Cloud DLP 客户端库

本页面介绍如何开始使用 Cloud Data Loss Prevention API 的 Cloud 客户端库。如需详细了解 Cloud API 的客户端库(包括旧版 Google API 客户端库),请参阅客户端库说明

Compute Engine、App Engine 柔性环境、Google Kubernetes Engine 和 Cloud Functions 支持本页中提到的 Cloud DLP 客户端库。App Engine 标准环境中的 Java 8 支持 Java 版 Cloud DLP 客户端库。

如果您在 App Engine 标准环境中使用 Java 7 或在 App Engine 标准环境中使用 Go、PHP 或 Python,请使用 REST 接口访问 Cloud DLP。

安装客户端库

C#

如需了解详情,请参阅设置 C# 开发环境

如需构建并运行示例,请使用 Visual Studio 2015 或更高版本打开解决方案文件 (Dlp.sln) 并进行构建。

如需了解详情,请参阅 README

Go

如需了解详情,请参阅设置 Go 开发环境

go get -u github.com/GoogleCloudPlatform/golang-samples/dlp

Java

如需了解详情,请参阅设置 Java 开发环境

如果您使用的是 Maven,请将以下内容添加到您的 pom.xml 文件中:

<dependency>
    <groupId>com.google.cloud</groupId>
    <artifactId>google-cloud-dlp</artifactId>
    <version></version>
</dependency>

如果您使用的是 Gradle,请将以下内容添加到您的依赖项中:

compile group: 'com.google.cloud', name: 'google-cloud-dlp', version: ''

Node.js

如需了解详情,请参阅设置 Node.js 开发环境

npm install --save @google-cloud/dlp

PHP

如需了解详情,请参阅在 Google Cloud 上使用 PHP

composer require google/cloud-dlp

Python

如需了解详情,请参阅设置 Python 开发环境

  1. 安装 pipvirtualenv(如果尚未安装)。如需了解相关说明,建议参阅适用于 Google Cloud 的 Python 开发环境设置指南
  2. 在 GitHub 上克隆或下载 Google Cloud Python 文档示例
  3. 创建 virtualenv。示例与 Python 2.7.x 和 3.4 及更高版本兼容。
    $ virtualenv env
    $ source env/bin/activate
  4. 在克隆或解压缩的 Google Cloud Python 文档示例目录中,从 dlp 目录安装运行示例所需的依赖项。
    $ pip install -r requirements.txt

Ruby

如需了解详情,请参阅设置 Ruby 开发环境

gem install google-api-client

设置身份验证

要运行客户端库,必须先通过创建服务帐号并设置环境变量来设置身份验证。完成以下步骤即可设置身份验证。如需了解其他身份验证方法,请参阅 GCP 身份验证文档

Cloud Console

  1. 在 Cloud Console 中,转到创建服务帐号密钥页面。

    转到“创建服务帐号密钥”页面
  2. 服务帐号列表中,选择新的服务帐号
  3. 服务帐号名称字段中,输入一个名称。
  4. 角色列表中,选择项目 > Owner

    注意角色字段会为您的服务帐号授予资源访问权限。您稍后可以使用 Cloud Console 查看和更改此字段。如果您开发的是正式版应用,请指定比项目 > Owner 更为精细的权限。如需了解详情,请参阅为服务帐号授予角色
  5. 点击创建。包含密钥的 JSON 文件就会下载到计算机。

命令行

您可以使用本地机器上的 Cloud SDK 或在 Cloud Shell 中运行以下命令。

  1. 创建服务帐号。将 [NAME] 替换为服务帐号的名称。

    gcloud iam service-accounts create [NAME]
  2. 向服务帐号授予权限。将 [PROJECT_ID] 替换为您的项目 ID。

    gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/owner"
    注意角色字段会为您的服务帐号授予资源访问权限。您稍后可以使用 Cloud Console 查看和更改此字段。如果您开发的是正式版应用,请指定比项目 > Owner 更为精细的权限。如需了解详情,请参阅向服务帐号授予角色
  3. 生成密钥文件。将 [FILE_NAME] 替换为密钥文件的名称。

    gcloud iam service-accounts keys create [FILE_NAME].json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com

通过设置环境变量 GOOGLE_APPLICATION_CREDENTIALS 向应用代码提供身份验证凭据。 将 [PATH] 替换为包含您的服务帐号密钥的 JSON 文件的路径。此变量仅适用于当前的 Shell 会话,因此,如果您打开新的会话,请重新设置该变量。

Linux 或 macOS

export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

例如:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/my-key.json"

Windows

使用 PowerShell:

$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

例如:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\my-key.json"

使用命令提示符:

set GOOGLE_APPLICATION_CREDENTIALS=[PATH]

