Cloud DLP 客户端库

本页面介绍如何开始使用 Cloud Data Loss Prevention API 的 Cloud 客户端库。如需详细了解 Cloud API 的客户端库(包括旧版 Google API 客户端库),请参阅客户端库说明

Compute Engine、App Engine 柔性环境、Google Kubernetes Engine 和 Cloud Functions 支持本页中提到的 Cloud DLP 客户端库。App Engine 标准环境中的 Java 8 支持 Java 版 Cloud DLP 客户端库。

如果您在 App Engine 标准环境中使用 Java 7 或在 App Engine 标准环境中使用 Go、PHP 或 Python,请使用 REST 接口访问 Cloud DLP。

安装客户端库

C#

如需了解详情,请参阅设置 C# 开发环境

要构建并运行示例,请使用 Visual Studio 2015 或更高版本打开解决方案文件 (Dlp.sln) 并构建它。

如需了解详情,请参阅 README

Go

如需了解详情,请参阅设置 Go 开发环境

go get cloud.google.com/go/dlp

Java

如需了解详情,请参阅设置 Java 开发环境

如果您使用的是 Maven,请将以下代码添加到您的 pom.xml 文件中。如需详细了解 BOM,请参阅 Google Cloud Platform 库 BOM

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>libraries-bom</artifactId>
      <version>25.4.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

<dependencies>
  <dependency>
    <groupId>com.google.cloud</groupId>
    <artifactId>google-cloud-dlp</artifactId>
  </dependency>
</dependencies>

如果您使用的是 Gradle,请将以下代码添加到您的依赖项中:

implementation platform('com.google.cloud:libraries-bom:25.4.0')

implementation 'com.google.cloud:google-cloud-dlp'

如果您使用的是 sbt,请将以下代码添加到您的依赖项中:

libraryDependencies += "com.google.cloud" % "google-cloud-dlp" % "3.4.0"

如果您使用的是 Visual Studio Code、IntelliJ 或 Eclipse,可以通过以下 IDE 插件将客户端库添加到您的项目中:

上述插件还提供其他功能,例如服务帐号密钥管理。如需了解详情,请参阅各个插件相应的文档。

Node.js

如需了解详情,请参阅设置 Node.js 开发环境

npm install --save @google-cloud/dlp

PHP

如需了解详情,请参阅在 Google Cloud 上使用 PHP

composer require google/cloud-dlp

Python

如需了解详情,请参阅设置 Python 开发环境

  1. 安装 pipvirtualenv(如果尚未安装)。如需了解相关说明,建议参阅适用于 Google Cloud 的 Python 开发环境设置指南
  2. 在 GitHub 上克隆或下载 Google Cloud Python 文档示例
  3. 创建 virtualenv。示例与 Python 2.7.x 和 3.4 及更高版本兼容。 
    $ python -m venv dlp
$ source dlp/bin/activate
  4. 在克隆或解压缩的 Google Cloud Python 文档示例目录中,从 dlp 目录安装运行示例所需的依赖项。
    $ pip install -r requirements.txt

Ruby

如需了解详情,请参阅设置 Ruby 开发环境

gem install google-api-client

设置身份验证

要运行客户端库,您必须先设置身份验证。完成此操作的一种方法是创建服务帐号并设置环境变量,如以下步骤所示。如需了解其他身份验证的方法,请参阅以服务帐号身份进行身份验证

控制台

创建服务帐号:

  1. 在 Cloud Console 中,转到创建服务帐号页面。

    转到“创建服务帐号”
  2. 选择您的项目。

  3. 服务帐号名称字段中,输入一个名称。Cloud Console 会根据此名称填充服务帐号 ID 字段。

    服务帐号说明字段中,输入说明。例如,Service account for quickstart

  4. 点击创建并继续

  5. 如需提供对项目的访问权限,请向服务帐号授予以下角色:Project > Owner

    选择角色列表中,选择一个角色。

    如需添加其他角色,请点击 添加其他角色,然后添加其他各个角色。

  6. 点击继续

  7. 点击完成以完成服务帐号的创建过程。

    不要关闭浏览器窗口。您将在下一步骤中用到它。

创建服务帐号密钥:

