Quickstart: Using the command-line tool

This page shows you how to perform basic tasks in the Cloud Data Loss Prevention API using a command-line interface.

Before you begin

Sign in to your Google Account.
If you don't already have one, sign up for a new account.
In the GCP Console, go to the Manage resources page and select or create a project.

Note: If you don't plan to keep the resources you create in this tutorial, create a new project instead of selecting an existing project. After you finish, you can delete the project, removing all resources associated with the project and tutorial.

Go to the Manage resources page
Make sure that billing is enabled for your Google Cloud Platform project.

Learn how to enable billing
Enable the DLP API.
Enable the API

Set up authentication:
1. In the GCP Console, go to the Create service account key page.
  Go to the Create Service Account Key page
2. From the Service account list, select New service account.
3. In the Service account name field, enter a name.
4. From the Role list, select Project > Owner.
  
  Note: The Role field authorizes your service account to access resources. You can view and change this field later by using the GCP Console. If you are developing a production app, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts.
5. Click Create. A JSON file that contains your key downloads to your computer.
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the file path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.
Example: Linux or macOS

Replace [PATH] with the file path of the JSON file that contains your service account key.
```
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
```
For example:
```
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
```
Example: Windows

Replace [PATH] with the file path of the JSON file that contains your service account key, and [FILE_NAME] with the filename.

With PowerShell:
```
$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
```
For example:
```
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\[FILE_NAME].json"
```
With command prompt:
```
set GOOGLE_APPLICATION_CREDENTIALS=[PATH]
```
Download and install Node.js and NPM.

Permissions

Inspecting content requires the serviceusage.services.use permission for the project that's specified in parent. The roles/editor, roles/owner, and roles.dlp.user roles contain the required permission or you can define your own custom role.

To give your user the dlp.admin role at the project level:

Web UI

Open the Cloud Identity and Access Management page in the Google Cloud Platform Console.
Open the IAM page
If a project hasn't already been selected, click Select a project.
Select your project and click Open.
On the Cloud Identity and Access Management page, click Add.
In the Add members dialog:
- For Members type the user email: test@example.com.
- For Roles, click Select a role and choose Cloud DLP > DLP User.
Click Add.

Command-line

To add a single binding to the project's Cloud IAM policy, type the following command. Replace [PROJECT_ID] with your project ID.
```
gcloud projects add-iam-policy-binding [PROJECT_ID] --member group:test@example.com --role roles/dlp.user
```
The command writes the updated policy to the console window:

bindings:
- members:
  - group:test@example.com
    role: roles/dlp.user

Set up Cloud DLP CLI app

Clone or download a ZIP file of the Node.js DLP client library.
Open a command-line tool and navigate to the samples directory.
Install the app dependencies by running npm install while in the samples directory.
If you haven't done so already, create the GCLOUD_PROJECT environment variable and set it to the project ID of the Google Cloud Platform project you set up to use with Cloud DLP.

Inspect a string for sensitive information

This section shows you how to ask the service to scan sample text using the inspect string command.

Open a command-line tool and navigate to the samples folder of the Node.js samples repository.

Run the following command:

node inspect.js string "My email address is joe@example.com."

You should receive the following output:

{
  "results":[
    {
      "findings":[
        {
          "quote":"joe@example.com",
          "infoType":"EMAIL_ADDRESS",
          "likelihood":"VERY_LIKELY",
          "location":{
            "byteRange":{
              "start":"20",
              "end":"35"
            },
            "codepointRange":{
              "start":"20",
              "end":"35"
            }
          }
        }
      ]
    }
  ]
}

Congratulations! You've sent your first request to the Cloud Data Loss Prevention API!

What's next?

Read How-to guides to get started with inspecting text and images, as well as redacting sensitive data from text.
Read Concepts to better understand inspection, redaction, Infotypes and likelihood.
Take a look at the Service API Reference and the Node.js client library API Reference.

หน้านี้มีประโยชน์ไหม โปรดแสดงความคิดเห็น

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

อัปเดตล่าสุดเมื่อ กุมภาพันธ์ 22, 2019