Action

JSON representation
SaveFindings
- JSON representation
OutputStorageConfig
- JSON representation
OutputSchema
PublishToPubSub
- JSON representation
PublishSummaryToCscc
PublishFindingsToCloudDataCatalog
JobNotificationEmails
PublishToStackdriver

A task to execute on the completion of a job. See https://cloud.google.com/dlp/docs/concepts-actions to learn more.

JSON representation

JSON representation
{ // Union field `action` can be only one of the following: "saveFindings": { object (`SaveFindings`) }, "pubSub": { object (`PublishToPubSub`) }, "publishSummaryToCscc": { object (`PublishSummaryToCscc`) }, "publishFindingsToCloudDataCatalog": { object (`PublishFindingsToCloudDataCatalog`) }, "jobNotificationEmails": { object (`JobNotificationEmails`) }, "publishToStackdriver": { object (`PublishToStackdriver`) } // End of list of possible types for union field `action`. }

{

  // Union field action can be only one of the following:
  "saveFindings": {
    object (SaveFindings)
  },
  "pubSub": {
    object (PublishToPubSub)
  },
  "publishSummaryToCscc": {
    object (PublishSummaryToCscc)
  },
  "publishFindingsToCloudDataCatalog": {
    object (PublishFindingsToCloudDataCatalog)
  },
  "jobNotificationEmails": {
    object (JobNotificationEmails)
  },
  "publishToStackdriver": {
    object (PublishToStackdriver)
  }
  // End of list of possible types for union field action.
}

Fields
Union field `action`. `action` can be only one of the following:
`saveFindings`	`object (SaveFindings)` Save resulting findings in a provided location.
`pubSub`	`object (PublishToPubSub)` Publish a notification to a pubsub topic.
`publishSummaryToCscc`	`object (PublishSummaryToCscc)` Publish summary to Cloud Security Command Center (Alpha).
`publishFindingsToCloudDataCatalog`	`object (PublishFindingsToCloudDataCatalog)` Publish findings to Cloud Datahub.
`jobNotificationEmails`	`object (JobNotificationEmails)` Enable email notification for project owners and editors on job's completion/failure.
`publishToStackdriver`	`object (PublishToStackdriver)` Enable Stackdriver metric dlp.googleapis.com/findingCount.

SaveFindings

If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk

JSON representation
{ "outputConfig": { object (`OutputStorageConfig`) } }

Fields

Fields
`outputConfig`	`object (OutputStorageConfig)` Location to store findings outside of DLP.

outputConfig

object (OutputStorageConfig)

Location to store findings outside of DLP.

OutputStorageConfig

Cloud repository for storing output.

JSON representation
{ "outputSchema": enum (`OutputSchema`), "table": { object (`BigQueryTable`) } }

Fields

Fields
`outputSchema`	`enum (OutputSchema)` Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the `Finding` object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage.
`table`	`object (BigQueryTable)` Store findings in an existing table or a new table in an existing dataset. If tableId is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the `Finding` object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.

outputSchema

enum (OutputSchema)

Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted.

If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage.

table

object (BigQueryTable)

Store findings in an existing table or a new table in an existing dataset. If tableId is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details.

For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the Finding object.

For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.

OutputSchema

Predefined schemas for storing findings. Only for use with external storage.

Enums
`OUTPUT_SCHEMA_UNSPECIFIED`	Unused.
`BASIC_COLUMNS`	Basic schema including only `infoType`, `quote`, `certainty`, and `timestamp`.
`GCS_COLUMNS`	Schema tailored to findings from scanning Google Cloud Storage.
`DATASTORE_COLUMNS`	Schema tailored to findings from scanning Google Datastore.
`BIG_QUERY_COLUMNS`	Schema tailored to findings from scanning Google BigQuery.
`ALL_COLUMNS`	Schema containing all columns.

PublishToPubSub

Publish a message into given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName, which is equal to the finished job's DlpJob.name. Compatible with: Inspect, Risk

JSON representation
{ "topic": string }

Fields

Fields
`topic`	`string` Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.

topic

string

Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.

PublishSummaryToCscc

Publish the result summary of a DlpJob to the Cloud Security Command Center (CSCC Alpha). This action is only available for projects which are parts of an organization and whitelisted for the alpha Cloud Security Command Center. The action will publish count of finding instances and their info types. The summary of findings will be persisted in CSCC and are governed by CSCC service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified. Compatible with: Inspect

PublishFindingsToCloudDataCatalog

Publish findings of a DlpJob to Data Catalog. Labels summarizing the results of the DlpJob will be applied to the entry for the resource scanned in Data Catalog. Any labels previously written by another DlpJob will be deleted. InfoType naming patterns are strictly enforced when using this feature. Note that the findings will be persisted in Data Catalog storage and are governed by Data Catalog service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified and only allowed if all resources being scanned are BigQuery tables. Compatible with: Inspect

JobNotificationEmails

Enable email notification to project owners and editors on jobs's completion/failure.

PublishToStackdriver

Enable Stackdriver metric dlp.googleapis.com/findingCount. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'infoType'.