  1. 在 Cloud Console 中,点击您创建的服务帐号的电子邮件地址。
  2. 点击密钥
  3. 点击添加密钥,然后点击创建新密钥
  4. 点击创建。JSON 密钥文件将下载到您的计算机上。
  5. 点击关闭

gcloud

设置身份验证:

  1. 创建服务帐号: 

    gcloud iam service-accounts create NAME

    NAME 替换为服务帐号的名称。

  2. 向服务帐号授予角色。对以下每个 IAM 角色运行以下命令一次:roles/owner

    gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com" --role=ROLE

    替换以下内容:

    • SERVICE_ACCOUNT_NAME:服务帐号的名称
    • PROJECT_ID:您在其中创建服务帐号的项目的 ID
    • ROLE:要授予的角色

  3. 生成密钥文件: 

    gcloud iam service-accounts keys create FILE_NAME.json --iam-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com

    替换以下内容:

    • FILE_NAME:密钥文件的名称
    • SERVICE_ACCOUNT_NAME:服务帐号的名称
    • PROJECT_ID:您在其中创建服务帐号的项目的 ID

通过设置环境变量 GOOGLE_APPLICATION_CREDENTIALS 向应用代码提供身份验证凭据。此变量仅适用于当前的 Shell 会话。如果您希望变量应用于未来的 Shell 会话,请在 shell 启动文件中设置变量,例如在 ~/.bashrc~/.profile 文件中。

Linux 或 macOS

export GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"

KEY_PATH 替换为包含您的服务帐号密钥的 JSON 文件的路径。

例如:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"

Windows

对于 PowerShell:

$env:GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"

KEY_PATH 替换为包含您的服务帐号密钥的 JSON 文件的路径。

例如:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"

对于命令提示符:

set GOOGLE_APPLICATION_CREDENTIALS=KEY_PATH

KEY_PATH 替换为包含您的服务帐号密钥的 JSON 文件的路径。

使用客户端库

以下示例展示了如何使用客户端库。

Go

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库。如需了解详情,请参阅 Cloud DLP Go API 参考文档


// The quickstart program is an example of using the Data Loss Prevention API.
package main

import (
	"context"
	"fmt"
	"log"

	dlp "cloud.google.com/go/dlp/apiv2"
	dlppb "google.golang.org/genproto/googleapis/privacy/dlp/v2"
)

func main() {
	ctx := context.Background()

	projectID := "PROJECT_ID"

	// Creates a DLP client.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		log.Fatalf("error creating DLP client: %v", err)
	}
	defer client.Close()

	// The string to inspect.
	input := "Robert Frost"

	// The minimum likelihood required before returning a match.
	minLikelihood := dlppb.Likelihood_POSSIBLE

	// The maximum number of findings to report (0 = server maximum).
	maxFindings := int32(0)

	// Whether to include the matching string.
	includeQuote := true

	// The infoTypes of information to match.
	infoTypes := []*dlppb.InfoType{
		{
			Name: "PERSON_NAME",
		},
		{
			Name: "US_STATE",
		},
	}

	// Construct item to inspect.
	item := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Value{
			Value: input,
		},
	}

	// Construct request.
	req := &dlppb.InspectContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		InspectConfig: &dlppb.InspectConfig{
			InfoTypes:     infoTypes,
			MinLikelihood: minLikelihood,
			Limits: &dlppb.InspectConfig_FindingLimits{
				MaxFindingsPerRequest: maxFindings,
			},
			IncludeQuote: includeQuote,
		},
		Item: item,
	}

