googleDataLossPreventionInspectTemplate
An inspect job template.
To get more information about InspectTemplate, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Dlp Inspect Template Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataLossPreventionInspectTemplate.DataLossPreventionInspectTemplate(
this,
"basic",
{
description: "My description",
display_name: "display_name",
inspect_config: [
{
info_types: [
{
name: "EMAIL_ADDRESS",
},
{
name: "PERSON_NAME",
},
{
name: "LAST_NAME",
},
{
name: "DOMAIN_NAME",
},
{
name: "PHONE_NUMBER",
},
{
name: "FIRST_NAME",
},
],
limits: [
{
max_findings_per_info_type: [
{
info_type: [
{
name: "PERSON_NAME",
},
],
max_findings: "75",
},
{
info_type: [
{
name: "LAST_NAME",
},
],
max_findings: "80",
},
],
max_findings_per_item: 10,
max_findings_per_request: 50,
},
],
min_likelihood: "UNLIKELY",
rule_set: [
{
info_types: [
{
name: "EMAIL_ADDRESS",
},
],
rules: [
{
exclusion_rule: [
{
matching_type: "MATCHING_TYPE_FULL_MATCH",
regex: [
{
pattern: ".+@example.com",
},
],
},
],
},
],
},
{
info_types: [
{
name: "EMAIL_ADDRESS",
},
{
name: "DOMAIN_NAME",
},
{
name: "PHONE_NUMBER",
},
{
name: "PERSON_NAME",
},
{
name: "FIRST_NAME",
},
],
rules: [
{
exclusion_rule: [
{
dictionary: [
{
word_list: [
{
words: ["TEST"],
},
],
},
],
matching_type: "MATCHING_TYPE_PARTIAL_MATCH",
},
],
},
],
},
{
info_types: [
{
name: "PERSON_NAME",
},
],
rules: [
{
hotword_rule: [
{
hotword_regex: [
{
pattern: "patient",
},
],
likelihood_adjustment: [
{
fixed_likelihood: "VERY_LIKELY",
},
],
proximity: [
{
window_before: 50,
},
],
},
],
},
],
},
],
},
],
parent: "projects/my-project-name",
}
);
Example Usage - Dlp Inspect Template Custom Type
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataLossPreventionInspectTemplate.DataLossPreventionInspectTemplate(
this,
"custom",
{
description: "My description",
display_name: "display_name",
inspect_config: [
{
custom_info_types: [
{
info_type: [
{
name: "MY_CUSTOM_TYPE",
},
],
likelihood: "UNLIKELY",
regex: [
{
pattern: "test*",
},
],
},
],
info_types: [
{
name: "EMAIL_ADDRESS",
},
],
limits: [
{
max_findings_per_item: 10,
max_findings_per_request: 50,
},
],
min_likelihood: "UNLIKELY",
rule_set: [
{
info_types: [
{
name: "EMAIL_ADDRESS",
},
],
rules: [
{
exclusion_rule: [
{
matching_type: "MATCHING_TYPE_FULL_MATCH",
regex: [
{
pattern: ".+@example.com",
},
],
},
],
},
],
},
{
info_types: [
{
name: "MY_CUSTOM_TYPE",
},
],
rules: [
{
hotword_rule: [
{
hotword_regex: [
{
pattern: "example*",
},
],
likelihood_adjustment: [
{
fixed_likelihood: "VERY_LIKELY",
},
],
proximity: [
{
window_before: 50,
},
],
},
],
},
],
},
],
},
],
parent: "projects/my-project-name",
}
);
Argument Reference
The following arguments are supported:
parent
- (Required) The parent of the inspect template in any of the following formats:projects/{{project}}
projects/{{project}}/locations/{{location}}
organizations/{{organizationId}}
organizations/{{organizationId}}/locations/{{location}}
-
description
- (Optional) A description of the inspect template. -
displayName
- (Optional) User set display name of the inspect template. -
inspectConfig
- (Optional) The core content of the template. Structure is documented below.
The inspectConfig
block supports:
-
excludeInfoTypes
- (Optional) When true, excludes type information of the findings. -
includeQuote
- (Optional) When true, a contextual quote from the data that triggered a finding is included in the response. -
minLikelihood
- (Optional) Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value ispossible
. Possible values areveryUnlikely
,unlikely
,possible
,likely
, andveryLikely
. -
limits
- (Optional) Configuration to control the number of findings returned. Structure is documented below. -
infoTypes
- (Optional) Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. Structure is documented below. -
contentOptions
- (Optional) List of options defining data content to scan. If empty, text, images, and other content will be included. Each value may be one ofcontentText
andcontentImage
. -
ruleSet
- (Optional) Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. Structure is documented below. -
customInfoTypes
- (Optional) Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. Structure is documented below.