使用客户端库

以下示例展示了如何使用客户端库。

Go


// The quickstart program is an example of using the Data Loss Prevention API.
package main

import (
	"context"
	"fmt"
	"log"

	dlp "cloud.google.com/go/dlp/apiv2"
	dlppb "google.golang.org/genproto/googleapis/privacy/dlp/v2"
)

func main() {
	ctx := context.Background()

	projectID := "PROJECT_ID"

	// Creates a DLP client.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		log.Fatalf("error creating DLP client: %v", err)
	}

	// The string to inspect.
	input := "Robert Frost"

	// The minimum likelihood required before returning a match.
	minLikelihood := dlppb.Likelihood_POSSIBLE

	// The maximum number of findings to report (0 = server maximum).
	maxFindings := int32(0)

	// Whether to include the matching string.
	includeQuote := true

	// The infoTypes of information to match.
	infoTypes := []*dlppb.InfoType{
		{
			Name: "PERSON_NAME",
		},
		{
			Name: "US_STATE",
		},
	}

	// Construct item to inspect.
	item := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Value{
			Value: input,
		},
	}

	// Construct request.
	req := &dlppb.InspectContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		InspectConfig: &dlppb.InspectConfig{
			InfoTypes:     infoTypes,
			MinLikelihood: minLikelihood,
			Limits: &dlppb.InspectConfig_FindingLimits{
				MaxFindingsPerRequest: maxFindings,
			},
			IncludeQuote: includeQuote,
		},
		Item: item,
	}

	// Run request.
	resp, err := client.InspectContent(ctx, req)
	if err != nil {
		log.Fatal(err)
	}
	findings := resp.GetResult().GetFindings()
	if len(findings) == 0 {
		fmt.Println("No findings.")
	}
	fmt.Println("Findings:")
	for _, f := range findings {
		if includeQuote {
			fmt.Println("\tQuote: ", f.GetQuote())
		}
		fmt.Println("\tInfo type: ", f.GetInfoType().GetName())
		fmt.Println("\tLikelihood: ", f.GetLikelihood())
	}
}

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.Finding;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectContentRequest;
import com.google.privacy.dlp.v2.InspectContentResponse;
import com.google.privacy.dlp.v2.InspectResult;
import com.google.privacy.dlp.v2.Likelihood;
import com.google.privacy.dlp.v2.LocationName;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class QuickStart {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    quickstart(projectId);
  }

  public static void quickstart(String projectId) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
      // Configure that content that will be inspected
      String text = "His name was Robert Frost";
      ByteContentItem byteContentItem =
          ByteContentItem.newBuilder()
              .setType(ByteContentItem.BytesType.TEXT_UTF8)
              .setData(ByteString.copyFromUtf8(text))
              .build();
      ContentItem contentItem = ContentItem.newBuilder().setByteItem(byteContentItem).build();

      // The types of information to match:
      // See: https://cloud.google.com/dlp/docs/infotypes-reference
      List<InfoType> infoTypes =
          Stream.of("PERSON_NAME", "US_STATE")
              .map(it -> InfoType.newBuilder().setName(it).build())
              .collect(Collectors.toList());

      // The minimum likelihood required before returning a match:
      // See: https://cloud.google.com/dlp/docs/likelihood
      Likelihood minLikelihood = Likelihood.POSSIBLE;

      // The maximum number of findings to report (0 = server maximum)
      InspectConfig.FindingLimits findingLimits =
          InspectConfig.FindingLimits.newBuilder().setMaxFindingsPerItem(0).build();

      // Specify the inspection configuration
      InspectConfig inspectConfig =
          InspectConfig.newBuilder()
              .addAllInfoTypes(infoTypes)
              .setMinLikelihood(minLikelihood)
              .setLimits(findingLimits)
              .setIncludeQuote(true)
              .build();

      // Create the request from previous configs
      InspectContentRequest request =
          InspectContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setInspectConfig(inspectConfig)
              .setItem(contentItem)
              .build();

      // Send the request to the service and receive the results
      InspectContentResponse response = dlpServiceClient.inspectContent(request);

      // Process the results
      System.out.println("Inspect of text complete: ");
      InspectResult result = response.getResult();
      if (result.getFindingsCount() < 0) {
        System.out.println("No findings.");
        return;
      }
      System.out.println("Findings: ");
      for (Finding finding : result.getFindingsList()) {
        System.out.println("\tQuote: " + finding.getQuote());
        System.out.println("\tInfo type: " + finding.getInfoType().getName());
        System.out.println("\tLikelihood: " + finding.getLikelihood());
      }
    }
  }
}

