DLPStoredInfoType
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud DLP |
| Google Cloud Service Documentation | /dlp/docs/ |
| Google Cloud REST Resource Name | projects.storedInfoTypes |
| Google Cloud REST Resource Documentation | /dlp/docs/reference/rest/v2/projects.storedInfoTypes |
| Config Connector Resource Short Names | gcpdlpstoredinfotype gcpdlpstoredinfotypes dlpstoredinfotype |
| Config Connector Service Name | dlp.googleapis.com |
| Config Connector Resource Fully Qualified Name | dlpstoredinfotypes.dlp.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
description: string
dictionary:
cloudStoragePath:
path: string
wordList:
words:
- string
displayName: string
largeCustomDictionary:
bigQueryField:
field:
name: string
table:
datasetRef:
external: string
name: string
namespace: string
projectRef:
external: string
name: string
namespace: string
tableRef:
external: string
name: string
namespace: string
cloudStorageFileSet:
url: string
outputPath:
path: string
location: string
organizationRef:
external: string
name: string
namespace: string
projectRef:
external: string
name: string
namespace: string
regex:
groupIndexes:
- integer
pattern: string
resourceID: string
| Fields | |
|---|---|
|
Optional |
Description of the StoredInfoType (max 256 characters). |
|
Optional |
Store dictionary-based CustomInfoType. |
|
Optional |
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. |
|
Required* |
A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt |
|
Optional |
List of words or phrases to search for. |
|
Required* |
Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required] |
|
Required* |
|
|
Optional |
Display name of the StoredInfoType (max 256 characters). |
|
Optional |
StoredInfoType where findings are defined by a dictionary of phrases. |
|
Optional |
Field in a BigQuery table where each cell represents a dictionary phrase. |
|
Optional |
Designated field in the BigQuery table. |
|
Optional |
Name describing the field. |
|
Optional |
Source table of the field. |
|
Optional |
|
|
Optional |
Dataset ID of the table. Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
Name of the table. Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Set of files containing newline-delimited lists of dictionary phrases. |
|
Required* |
The url, in the format `gs:///`. Trailing wildcard in the path is allowed. |
|
Optional |
Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. |
|
Required* |
A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt |
|
Optional |
Immutable. The location of the resource |
|
Optional |
Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. |
|
Optional |
Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). |
|
Optional |
[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified. |
|
Optional |
Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Store regular expression-based StoredInfoType. |
|
Optional |
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. |
|
Optional |
|
|
Required* |
Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. |
|
Optional |
Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
observedGeneration: integer
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
Sample YAML(s)
Big Query Field Stored Info Type
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpstoredinfotype-sample-bigqueryfieldstoredinfotype
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
largeCustomDictionary:
outputPath:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
path: "gs://${DLP_TEST_BUCKET?}/large-custom-dictionary-2"
bigQueryField:
table:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
datasetRef:
name: "dlpstoredinfotypedepbigqueryfieldstoredinfotype"
tableRef:
name: "dlpstoredinfotypedepbigqueryfieldstoredinfotype"
field:
name: "sample_field"
---
apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryDataset
metadata:
name: dlpstoredinfotypedepbigqueryfieldstoredinfotype
spec:
location: us-west1
---
apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryTable
metadata:
name: dlpstoredinfotypedepbigqueryfieldstoredinfotype
spec:
datasetRef:
name: "dlpstoredinfotypedepbigqueryfieldstoredinfotype"
schema: '[{"name": "sample_field", "type": "STRING"}]'
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
annotations:
cnrm.cloud.google.com/deletion-policy: "abandon"
name: dlpstoredinfotype-dep-bigqueryfieldstoredinfotype
spec:
# Replace ${PROJECT_NUMBER?} with your project number.
member: serviceAccount:service-${PROJECT_NUMBER?}@dlp-api.iam.gserviceaccount.com
role: roles/storage.admin
resourceRef:
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
external: "${DLP_TEST_BUCKET?}"
Cloud Storage File Set Stored Info Type
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpstoredinfotype-sample-cloudstoragefilesetstoredinfotype
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
largeCustomDictionary:
outputPath:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
path: "gs://${DLP_TEST_BUCKET?}/large-custom-dictionary-1"
cloudStorageFileSet:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
url: "gs://${DLP_TEST_BUCKET?}/*"
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
annotations:
cnrm.cloud.google.com/deletion-policy: "abandon"
name: dlpstoredinfotype-dep-cloudstoragefilesetstoredinfotype
spec:
# Replace ${PROJECT_NUMBER?} with your project number.
member: serviceAccount:service-${PROJECT_NUMBER?}@dlp-api.iam.gserviceaccount.com
role: roles/storage.admin
resourceRef:
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
external: "${DLP_TEST_BUCKET?}"
Cloud Storage Path Stored Info Type
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpstoredinfotype-sample-cloudstoragepathstoredinfotype
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
dictionary:
cloudStoragePath:
# Replace "${DLP_TEST_BUCKET?}" with your storage bucket name
path: "gs://${DLP_TEST_BUCKET?}/dictionary-1"
Regex Stored Info Type
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpstoredinfotype-sample-regexstoredinfotype
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
displayName: "sample-type"
description: "A sample regex-based stored info type"
regex:
pattern: "([a-z]*)(.+)"
groupIndexes:
- 0
- 1
Word List Stored Info Type
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: dlp.cnrm.cloud.google.com/v1beta1
kind: DLPStoredInfoType
metadata:
name: dlpstoredinfotype-sample-wordliststoredinfotype
spec:
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
location: "us-west2"
dictionary:
wordList:
words:
- "aye"
- "nay"