	// Run request.
	resp, err := client.InspectContent(ctx, req)
	if err != nil {
		log.Fatal(err)
	}
	findings := resp.GetResult().GetFindings()
	if len(findings) == 0 {
		fmt.Println("No findings.")
	}
	fmt.Println("Findings:")
	for _, f := range findings {
		if includeQuote {
			fmt.Println("\tQuote: ", f.GetQuote())
		}
		fmt.Println("\tInfo type: ", f.GetInfoType().GetName())
		fmt.Println("\tLikelihood: ", f.GetLikelihood())
	}
}

Java

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库。如需了解详情,请参阅 Cloud DLP Java API 参考文档


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectResult;
import com.google.privacy.dlp.v2.Likelihood;
import com.google.privacy.dlp.v2.LocationName;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class QuickStart {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    quickstart(projectId);
  }

  public static void quickstart(String projectId) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
      // Configure that content that will be inspected
      String text = "His name was Robert Frost";
      ByteContentItem byteContentItem =
          ByteContentItem.newBuilder()
              .setType(ByteContentItem.BytesType.TEXT_UTF8)
              .setData(ByteString.copyFromUtf8(text))
              .build();
      ContentItem contentItem = ContentItem.newBuilder().setByteItem(byteContentItem).build();

      // The types of information to match:
      // See: https://cloud.google.com/dlp/docs/infotypes-reference
      List<InfoType> infoTypes =
          Stream.of("PERSON_NAME", "US_STATE")
              .map(it -> InfoType.newBuilder().setName(it).build())
              .collect(Collectors.toList());

      // The minimum likelihood required before returning a match:
      // See: https://cloud.google.com/dlp/docs/likelihood
      Likelihood minLikelihood = Likelihood.POSSIBLE;

      // The maximum number of findings to report (0 = server maximum)
      InspectConfig.FindingLimits findingLimits =
          InspectConfig.FindingLimits.newBuilder().setMaxFindingsPerItem(0).build();

      // Specify the inspection configuration
      InspectConfig inspectConfig =
          InspectConfig.newBuilder()
              .addAllInfoTypes(infoTypes)
              .setMinLikelihood(minLikelihood)
              .setLimits(findingLimits)
              .setIncludeQuote(true)
              .build();

      // Create the request from previous configs
      InspectContentRequest request =
          InspectContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setInspectConfig(inspectConfig)
              .setItem(contentItem)
              .build();

      // Send the request to the service and receive the results
      InspectContentResponse response = dlpServiceClient.inspectContent(request);

      // Process the results
      System.out.println("Inspect of text complete: ");
      InspectResult result = response.getResult();
      if (result.getFindingsCount() < 0) {
        System.out.println("No findings.");
        return;
      }
      System.out.println("Findings: ");
      for (Finding finding : result.getFindingsList()) {
        System.out.println("\tQuote: " + finding.getQuote());
        System.out.println("\tInfo type: " + finding.getInfoType().getName());
        System.out.println("\tLikelihood: " + finding.getLikelihood());
      }
    }
  }
}

Node.js

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库。如需了解详情,请参阅 Cloud DLP Node.js API 参考文档


// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The string to inspect
const string = 'Robert Frost';

// The project ID to run the API call under
// const projectId = 'my-project';

async function quickStart() {
  // The minimum likelihood required before returning a match
  const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';

  // The maximum number of findings to report (0 = server maximum)
  const maxFindings = 0;

  // The infoTypes of information to match
  const infoTypes = [{name: 'PERSON_NAME'}, {name: 'US_STATE'}];

  // Whether to include the matching string
  const includeQuote = true;

  // Construct item to inspect
  const item = {value: string};

  // Construct request
  const request = {
    parent: `projects/${projectId}/locations/global`,
    inspectConfig: {
      infoTypes: infoTypes,
      minLikelihood: minLikelihood,
      limits: {
        maxFindingsPerRequest: maxFindings,
      },
      includeQuote: includeQuote,
    },
    item: item,
  };