-
maxFindingsPerItem
- (Required) Max number of findings that will be returned for each item scanned. The maximum returned is 2000. -
maxFindingsPerRequest
- (Required) Max number of findings that will be returned per request/job. The maximum returned is 2000. -
maxFindingsPerInfoType
- (Optional) Configuration of findings limit given for specified infoTypes. Structure is documented below.
The maxFindingsPerInfoType
block supports:
-
infoType
- (Required) Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit. Structure is documented below. -
maxFindings
- (Required) Max findings limit for the given infoType.
name
- (Required) Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
-
name
- (Required) Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. -
version
- (Optional) Version of the information type to use. By default, the version is set to stable
-
infoTypes
- (Required) List of infoTypes this rule set is applied to. Structure is documented below. -
rules
- (Required) Set of rules to be applied to infoTypes. The rules are applied in order. Structure is documented below.
name
- (Required) Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
-
hotwordRule
- (Optional) Hotword-based detection rule. Structure is documented below. -
exclusionRule
- (Optional) The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results. Structure is documented below.
The hotwordRule
block supports:
-
hotwordRegex
- (Required) Regular expression pattern defining what qualifies as a hotword. Structure is documented below. -
proximity
- (Required) Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex(\d{3}) \d{3}-\d{4}
could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex(xxx)
, wherexxx
is the area code in question. Structure is documented below. -
likelihoodAdjustment
- (Required) Likelihood adjustment to apply to all matching findings. Structure is documented below.
The hotwordRegex
block supports:
-
pattern
- (Required) Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. -
groupIndexes
- (Optional) The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
-
windowBefore
- (Optional) Number of characters before the finding to consider. Either this or window_after must be specified -
windowAfter
- (Optional) Number of characters after the finding to consider. Either this or window_before must be specified
The likelihoodAdjustment
block supports:
-
fixedLikelihood
- (Optional) Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values areveryUnlikely
,unlikely
,possible
,likely
, andveryLikely
. -
relativeLikelihood
- (Optional) Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.
The exclusionRule
block supports:
-
matchingType
- (Required) How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values arematchingTypeFullMatch
,matchingTypePartialMatch
, andmatchingTypeInverseMatch
. -
dictionary
- (Optional) Dictionary which defines the rule. Structure is documented below. -
regex
- (Optional) Regular expression which defines the rule. Structure is documented below. -
excludeInfoTypes
- (Optional) Set of infoTypes for which findings would affect this rule. Structure is documented below.
The dictionary
block supports:
-
wordList
- (Optional) List of words or phrases to search for. Structure is documented below. -
cloudStoragePath
- (Optional) Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
words
- (Required) Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.
The cloudStoragePath
block supports:
path
- (Required) A url representing a file or path (no wildcards) in Cloud Storage. Example:gs://[bucketName]/dictionaryTxt
-
pattern
- (Required) Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. -
groupIndexes
- (Optional) The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
The excludeInfoTypes
block supports:
infoTypes
- (Required) If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results. Structure is documented below.
name
- (Required) Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
The customInfoTypes
block supports:
-
infoType
- (Required) CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified ininfoTypes
field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified ininfoTypes
list then the name is treated as a custom info type. Structure is documented below. -
likelihood
- (Optional) Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Default value isveryLikely
. Possible values areveryUnlikely
,unlikely
,possible
,likely
, andveryLikely
. -
exclusionType
- (Optional) If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values areexclusionTypeExclude
. -
regex
- (Optional) Regular expression which defines the rule. Structure is documented below. -
dictionary
- (Optional) Dictionary which defines the rule. Structure is documented below. -
storedType
- (Optional) A reference to a StoredInfoType to use with scanning. Structure is documented below.
name
- (Required) Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.
-
pattern
- (Required) Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. -
groupIndexes
- (Optional) The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
The dictionary
block supports:
-
wordList
- (Optional) List of words or phrases to search for. Structure is documented below. -
cloudStoragePath
- (Optional) Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
words
- (Required) Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.
The cloudStoragePath
block supports:
path
- (Required) A url representing a file or path (no wildcards) in Cloud Storage. Example:gs://[bucketName]/dictionaryTxt
The storedType
block supports:
name
- (Required) Resource name of the requested StoredInfoType, for exampleorganizations/433245324/storedInfoTypes/432452342
orprojects/projectId/storedInfoTypes/432452342
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{parent}}/inspectTemplates/{{name}}
-
name
- The resource name of the inspect template. Set by the server.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
InspectTemplate can be imported using any of these accepted formats: