Class Action (3.25.0)

Action(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A task to execute on the completion of a job. See https://cloud.google.com/sensitive-data-protection/docs/concepts-actions to learn more.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Attributes

Name Description
save_findings google.cloud.dlp_v2.types.Action.SaveFindings
Save resulting findings in a provided location. This field is a member of oneof_ action.
pub_sub google.cloud.dlp_v2.types.Action.PublishToPubSub
Publish a notification to a Pub/Sub topic. This field is a member of oneof_ action.
publish_summary_to_cscc google.cloud.dlp_v2.types.Action.PublishSummaryToCscc
Publish summary to Cloud Security Command Center (Alpha). This field is a member of oneof_ action.
publish_findings_to_cloud_data_catalog google.cloud.dlp_v2.types.Action.PublishFindingsToCloudDataCatalog
Publish findings to Cloud Datahub. This field is a member of oneof_ action.
deidentify google.cloud.dlp_v2.types.Action.Deidentify
Create a de-identified copy of the input data. This field is a member of oneof_ action.
job_notification_emails google.cloud.dlp_v2.types.Action.JobNotificationEmails
Sends an email when the job completes. The email goes to IAM project owners and technical `Essential Contacts
publish_to_stackdriver google.cloud.dlp_v2.types.Action.PublishToStackdriver
Enable Stackdriver metric dlp.googleapis.com/finding_count. This field is a member of oneof_ action.

Classes

Deidentify

Deidentify(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Create a de-identified copy of the requested table or files.

A TransformationDetail will be created for each transformation.

If any rows in BigQuery are skipped during de-identification (transformation errors or row size exceeds BigQuery insert API limits) they are placed in the failure output table. If the original row exceeds the BigQuery insert API limit it will be truncated when written to the failure output table. The failure output table can be set in the action.deidentify.output.big_query_output.deidentified_failure_output_table field, if no table is set, a table will be automatically created in the same project and dataset as the original table.

Compatible with: Inspect

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

JobNotificationEmails

JobNotificationEmails(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts <https://cloud.google.com/resource-manager/docs/managing-notification-contacts>__.

PublishFindingsToCloudDataCatalog

PublishFindingsToCloudDataCatalog(
    mapping=None, *, ignore_unknown_fields=False, **kwargs
)

Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag templates are applied to the resource that Cloud DLP scanned. Data Catalog tag templates are stored in the same project and region where the BigQuery table exists. For Cloud DLP to create and apply the tag template, the Cloud DLP service agent must have the roles/datacatalog.tagTemplateOwner permission on the project. The tag template contains fields summarizing the results of the DlpJob. Any field values previously written by another DlpJob are deleted. InfoType naming patterns][google.privacy.dlp.v2.InfoType] are strictly enforced when using this feature.

Findings are persisted in Data Catalog storage and are governed by service-specific policies for Data Catalog. For more information, see Service Specific Terms <https://cloud.google.com/terms/service-terms>__.

Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect

PublishSummaryToCscc

PublishSummaryToCscc(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Publish the result summary of a DlpJob to Security Command Center <https://cloud.google.com/security-command-center>. This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by service-specific policies for Security Command Center <https://cloud.google.com/terms/service-terms>. Only a single instance of this action can be specified. Compatible with: Inspect

PublishToPubSub

PublishToPubSub(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Publish a message into a given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName, which is equal to the finished job's `DlpJob.name https://cloud.google.com/sensitive-data-protection/docs/reference/rest/v2/projects.dlpJobs#DlpJob`__. Compatible with: Inspect, Risk

PublishToStackdriver

PublishToStackdriver(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.

SaveFindings

SaveFindings(mapping=None, *, ignore_unknown_fields=False, **kwargs)

If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk