DetectionConfidenceLevel;
use Google\Cloud\ModelArmor\V1\UpdateFloorSettingRequest;
use Google\Cloud\ModelArmor\V1\FilterConfig;
use Google\Cloud\ModelArmor\V1\FloorSetting;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings\RaiFilter;

/**
 * Updates the floor settings for a given project.
 *
 * @param string $projectId The project Id for which the floor settings is to be updated.
 *
 */
function update_project_floor_settings(string $projectId): void
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('projects/%s/locations/global/floorSetting', $projectId);

    // Build the floor settings with your preferred filters
    // For more details on filters, please refer to the following doc:
    // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters

    $raiFilterSetting = (new RaiFilterSettings())
        ->setRaiFilters([
            (new RaiFilter())
                ->setFilterType(RaiFilterType::HATE_SPEECH)
                ->setConfidenceLevel(DetectionConfidenceLevel::HIGH)
        ]);

    $filterConfig = (new FilterConfig())->setRaiSettings($raiFilterSetting);
    $floorSetting = (new FloorSetting())
        ->setName($floorSettingsName)
        ->setFilterConfig($filterConfig)
        ->setEnableFloorSettingEnforcement(true);

    $updateRequest = (new UpdateFloorSettingRequest())->setFloorSetting($floorSetting);

    $response = $client->updateFloorSetting($updateRequest);

    printf("Floor setting updated: %s\n", $response->getName());
}

    • Memperbarui setelan lantai Model Armor untuk folder tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\RaiFilterType;
use Google\Cloud\ModelArmor\V1\DetectionConfidenceLevel;
use Google\Cloud\ModelArmor\V1\UpdateFloorSettingRequest;
use Google\Cloud\ModelArmor\V1\FilterConfig;
use Google\Cloud\ModelArmor\V1\FloorSetting;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings\RaiFilter;

/**
 * Updates the floor settings for a given folder.
 *
 * @param string $folderId The folder Id for which the floor settings is to be updated.
 *
 */
function update_folder_floor_settings(string $folderId): void
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('folders/%s/locations/global/floorSetting', $folderId);

    // Build the floor settings with your preferred filters
    // For more details on filters, please refer to the following doc:
    // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters

    $raiFilterSetting = (new RaiFilterSettings())
        ->setRaiFilters([
            (new RaiFilter())
                ->setFilterType(RaiFilterType::HATE_SPEECH)
                ->setConfidenceLevel(DetectionConfidenceLevel::HIGH)
        ]);

    $filterConfig = (new FilterConfig())->setRaiSettings($raiFilterSetting);
    $floorSetting = (new FloorSetting())
        ->setName($floorSettingsName)
        ->setFilterConfig($filterConfig)
        ->setEnableFloorSettingEnforcement(true);

    $updateRequest = (new UpdateFloorSettingRequest())->setFloorSetting($floorSetting);

    $response = $client->updateFloorSetting($updateRequest);

    printf("Floor setting updated: %s\n", $response->getName());
}

    • Memperbarui setelan lantai Model Armor untuk organisasi tertentu.

      use Google\Cloud\ModelArmor\V1\Client\ModelArmorClient;
use Google\Cloud\ModelArmor\V1\RaiFilterType;
use Google\Cloud\ModelArmor\V1\DetectionConfidenceLevel;
use Google\Cloud\ModelArmor\V1\UpdateFloorSettingRequest;
use Google\Cloud\ModelArmor\V1\FilterConfig;
use Google\Cloud\ModelArmor\V1\FloorSetting;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings;
use Google\Cloud\ModelArmor\V1\RaiFilterSettings\RaiFilter;

/**
 * Updates the floor settings for a given organization.
 *
 * @param string $organizationId The organization Id for which the floor settings is to be updated.
 *
 */
function update_organization_floor_settings(string $organizationId)
{
    $client = new ModelArmorClient();

    $floorSettingsName = sprintf('organizations/%s/locations/global/floorSetting', $organizationId);

    // Build the floor settings with your preferred filters
    // For more details on filters, please refer to the following doc:
    // https://cloud.google.com/security-command-center/docs/key-concepts-model-armor#ma-filters

    $raiFilterSetting = (new RaiFilterSettings())
        ->setRaiFilters([
            (new RaiFilter())
                ->setFilterType(RaiFilterType::HATE_SPEECH)
                ->setConfidenceLevel(DetectionConfidenceLevel::HIGH)
        ]);

    $filterConfig = (new FilterConfig())->setRaiSettings($raiFilterSetting);
    $floorSetting = (new FloorSetting())
        ->setName($floorSettingsName)
        ->setFilterConfig($filterConfig)
        ->setEnableFloorSettingEnforcement(true);

    $updateRequest = (new UpdateFloorSettingRequest())->setFloorSetting($floorSetting);

    $response = $client->updateFloorSetting($updateRequest);

    printf("Floor setting updated: %s\n", $response->getName());
}

    Python

    Untuk menjalankan kode ini, siapkan terlebih dahulu lingkungan pengembangan Python dan instal Model Armor Python SDK.

    Meninjau temuan tentang pelanggaran setelan minimum

    Setiap temuan Model Armor mengidentifikasi pelanggaran setelan batas bawah. Pelanggaran terjadi saat template Model Armor gagal memenuhi standar keamanan minimum yang ditentukan oleh setelan dasar hierarki resource. Setelan dasar menentukan persyaratan minimum untuk template. Pelanggaran setelan batas bawah dapat melibatkan template yang tidak memiliki filter wajib atau tidak memenuhi tingkat keyakinan minimum untuk filter tersebut. Jika pelanggaran terdeteksi, temuan dengan tingkat keparahan tinggi akan dibuat di Security Command Center. Temuan ini menentukan setelan batas bawah yang dilanggar, template yang tidak mematuhi pedoman, dan detail tentang pelanggaran.

    Contoh berikut menunjukkan kolom sourceProperties temuan. Pelanggaran ini, yang terkait dengan filter URI berbahaya, terjadi karena setelan template untuk maliciousUriFilterSettings adalah DISABLED, tetapi setelan batas bawah mengharuskannya menjadi ENABLED.

    {
  "filterConfig": {
    "raiSettings": {
      "raiFilters": [
        {
          "filterType": "HATE_SPEECH",
          "confidenceLevel": {
            "floorSettings": "LOW_AND_ABOVE",
            "template": "MEDIUM_AND_ABOVE"
          }
        },
        {
          "filterType": "HARASSMENT",
          "confidenceLevel": {
            "floorSettings": "MEDIUM_AND_ABOVE",
            "template": "HIGH"
          }
        }
      ]
    },
    "piAndJailbreakFilterSettings": {
      "confidenceLevel": {
        "floorSettings": "LOW_AND_ABOVE",
        "template": "HIGH"
      }
    },
    "maliciousUriFilterSettings": {
      "floorSettings": "ENABLED",
      "template": "DISABLED"
    }
  }
}

    Langkah berikutnya