Node.js


// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The string to inspect
const string = 'Robert Frost';

// The project ID to run the API call under
const projectId = process.env.GCLOUD_PROJECT;

// The minimum likelihood required before returning a match
const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';

// The maximum number of findings to report (0 = server maximum)
const maxFindings = 0;

// The infoTypes of information to match
const infoTypes = [{name: 'PERSON_NAME'}, {name: 'US_STATE'}];

// Whether to include the matching string
const includeQuote = true;

// Construct item to inspect
const item = {value: string};

// Construct request
const request = {
  parent: `projects/${projectId}/locations/global`,
  inspectConfig: {
    infoTypes: infoTypes,
    minLikelihood: minLikelihood,
    limits: {
      maxFindingsPerRequest: maxFindings,
    },
    includeQuote: includeQuote,
  },
  item: item,
};

// Run request
const [response] = await dlp.inspectContent(request);
const findings = response.result.findings;
if (findings.length > 0) {
  console.log('Findings:');
  findings.forEach(finding => {
    if (includeQuote) {
      console.log(`\tQuote: ${finding.quote}`);
    }
    console.log(`\tInfo type: ${finding.infoType.name}`);
    console.log(`\tLikelihood: ${finding.likelihood}`);
  });
} else {
  console.log('No findings.');
}

PHP

use Google\Cloud\Dlp\V2\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;

// Instantiate a client.
$dlp = new DlpServiceClient();

// The infoTypes of information to match
$usNameInfoType = (new InfoType())
    ->setName('PERSON_NAME');
$phoneNumberInfoType = (new InfoType())
    ->setName('PHONE_NUMBER');
$infoTypes = [$usNameInfoType, $phoneNumberInfoType];

// Set the string to inspect
$stringToInspect = 'Robert Frost';

// Only return results above a likelihood threshold, 0 for all
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;

// Limit the number of findings, 0 for no limit
$maxFindings = 0;

// Whether to include the matching string in the response
$includeQuote = true;

// Specify finding limits
$limits = (new FindingLimits())
    ->setMaxFindingsPerRequest($maxFindings);

// Create the configuration object
$inspectConfig = (new InspectConfig())
    ->setMinLikelihood($minLikelihood)
    ->setLimits($limits)
    ->setInfoTypes($infoTypes)
    ->setIncludeQuote($includeQuote);

$content = (new ContentItem())
    ->setValue($stringToInspect);

$parent = $dlp->projectName(getEnv('GOOGLE_PROJECT_ID'));

// Run request
$response = $dlp->inspectContent($parent, array(
    'inspectConfig' => $inspectConfig,
    'item' => $content
));

// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
    print('No findings.' . PHP_EOL);
} else {
    print('Findings:' . PHP_EOL);
    foreach ($findings as $finding) {
        if ($includeQuote) {
            print('  Quote: ' . $finding->getQuote() . PHP_EOL);
        }
        print('  Info type: ' . $finding->getInfoType()->getName() . PHP_EOL);
        $likelihoodString = Likelihood::name($finding->getLikelihood());
        print('  Likelihood: ' . $likelihoodString . PHP_EOL);
    }
}

Python

# Import the client library
import google.cloud.dlp

# Instantiate a client.
dlp_client = google.cloud.dlp_v2.DlpServiceClient()

# The string to inspect
content = "Robert Frost"

# Construct the item to inspect.
item = {"value": content}

# The info types to search for in the content. Required.
info_types = [{"name": "FIRST_NAME"}, {"name": "LAST_NAME"}]

# The minimum likelihood to constitute a match. Optional.
min_likelihood = "LIKELIHOOD_UNSPECIFIED"

# The maximum number of findings to report (0 = server maximum). Optional.
max_findings = 0

# Whether to include the matching string in the results. Optional.
include_quote = True

# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
    "info_types": info_types,
    "min_likelihood": min_likelihood,
    "include_quote": include_quote,
    "limits": {"max_findings_per_request": max_findings},
}

# Convert the project id into a full resource id.
parent = dlp_client.project_path(project_id)

# Call the API.
response = dlp_client.inspect_content(parent, inspect_config, item)

# Print out the results.
if response.result.findings:
    for finding in response.result.findings:
        try:
            print("Quote: {}".format(finding.quote))
        except AttributeError:
            pass
        print("Info type: {}".format(finding.info_type.name))
        # Convert likelihood value to string respresentation.
        likelihood = (
            google.cloud.dlp.types.Finding.DESCRIPTOR.fields_by_name[
                "likelihood"
            ]
            .enum_type.values_by_number[finding.likelihood]
            .name
        )
        print("Likelihood: {}".format(likelihood))
else:
    print("No findings.")

其他资源