googleDataLossPreventionJobTrigger

A job trigger configuration.

To get more information about JobTrigger, see:

Example Usage - Dlp Job Trigger Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataLossPreventionJobTrigger.DataLossPreventionJobTrigger(
  this,
  "basic",
  {
    description: "Description",
    display_name: "Displayname",
    inspect_job: [
      {
        actions: [
          {
            save_findings: [
              {
                output_config: [
                  {
                    table: [
                      {
                        dataset_id: "dataset",
                        project_id: "project",
                      },
                    ],
                  },
                ],
              },
            ],
          },
        ],
        inspect_template_name: "fake",
        storage_config: [
          {
            cloud_storage_options: [
              {
                file_set: [
                  {
                    url: "gs://mybucket/directory/",
                  },
                ],
              },
            ],
          },
        ],
      },
    ],
    parent: "projects/my-project-name",
    triggers: [
      {
        schedule: [
          {
            recurrence_period_duration: "86400s",
          },
        ],
      },
    ],
  }
);

Example Usage - Dlp Job Trigger Bigquery Row Limit

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataLossPreventionJobTrigger.DataLossPreventionJobTrigger(
  this,
  "bigquery_row_limit",
  {
    description: "Description",
    display_name: "Displayname",
    inspect_job: [
      {
        actions: [
          {
            save_findings: [
              {
                output_config: [
                  {
                    table: [
                      {
                        dataset_id: "dataset",
                        project_id: "project",
                      },
                    ],
                  },
                ],
              },
            ],
          },
        ],
        inspect_template_name: "fake",
        storage_config: [
          {
            big_query_options: [
              {
                rows_limit: 1000,
                sample_method: "RANDOM_START",
                table_reference: [
                  {
                    dataset_id: "dataset",
                    project_id: "project",
                    table_id: "table_to_scan",
                  },
                ],
              },
            ],
          },
        ],
      },
    ],
    parent: "projects/my-project-name",
    triggers: [
      {
        schedule: [
          {
            recurrence_period_duration: "86400s",
          },
        ],
      },
    ],
  }
);

Example Usage - Dlp Job Trigger Bigquery Row Limit Percentage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataLossPreventionJobTrigger.DataLossPreventionJobTrigger(
  this,
  "bigquery_row_limit_percentage",
  {
    description: "Description",
    display_name: "Displayname",
    inspect_job: [
      {
        actions: [
          {
            save_findings: [
              {
                output_config: [
                  {
                    table: [
                      {
                        dataset_id: "dataset",
                        project_id: "project",
                      },
                    ],
                  },
                ],
              },
            ],
          },
        ],
        inspect_template_name: "fake",
        storage_config: [
          {
            big_query_options: [
              {
                rows_limit_percent: 50,
                sample_method: "RANDOM_START",
                table_reference: [
                  {
                    dataset_id: "dataset",
                    project_id: "project",
                    table_id: "table_to_scan",
                  },
                ],
              },
            ],
          },
        ],
      },
    ],
    parent: "projects/my-project-name",
    triggers: [
      {
        schedule: [
          {
            recurrence_period_duration: "86400s",
          },
        ],
      },
    ],
  }
);

Argument Reference

The following arguments are supported:

triggers - (Required) What event needs to occur for a new job to be started. Structure is documented below.
parent - (Required) The parent of the trigger, either in the format projects/{{project}} or projects/{{project}}/locations/{{location}}

The triggers block supports:

schedule - (Optional) Schedule for triggered jobs Structure is documented below.

The schedule block supports:

recurrencePeriodDuration - (Optional) With this option a job is started a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

description - (Optional) A description of the job trigger.
displayName - (Optional) User set display name of the job trigger.
status - (Optional) Whether the trigger is currently active. Default value is healthy. Possible values are paused, healthy, and cancelled.
inspectJob - (Optional) Controls what and how to inspect for findings. Structure is documented below.

The inspectJob block supports:

inspectTemplateName - (Required) The name of the template to run when this job is triggered.
storageConfig - (Required) Information on where to inspect Structure is documented below.
actions - (Required) A task to execute on the completion of a job. Structure is documented below.

The storageConfig block supports:

timespanConfig - (Optional) Information on where to inspect Structure is documented below.
datastoreOptions - (Optional) Options defining a data set within Google Cloud Datastore. Structure is documented below.
cloudStorageOptions - (Optional) Options defining a file or a set of files within a Google Cloud Storage bucket. Structure is documented below.
bigQueryOptions - (Optional) Options defining BigQuery table and row identifiers. Structure is documented below.