  // Run request
  const [response] = await dlp.inspectContent(request);
  const findings = response.result.findings;
  if (findings.length > 0) {
    console.log('Findings:');
    findings.forEach(finding => {
      if (includeQuote) {
        console.log(`\tQuote: ${finding.quote}`);
      }
      console.log(`\tInfo type: ${finding.infoType.name}`);
      console.log(`\tLikelihood: ${finding.likelihood}`);
    });
  } else {
    console.log('No findings.');
  }
}
quickStart();

PHP

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库。如需了解详情,请参阅 Cloud DLP PHP API 参考文档

use Google\Cloud\Dlp\V2\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;

// Instantiate a client.
$dlp = new DlpServiceClient();

// The infoTypes of information to match
$usNameInfoType = (new InfoType())
    ->setName('PERSON_NAME');
$phoneNumberInfoType = (new InfoType())
    ->setName('PHONE_NUMBER');
$infoTypes = [$usNameInfoType, $phoneNumberInfoType];

// Set the string to inspect
$stringToInspect = 'Robert Frost';

// Only return results above a likelihood threshold, 0 for all
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;

// Limit the number of findings, 0 for no limit
$maxFindings = 0;

// Whether to include the matching string in the response
$includeQuote = true;

// Specify finding limits
$limits = (new FindingLimits())
    ->setMaxFindingsPerRequest($maxFindings);

// Create the configuration object
$inspectConfig = (new InspectConfig())
    ->setMinLikelihood($minLikelihood)
    ->setLimits($limits)
    ->setInfoTypes($infoTypes)
    ->setIncludeQuote($includeQuote);

$content = (new ContentItem())
    ->setValue($stringToInspect);

$projectId = getenv('GCLOUD_PROJECT');
$parent = $dlp->projectName($projectId);

// Run request
$response = $dlp->inspectContent([
    'parent' => $parent,
    'inspectConfig' => $inspectConfig,
    'item' => $content
]);

// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
    print('No findings.' . PHP_EOL);
} else {
    print('Findings:' . PHP_EOL);
    foreach ($findings as $finding) {
        if ($includeQuote) {
            print('  Quote: ' . $finding->getQuote() . PHP_EOL);
        }
        print('  Info type: ' . $finding->getInfoType()->getName() . PHP_EOL);
        $likelihoodString = Likelihood::name($finding->getLikelihood());
        print('  Likelihood: ' . $likelihoodString . PHP_EOL);
    }
}

Python

如需了解如何安装和使用 Cloud DLP 客户端库,请参阅 Cloud DLP 客户端库。如需了解详情,请参阅 Cloud DLP Python API 参考文档

# Import the client library
import google.cloud.dlp

# Instantiate a client.
dlp_client = google.cloud.dlp_v2.DlpServiceClient()

# The string to inspect
content = "Robert Frost"

# Construct the item to inspect.
item = {"value": content}

# The info types to search for in the content. Required.
info_types = [{"name": "FIRST_NAME"}, {"name": "LAST_NAME"}]

# The minimum likelihood to constitute a match. Optional.
min_likelihood = google.cloud.dlp_v2.Likelihood.LIKELIHOOD_UNSPECIFIED

# The maximum number of findings to report (0 = server maximum). Optional.
max_findings = 0

# Whether to include the matching string in the results. Optional.
include_quote = True

# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
    "info_types": info_types,
    "min_likelihood": min_likelihood,
    "include_quote": include_quote,
    "limits": {"max_findings_per_request": max_findings},
}

# Convert the project id into a full resource id.
parent = f"projects/{project_id}"

# Call the API.
response = dlp_client.inspect_content(
    request={"parent": parent, "inspect_config": inspect_config, "item": item}
)

# Print out the results.
if response.result.findings:
    for finding in response.result.findings:
        try:
            print("Quote: {}".format(finding.quote))
        except AttributeError:
            pass
        print("Info type: {}".format(finding.info_type.name))
        # Convert likelihood value to string respresentation.
        likelihood = finding.likelihood.name
        print("Likelihood: {}".format(likelihood))
else:
    print("No findings.")

其他资源