DLPInspectTemplate
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud DLP |
| Google Cloud Service Documentation | /dlp/docs/ |
| Google Cloud REST Resource Name | projects.inspectTemplates |
| Google Cloud REST Resource Documentation | /dlp/docs/reference/rest/v2/projects.inspectTemplates |
| Config Connector Resource Short Names | gcpdlpinspecttemplate gcpdlpinspecttemplates dlpinspecttemplate |
| Config Connector Service Name | dlp.googleapis.com |
| Config Connector Resource Fully Qualified Name | dlpinspecttemplates.dlp.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
description: string
displayName: string
inspectConfig:
contentOptions:
- string
customInfoTypes:
- dictionary:
cloudStoragePath:
path: string
wordList:
words:
- string
exclusionType: string
infoType:
name: string
likelihood: string
regex:
groupIndexes:
- integer
pattern: string
storedType:
createTime: string
nameRef:
external: string
name: string
namespace: string
surrogateType: {}
excludeInfoTypes: boolean
includeQuote: boolean
infoTypes:
- name: string
limits:
maxFindingsPerInfoType:
- infoType:
name: string
maxFindings: integer
maxFindingsPerItem: integer
maxFindingsPerRequest: integer
minLikelihood: string
ruleSet:
- infoTypes:
- name: string
rules:
- exclusionRule:
dictionary:
cloudStoragePath:
path: string
wordList:
words:
- string
excludeInfoTypes:
infoTypes:
- name: string
matchingType: string
regex:
groupIndexes:
- integer
pattern: string
hotwordRule:
hotwordRegex:
groupIndexes:
- integer
pattern: string
likelihoodAdjustment:
fixedLikelihood: string
relativeLikelihood: integer
proximity:
windowAfter: integer
windowBefore: integer
location: string
organizationRef:
external: string
name: string
namespace: string
projectRef:
external: string
name: string
namespace: string
resourceID: string
| Fields | |
|---|---|
|
Optional |
Short description (max 256 chars). |
|
Optional |
Display name (max 256 chars). |
|
Optional |
The core content of the template. Configuration of the scanning process. |
|
Optional |
List of options defining data content to scan. If empty, text, images, and other content will be included. |
|
Optional |
|
|
Optional |
CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. |
|
Optional |
|
|
Optional |
A list of phrases to detect as a CustomInfoType. |
|
Optional |
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. |
|
Optional |
A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt |
|
Optional |
List of words or phrases to search for. |
|
Optional |
Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] |
|
Optional |
|
|
Optional |
If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE |
|
Optional |
CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type. |
|
Optional |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
|
Optional |
Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY |
|
Optional |
Regular expression based CustomInfoType. |
|
Optional |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. |
|
Optional |
|
|
Optional |
Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. |
|
Optional |
Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`. |
|
Optional |
Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system. |
|
Optional |
|
|
Optional |
Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Message for detecting output from deidentification transformations that support reversing. |
|
Optional |
When true, excludes type information of the findings. |
|
Optional |
When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. |
|
Optional |
Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time. |
|
Optional |
|
|
Optional |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
|
Optional |
Configuration to control the number of findings returned. |
|
Optional |
Configuration of findings limit given for specified infoTypes. |
|
Optional |
|
|
Optional |
Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit. |
|
Optional |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
|
Optional |
Max findings limit for the given infoType. |
|
Optional |
Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored. |
|
Optional |
Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher. |
|
Optional |
Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY |
|
Optional |
Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. |
|
Optional |
|
|
Optional |
List of infoTypes this rule set is applied to. |
|
Optional |
|
|
Optional |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
|
Optional |
Set of rules to be applied to infoTypes. The rules are applied in order. |
|
Optional |
|
|
Optional |
Exclusion rule. |
|
Optional |
Dictionary which defines the rule. |
|
Optional |
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. |
|
Optional |
A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt |
|
Optional |
List of words or phrases to search for. |
|
Optional |
Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] |
|
Optional |
|
|
Optional |
Set of infoTypes for which findings would affect this rule. |
|
Optional |
InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing "PHONE_NUMBER"` and `exclusion_rule` containing `exclude_info_types.info_types` with "EMAIL_ADDRESS" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to "555-222-2222@example.org" to generate only a single finding, namely email address. |
|
Optional |
|
|
Optional |
Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. |
|
Optional |
How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH |
|
Optional |
Regular expression which defines the rule. |
|
Optional |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. |
|
Optional |
|
|
Optional |
Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. |
|
Optional |
|
|
Optional |
Regular expression pattern defining what qualifies as a hotword. |
|
Optional |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. |
|
Optional |
|
|
Optional |
Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. |
|
Optional |
Likelihood adjustment to apply to all matching findings. |
|
Optional |
Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY |
|
Optional |
Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`. |
|
Optional |
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex "(d{3}) d{3}-d{4}" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex "(xxx)", where "xxx" is the area code in question. |
|
Optional |
Number of characters after the finding to consider. |
|
Optional |
Number of characters before the finding to consider. |
|
Optional |
Immutable. The location of the resource |
|
Optional |
Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. |
|
Optional |
Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). |
|
Optional |
[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. |
|
Optional |
Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createTime: string
locationId: string
observedGeneration: integer
updateTime: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
createTime |
Output only. The creation timestamp of an inspectTemplate. |
locationId |
Output only. The geographic location where this resource is stored. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
updateTime |
Output only. The last update timestamp of an inspectTemplate. |
Sample YAML(s)
Custom Inspect Template
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPInspectTemplate
metadata:
name: dlpinspecttemplate-sample-custominspecttemplate
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
displayName: "sample-template"
description: "A sample dlp inspect template"
inspectConfig:
infoTypes:
- name: "AGE"
minLikelihood: "POSSIBLE"
limits:
maxFindingsPerItem: 7
maxFindingsPerRequest: 7
maxFindingsPerInfoType:
- infoType:
name: "AGE"
maxFindings: 7
includeQuote: false
excludeInfoTypes: false
customInfoTypes:
- infoType:
name: "PHONE_NUMBER"
likelihood: "POSSIBLE"
dictionary:
wordList:
words:
- "911"
- infoType:
name: "AGE"
dictionary:
cloudStoragePath:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
path: "gs://${DLP_TEST_BUCKET?}/dictionary-1"
- infoType:
name: "HOME_ADDRESS"
storedType:
nameRef:
name: "dlpinspecttemplate-dep-custominspecttemplate"
- infoType:
name: "SALARY"
exclusionType: "EXCLUSION_TYPE_EXCLUDE"
regex:
pattern: "(\\$)(\\d*)"
groupIndexes:
- 1
- 2
- infoType:
name: "HEIGHT"
regex:
pattern: "\\d'\\d{2}\""
surrogateType: {}
contentOptions:
- "CONTENT_TEXT"
ruleSet:
- infoTypes:
- name: "AGE"
rules:
- exclusionRule:
matchingType: "MATCHING_TYPE_FULL_MATCH"
dictionary:
wordList:
words:
- "911"
- exclusionRule:
matchingType: "MATCHING_TYPE_FULL_MATCH"
dictionary:
cloudStoragePath:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
path: "gs://${DLP_TEST_BUCKET?}/dictionary-1"
- exclusionRule:
matchingType: "MATCHING_TYPE_FULL_MATCH"
regex:
pattern: "([12])(\\d{1,2})"
groupIndexes:
- 1
- 2
- exclusionRule:
matchingType: "MATCHING_TYPE_FULL_MATCH"
excludeInfoTypes:
infoTypes:
- name: "PHONE_NUMBER"
- infoTypes:
- name: "PHONE_NUMBER"
rules:
- hotwordRule:
hotwordRegex:
pattern: "\\(([0-9]{3})\\) ?[0-9]{3}-[0-9]{4}"
groupIndexes:
- 0
- 1
proximity:
windowBefore: 2
windowAfter: 3
likelihoodAdjustment:
fixedLikelihood: "LIKELY"
- hotwordRule:
hotwordRegex:
pattern: "\\+?[0-9]*"
proximity:
windowBefore: 2
windowAfter: 3
likelihoodAdjustment:
relativeLikelihood: 1
---
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpinspecttemplate-dep-custominspecttemplate
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
displayName: "sample-type"
description: "A sample regex-based stored info type"
regex:
pattern: "([a-z]*)(.+)"
groupIndexes:
- 0
- 1
Inspection Inspect Template
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPInspectTemplate
metadata:
name: dlpinspecttemplate-sample-inspectioninspecttemplate
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "global"
inspectConfig:
infoTypes:
- name: "AGE"
ruleSet:
- infoTypes:
- name: "AGE"
rules:
- hotwordRule:
hotwordRegex:
pattern: "([12])(\\d{1,2})"
groupIndexes:
- 1
- 2
proximity:
windowBefore: 2
windowAfter: 3
likelihoodAdjustment:
fixedLikelihood: "LIKELY"
- hotwordRule:
hotwordRegex:
pattern: ".*"
proximity:
windowBefore: 2
windowAfter: 3
likelihoodAdjustment:
relativeLikelihood: 1