The timespanConfig block supports:

startTime - (Optional) Exclude files or rows older than this value.
endTime - (Optional) Exclude files or rows newer than this value. If set to zero, no upper time limit is applied.
enableAutoPopulationOfTimespanConfig - (Optional) When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger.
timestampField - (Required) Information on where to inspect Structure is documented below.

The timestampField block supports:

name - (Required) Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was modified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp field are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column. For Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the timestamp property does not exist or its value is empty or invalid.

The datastoreOptions block supports:

partitionId - (Required) Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. Structure is documented below.
kind - (Required) A representation of a Datastore kind. Structure is documented below.

The partitionId block supports:

projectId - (Required) The ID of the project to which the entities belong.
namespaceId - (Optional) If not empty, the ID of the namespace to which the entities belong.

The kind block supports:

name - (Required) The name of the Datastore kind.

The cloudStorageOptions block supports:

fileSet - (Required) Set of files to scan. Structure is documented below.
bytesLimitPerFile - (Optional) Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted.
bytesLimitPerFilePercent - (Optional) Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit.
filesLimitPercent - (Optional) Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit.
fileTypes - (Optional) List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Each value may be one of binaryFile, textFile, image, word, pdf, avro, csv, and tsv.
sampleMethod - (Optional) How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile. If not specified, scanning would start from the top. Possible values are top and randomStart.

The fileSet block supports:

url - (Optional) The Cloud Storage url of the file(s) to scan, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that gs://mybucket/ is equivalent to gs://mybucket/*, and gs://mybucket/directory/ is equivalent to gs://mybucket/directory/*.
regexFileSet - (Optional) The regex-filtered set of files to scan. Structure is documented below.

The regexFileSet block supports:

bucketName - (Required) The name of a Cloud Storage bucket.
includeRegex - (Optional) A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in excludeRegex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list)
excludeRegex - (Optional) A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan.

The bigQueryOptions block supports:

tableReference - (Required) Set of files to scan. Structure is documented below.
rowsLimit - (Optional) Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.
rowsLimitPercent - (Optional) Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.
sampleMethod - (Optional) How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either rowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. Default value is top. Possible values are top and randomStart.
identifyingFields - (Optional) Specifies the BigQuery fields that will be returned with findings. If not specified, no identifying fields will be returned for findings. Structure is documented below.

The tableReference block supports:

projectId - (Required) The Google Cloud Platform project ID of the project containing the table.
datasetId - (Required) The dataset ID of the table.
tableId - (Required) The name of the table.

The identifyingFields block supports:

name - (Required) Name of a BigQuery field to be returned with the findings.

The actions block supports:

saveFindings - (Optional) If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk Structure is documented below.
pubSub - (Optional) Publish a message into a given Pub/Sub topic when the job completes. Structure is documented below.
publishSummaryToCscc - (Optional) Publish the result summary of a DlpJob to the Cloud Security Command Center.
publishFindingsToCloudDataCatalog - (Optional) Publish findings of a DlpJob to Data Catalog.

The saveFindings block supports:

outputConfig - (Required) Information on where to store output Structure is documented below.

The outputConfig block supports:

table - (Required) Information on the location of the target BigQuery Table. Structure is documented below.
outputSchema - (Optional) Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage. Possible values are basicColumns, gcsColumns, datastoreColumns, bigQueryColumns, and allColumns.

The table block supports:

projectId - (Required) The Google Cloud Platform project ID of the project containing the table.
datasetId - (Required) Dataset ID of the table.
tableId - (Optional) Name of the table. If is not set a new one will be generated for you with the following format: dlpGoogleapisYyyyMmDd_[dlpJobId]. Pacific timezone will be used for generating the date details.

The pubSub block supports:

topic - (Required) Cloud Pub/Sub topic to send notifications to.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format {{parent}}/jobTriggers/{{name}}
name - The resource name of the job trigger. Set by the server.
lastRunTime - The timestamp of the last time this trigger executed.

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

JobTrigger can be imported using any of these accepted formats:

$ terraform import google_data_loss_prevention_job_trigger.default {{parent}}/jobTriggers/{{name}}
$ terraform import google_data_loss_prevention_job_trigger.default {{parent}}/{{name}}